Combined dependencies PR #9005
Merged
Combined dependencies PR #9005
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [redis.clients:jedis](https://github.com/redis/jedis) from 5.1.0 to 5.1.3. - [Release notes](https://github.com/redis/jedis/releases) - [Commits](redis/jedis@v5.1.0...v5.1.3) --- updated-dependencies: - dependency-name: redis.clients:jedis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.1 to 42.7.3. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.1...REL42.7.3) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [io.lettuce:lettuce-core](https://github.com/lettuce-io/lettuce-core) from 6.3.1.RELEASE to 6.3.2.RELEASE. - [Release notes](https://github.com/lettuce-io/lettuce-core/releases) - [Changelog](https://github.com/redis/lettuce/blob/6.3.2.RELEASE/RELEASE-NOTES.md) - [Commits](redis/lettuce@6.3.1.RELEASE...6.3.2.RELEASE) --- updated-dependencies: - dependency-name: io.lettuce:lettuce-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [io.fabric8:kubernetes-client](https://github.com/fabric8io/kubernetes-client) from 6.12.1 to 6.13.0. - [Release notes](https://github.com/fabric8io/kubernetes-client/releases) - [Changelog](https://github.com/fabric8io/kubernetes-client/blob/main/CHANGELOG.md) - [Commits](fabric8io/kubernetes-client@v6.12.1...v6.13.0) --- updated-dependencies: - dependency-name: io.fabric8:kubernetes-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps org.apache.activemq:artemis-jakarta-client from 2.33.0 to 2.35.0. --- updated-dependencies: - dependency-name: org.apache.activemq:artemis-jakarta-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.3. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.3) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.neo4j.driver:neo4j-java-driver](https://github.com/neo4j/neo4j-java-driver) from 4.4.13 to 4.4.18. - [Release notes](https://github.com/neo4j/neo4j-java-driver/releases) - [Commits](neo4j/neo4j-java-driver@4.4.13...4.4.18) --- updated-dependencies: - dependency-name: org.neo4j.driver:neo4j-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.30 to 1.18.34. - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.30...v1.18.34) --- updated-dependencies: - dependency-name: org.projectlombok:lombok dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps org.apache.kafka:kafka-clients from 3.6.1 to 3.7.1. --- updated-dependencies: - dependency-name: org.apache.kafka:kafka-clients dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.junit.platform:junit-platform-launcher](https://github.com/junit-team/junit5) from 1.10.2 to 1.10.3. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/commits) --- updated-dependencies: - dependency-name: org.junit.platform:junit-platform-launcher dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.3. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.3) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.amazonaws:aws-java-sdk-dynamodb](https://github.com/aws/aws-sdk-java) from 1.12.763 to 1.12.765. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.12.763...1.12.765) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-dynamodb dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.0. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.0) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps io.trino:trino-jdbc from 452 to 453. --- updated-dependencies: - dependency-name: io.trino:trino-jdbc dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.0-jre to 33.2.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…te/com.amazonaws-aws-java-sdk-dynamodb-1.12.765' into combined-pr-branch
…tack/org.assertj-assertj-core-3.26.3' into combined-pr-branch
…/org.assertj-assertj-core-3.26.3' into combined-pr-branch
…org.junit.platform-junit-platform-launcher-1.10.3' into combined-pr-branch
…mq/org.apache.activemq-artemis-jakarta-client-2.35.0' into combined-pr-branch
…pache.kafka-kafka-clients-3.7.1' into combined-pr-branch
…rojectlombok-lombok-1.18.34' into combined-pr-branch
…eo4j.driver-neo4j-java-driver-4.4.18' into combined-pr-branch
….fabric8-kubernetes-client-6.13.0' into combined-pr-branch
…e.guava-guava-33.2.1-jre' into combined-pr-branch
…ttuce-lettuce-core-6.3.2.RELEASE' into combined-pr-branch
…ostgresql-postgresql-42.7.3' into combined-pr-branch
….clients-jedis-5.1.3' into combined-pr-branch
…tack/org.assertj-assertj-core-3.26.0' into combined-pr-branch
github-actions
bot
added
modules/spock
|
@eddumelendez I was wondering if we can include Apache Commons Compress upgrade to 1.26.2 instead of 1.24.0. There are a couple of CVEs relate to 1.24.0: https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.24.0. I was about to open a PR, but it seems that you already have a process in place, hence my comment. |
|
@artur-ciocanu check this comment about why not upgrading for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Combining multiple dependencies PRs into one.
Instructions for merging
Allow merge commitsin the repository settings.Create a merge commit.Combined PRs