diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml index 201428fd02..5171b2e5d1 100644 --- a/.github/actions/run-gradle/action.yml +++ b/.github/actions/run-gradle/action.yml @@ -65,7 +65,7 @@ runs: echo "JDK_CI=$JAVA_HOME" >> $GITHUB_ENV echo "JDK_EA=${{ inputs.early-access == inputs.java }}" >> $GITHUB_ENV - name: Setup Gradle - uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0 + uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 env: ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false' with: diff --git a/.github/scripts/dependencyUpdates.sh b/.github/scripts/dependencyUpdates.sh index 952570d889..b896c16cf5 100755 --- a/.github/scripts/dependencyUpdates.sh +++ b/.github/scripts/dependencyUpdates.sh @@ -13,7 +13,8 @@ find . -type f -name "settings.gradle.kts" | while read -r gradle_file; do echo -e "${BOLD}Evaluating...${RESET}" gradle=$( [[ -f "$project_dir/gradlew" ]] && echo "./$project_dir/gradlew" || echo "./gradlew" ) - output=$($gradle --project-dir "$project_dir" dependencyUpdates --refresh-dependencies -q "$@" | \ + output=$(JAVA_VERSION=21 \ + $gradle --project-dir "$project_dir" dependencyUpdates --refresh-dependencies -q "$@" | \ sed -e '/^------------------------------------------------------------/,/^$/d' \ -e '/The following dependencies are using the latest milestone version:/,/^$/d' \ -e '/Gradle release-candidate updates:/d' \ diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index f26669af9f..da69032b74 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 20015575f2..4ca2fc52fe 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -26,7 +26,7 @@ jobs: JAVA_VERSION: 22 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -45,7 +45,7 @@ jobs: JAVA_VERSION: 23 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -64,7 +64,7 @@ jobs: JAVA_VERSION: 23 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 4a90c33772..21b11a231d 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -16,7 +16,7 @@ jobs: JAVA_VERSION: ${{ matrix.java }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 879ef3b3c3..9ced9f0962 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: JAVA_VERSION: ${{ matrix.java }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -164,7 +164,7 @@ jobs: JAVA_VERSION: ${{ matrix.java }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -207,7 +207,7 @@ jobs: if: (github.event_name == 'push') && (github.event.repository.fork == false) steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -250,7 +250,7 @@ jobs: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} continue-on-error: true - name: Publish to Codecov - uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Publish to Codacy @@ -285,7 +285,7 @@ jobs: checks: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -337,7 +337,7 @@ jobs: && endsWith(github.ref, github.event.repository.default_branch) steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 3154be6bda..2dbb1f1eac 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -13,7 +13,7 @@ jobs: if: github.event.repository.fork == false steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -47,7 +47,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a848d4e9ef..914face297 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -57,10 +57,10 @@ jobs: java: ${{ env.JAVA_VERSION }} cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: languages: java - name: Autobuild - uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index c2fbfe97e6..6c1d662476 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -22,7 +22,7 @@ jobs: && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -61,7 +61,7 @@ jobs: with: files: build/reports/dependency-check-report.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 8e46de5740..d0bb5aa57a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,7 +10,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -21,7 +21,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Dependency Review - uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 with: license-check: false comment-summary-in-pr: on-failure diff --git a/.github/workflows/dependency-submission-pr-retreive.yml b/.github/workflows/dependency-submission-pr-retreive.yml index 59601749f0..59d087f35f 100644 --- a/.github/workflows/dependency-submission-pr-retreive.yml +++ b/.github/workflows/dependency-submission-pr-retreive.yml @@ -16,7 +16,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -35,6 +35,6 @@ jobs: repo1.maven.org:443 services.gradle.org:443 - name: Retrieve and submit dependency graph - uses: gradle/actions/dependency-submission@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0 + uses: gradle/actions/dependency-submission@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 with: dependency-graph: download-and-submit diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml index 164966368e..953586d30d 100644 --- a/.github/workflows/dependency-submission-pr-submit.yml +++ b/.github/workflows/dependency-submission-pr-submit.