From 8bfc73e9de6e810bc54a2b56c712d0c094e228b1 Mon Sep 17 00:00:00 2001 From: Ben Manes Date: Sat, 5 Oct 2024 22:32:42 -0700 Subject: [PATCH] dependency updates --- .github/workflows/build.yml | 2 +- .github/workflows/codacy.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/dependency-check.yml | 2 +- .github/workflows/devskim.yml | 2 +- .github/workflows/qodana.yml | 2 +- .github/workflows/scorecards-analysis.yml | 2 +- .github/workflows/semgrep.yml | 2 +- .github/workflows/snyk.yml | 2 +- .github/workflows/trivy.yml | 2 +- .../gradle/libs.versions.toml | 2 +- examples/graal-native/gradle/gradle-daemon-jvm.properties | 3 +++ examples/graal-native/gradle/libs.versions.toml | 2 +- examples/hibernate/gradle/libs.versions.toml | 2 +- examples/indexable/gradle/libs.versions.toml | 2 +- examples/resilience-failsafe/gradle/libs.versions.toml | 2 +- examples/write-behind-rxjava/gradle/libs.versions.toml | 2 +- gradle/libs.versions.toml | 8 ++++---- 18 files changed, 25 insertions(+), 22 deletions(-) create mode 100644 examples/graal-native/gradle/gradle-daemon-jvm.properties diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7d063ee801..5371533fae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -250,7 +250,7 @@ jobs: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} continue-on-error: true - name: Publish to Codecov - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Publish to Codacy diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index e88c2c1569..f1cbbc6e2b 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -47,7 +47,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e968d52650..5f8d6ef1e2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -57,10 +57,10 @@ jobs: java: ${{ env.JAVA_VERSION }} cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Initialize CodeQL - uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: languages: java - name: Autobuild - uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index b9028c7be4..5777194e7c 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -61,7 +61,7 @@ jobs: with: files: build/reports/dependency-check-report.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 46b6bd2619..d60a0a7c46 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -31,6 +31,6 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml index 10183b8f3f..14373c9bb0 100644 --- a/.github/workflows/qodana.yml +++ b/.github/workflows/qodana.yml @@ -70,6 +70,6 @@ jobs: upload-result: true github-token: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 7dd2d0b2cf..90d4c37979 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -58,6 +58,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 5047f14aea..d7434cab7a 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -34,7 +34,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 8656692aa5..c0591a0478 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,7 +42,7 @@ jobs: with: files: snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: snyk.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 0556d3c1ad..798c973f4f 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -29,6 +29,6 @@ jobs: format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: trivy-results.sarif diff --git a/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml b/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml index 809277ef2a..8b0f2778e7 100644 --- a/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml +++ b/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml @@ -1,6 +1,6 @@ [versions] caffeine = "3.1.8" -junit = "5.11.1" +junit = "5.11.2" reactor = "3.6.10" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/graal-native/gradle/gradle-daemon-jvm.properties b/examples/graal-native/gradle/gradle-daemon-jvm.properties new file mode 100644 index 0000000000..1e42cb69b3 --- /dev/null +++ b/examples/graal-native/gradle/gradle-daemon-jvm.properties @@ -0,0 +1,3 @@ +#This file is generated by updateDaemonJvm +toolchainVendor=GRAAL_VM +toolchainVersion=21 diff --git a/examples/graal-native/gradle/libs.versions.toml b/examples/graal-native/gradle/libs.versions.toml index 4a6e3a6ffa..20e5a29a99 100644 --- a/examples/graal-native/gradle/libs.versions.toml +++ b/examples/graal-native/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" graal = "0.10.3" -junit = "5.11.1" +junit = "5.11.2" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/hibernate/gradle/libs.versions.toml b/examples/hibernate/gradle/libs.versions.toml index 422731d2e7..211320f56e 100644 --- a/examples/hibernate/gradle/libs.versions.toml +++ b/examples/hibernate/gradle/libs.versions.toml @@ -2,7 +2,7 @@ caffeine = "3.1.8" h2 = "2.3.232" hibernate = "7.0.0.Beta1" -junit = "5.11.1" +junit = "5.11.2" log4j2 = "3.0.0-beta2" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/indexable/gradle/libs.versions.toml b/examples/indexable/gradle/libs.versions.toml index 62f948c22b..8aa75b3ece 100644 --- a/examples/indexable/gradle/libs.versions.toml +++ b/examples/indexable/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" guava = "33.3.1-jre" -junit-jupiter = "5.11.1" +junit-jupiter = "5.11.2" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/resilience-failsafe/gradle/libs.versions.toml b/examples/resilience-failsafe/gradle/libs.versions.toml index 8f9ae030fa..505733fd59 100644 --- a/examples/resilience-failsafe/gradle/libs.versions.toml +++ b/examples/resilience-failsafe/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] caffeine = "3.1.8" failsafe = "3.3.2" -junit = "5.11.1" +junit = "5.11.2" truth = "1.4.4" versions = "0.51.0" diff --git a/examples/write-behind-rxjava/gradle/libs.versions.toml b/examples/write-behind-rxjava/gradle/libs.versions.toml index ebb51c9f38..a3ae624dc6 100644 --- a/examples/write-behind-rxjava/gradle/libs.versions.toml +++ b/examples/write-behind-rxjava/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] awaitility = "4.2.2" caffeine = "3.1.8" -junit = "5.11.1" +junit = "5.11.2" rxjava = "3.1.9" versions = "0.51.0" diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 2331da8f87..14bdd1291d 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -7,7 +7,7 @@ bnd = "7.0.0" bouncycastle-jdk18on = "1.78.1" cache2k = "2.6.1.Final" caffeine = "3.1.8" -checker-framework = "3.47.0" +checker-framework = "3.48.0" checkstyle = "10.18.2" coherence = "22.06.2" commons-collections4 = "4.4" @@ -33,7 +33,7 @@ felix-scr = "2.2.12" findsecbugs = "1.13.0" flip-tables = "1.1.1" forbidden-apis = "3.7" -google-java-format = "1.23.0" +google-java-format = "1.24.0" guava = "33.3.1-jre" guice = "6.0.0" h2 = "2.3.232" @@ -62,7 +62,7 @@ json-bind = "1.0" jsoup = "1.18.1" junit-testng = "1.0.5" junit4 = "4.13.2" -junit5 = "5.11.1" +junit5 = "5.11.2" jvm-dependency-conflict-resolution = "2.1.2" kotlin = "2.0.20" lincheck = "2.34" @@ -86,7 +86,7 @@ snakeyaml = "2.3" sonarqube = "5.1.0.4882" spotbugs = "4.8.6" spotbugs-contrib = "7.6.5" -spotbugs-plugin = "6.0.23" +spotbugs-plugin = "6.0.24" stream = "2.9.8" tcache = "2.0.1" testng = "7.10.2"