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -38,7 +38,7 @@ jobs: java-version: ${{ env.JAVA_VERSION }} distribution: temurin - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0 + uses: gradle/actions/dependency-submission@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} dependency-graph: generate-and-upload diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index a83ec2c614..873f076c7c 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -13,7 +13,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -38,6 +38,6 @@ jobs: java-version: ${{ env.JAVA_VERSION }} distribution: temurin - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0 + uses: gradle/actions/dependency-submission@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 8521d3e4a1..faee039b89 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -19,7 +19,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -31,6 +31,6 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index 48dce69529..5653921381 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 2ee5c9e825..31157514ea 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 34e2e491dd..5e1be83577 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -18,4 +18,4 @@ jobs: github.com:443 services.gradle.org:443 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: gradle/actions/wrapper-validation@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0 + - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml index 531eacc9da..98c99edc05 100644 --- a/.github/workflows/qodana.yml +++ b/.github/workflows/qodana.yml @@ -19,7 +19,7 @@ jobs: && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -70,6 +70,6 @@ jobs: upload-result: true github-token: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d280ae22bc..9b2fa44d7d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: if: github.event.repository.fork == false steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index da8acb52af..2b8de11d83 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -20,7 +20,7 @@ jobs: if: github.event.repository.fork == false steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -58,6 +58,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 30a690bb3f..d1076abf46 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -34,7 +34,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index a5d7c4b010..61d0404baa 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,7 +42,7 @@ jobs: with: files: snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: snyk.sarif diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index a5b663527b..d2a3beff1d 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 5b807100bc..39e5a4c2e1 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -12,7 +12,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -24,7 +24,7 @@ jobs: pkg-containers.githubusercontent.com:443 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 continue-on-error: true with: scan-type: fs @@ -36,7 +36,7 @@ jobs: with: files: results.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: results.sarif diff --git a/caffeine/src/javaPoet/java/com/github/benmanes/caffeine/cache/node/AddConstructors.java b/caffeine/src/javaPoet/java/com/github/benmanes/caffeine/cache/node/AddConstructors.java index ae5eef9f06..f5863a5e3f 100644 --- a/caffeine/src/javaPoet/java/com/github/benmanes/caffeine/cache/node/AddConstructors.java +++ b/caffeine/src/javaPoet/java/com/github/benmanes/caffeine/cache/node/AddConstructors.java @@ -39,6 +39,7 @@ public void execute(NodeContext context) { addConstructorByKey(context); addConstructorByKeyRef(context); if (context.isBaseClass()) { + context.suppressedWarnings.add("unchecked"); context.suppressedWarnings.add("PMD.UnusedFormalParameter"); } } diff --git a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties +++ b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties +++ b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties +++ b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/indexable/gradle/wrapper/gradle-wrapper.properties b/examples/indexable/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/indexable/gradle/wrapper/gradle-wrapper.properties +++ b/examples/indexable/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties +++ b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties +++ b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 4184e3a7c0..b1180b843c 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -9,10 +9,10 @@ cache2k = "2.6.1.Final" caffeine = "3.1.8" checker-framework = "3.48.2" checkstyle = "10.20.1" -coherence = "22.06.2" +coherence = "24.09" commons-collections4 = "4.4" commons-compress = "1.27.1" -commons-io = "2.17.0" +commons-io = "2.18.0" commons-lang3 = "3.17.0" commons-math3 = "3.6.1" commons-text = "1.12.0" @@ -22,7 +22,7 @@ coveralls = "2.12.2" dependency-check = "11.1.0" eclipse-collections = "12.0.0.M3" ehcache3 = "3.10.8" -errorprone = "2.35.1" +errorprone = "2.36.0" errorprone-plugin = "4.1.0" errorprone-support = "0.19.1" expiring-map = "0.5.11" @@ -33,12 +33,12 @@ felix-scr = "2.2.12" findsecbugs = "1.13.0" flip-tables = "1.1.1" forbidden-apis = "3.8" -google-java-format = "1.24.0" +google-java-format = "1.25.0" guava = "33.3.1-jre" guice = "6.0.0" h2 = "2.3.232" hamcrest = "3.0" -hazelcast = "5.3.7" +hazelcast = "5.5.0" httpclient = "4.5.14" idea = "1.1.9" jackrabbit = "1.72.0" @@ -83,7 +83,7 @@ protobuf = "4.28.3" slf4j = "2.0.16" slf4j-test = "3.0.1" snakeyaml = "2.3" -sonarqube = "5.1.0.4882" +sonarqube = "6.0.0.5145" spotbugs = "4.8.6" spotbugs-contrib = "7.6.8" spotbugs-plugin = "6.0.26" diff --git a/gradle/plugins/src/main/kotlin/analyze/jmh.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/analyze/jmh.caffeine.gradle.kts index 1a65c4aa60..2fae57d274 100644 --- a/gradle/plugins/src/main/kotlin/analyze/jmh.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/analyze/jmh.caffeine.gradle.kts @@ -7,15 +7,22 @@ import me.champeau.jmh.JMHTask as JmhTask plugins { idea eclipse - `java-library` id("me.champeau.jmh") id("io.morethan.jmhreport") + id("java-library.caffeine") } configurations.jmh { extendsFrom(configurations["testImplementation"]) exclude(module = "jazzer-junit") exclude(module = "slf4j-test") + + resolutionStrategy { + if (java.toolchain.languageVersion.get().asInt() < 17) { + force("com.oracle.coherence.ce:coherence:22.06.10") + force("com.hazelcast:hazelcast:5.3.8") + } + } } dependencies { @@ -29,6 +36,7 @@ jmh { warmupIterations = 3 iterations = 3 timeUnit = "s" + zip64 = true jvmArgs = defaultJvmArgs() failOnError = true diff --git a/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts index 03e6db295b..f4279bcecd 100644 --- a/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/lifecycle/java-library.caffeine.gradle.kts @@ -20,7 +20,7 @@ dependencies { val javaVersion = JavaLanguageVersion.of(System.getenv("JAVA_VERSION")?.toIntOrNull() ?: 11) val javaVendor = System.getenv("JAVA_VENDOR")?.let { JvmVendorSpec.matching(it) } -val javaLtsVersion = JavaLanguageVersion.of(21) +val javaRuntimeVersion = maxOf(javaVersion, JavaLanguageVersion.of(21)) java.toolchain { languageVersion = javaVersion vendor = javaVendor @@ -34,7 +34,7 @@ tasks.withType().configureEach { javaCompiler = javaToolchains.compilerFor { // jdk 17+ is required by compiler plugins, e.g. error-prone - languageVersion = maxOf(javaVersion, javaLtsVersion) + languageVersion = javaRuntimeVersion } options.compilerArgs.addAll(listOf("-Xlint:all", "-Xlint:-auxiliaryclass", "-Xlint:-classfile", @@ -52,7 +52,8 @@ tasks.withType().configureEach { tasks.withType().configureEach { jvmArgs(DisableStrongEncapsulationJvmArgs) javaLauncher = javaToolchains.launcherFor { - languageVersion = java.toolchain.languageVersion + // jdk 17+ is required by dependencies, e.g. google-java-format + languageVersion = javaRuntimeVersion } } @@ -109,6 +110,6 @@ tasks.withType().configureEach { } } javadocTool = javaToolchains.javadocToolFor { - languageVersion = maxOf(javaVersion, javaLtsVersion) + languageVersion = javaRuntimeVersion } } diff --git a/gradle/plugins/src/main/kotlin/lifecycle/versions.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/versions.caffeine.gradle.kts index b46ff6efe3..bf475a2dd1 100644 --- a/gradle/plugins/src/main/kotlin/lifecycle/versions.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/lifecycle/versions.caffeine.gradle.kts @@ -23,9 +23,7 @@ tasks.named("dependencyUpdates").configure { } } force(libs.guice) - force(libs.hazelcast) force(libs.commons.collections4) - force(libs.bundles.coherence.get()) } } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index f3ff213c04..0cdabcd31b 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/guava/src/test/java/com/github/benmanes/caffeine/guava/compatibility/LocalCacheMapComputeTest.java b/guava/src/test/java/com/github/benmanes/caffeine/guava/compatibility/LocalCacheMapComputeTest.java index 39ffc6a6e1..06dbef233a 100644 --- a/guava/src/test/java/com/github/benmanes/caffeine/guava/compatibility/LocalCacheMapComputeTest.java +++ b/guava/src/test/java/com/github/benmanes/caffeine/guava/compatibility/LocalCacheMapComputeTest.java @@ -99,7 +99,7 @@ public void testUpdates() { doParallelCacheOp(count, n -> { cache.asMap().compute(key, (k, v) -> n % 2 == 0 ? v + delimiter + n : null); }); - assertTrue(1 >= cache.size()); + assertThat(cache.size()).isAtLeast(1); } public void testCompute() {