From 522f4be30d72cf99aa4b4519fcff1a7c3cb926ee Mon Sep 17 00:00:00 2001 From: Ben Manes Date: Sun, 1 Sep 2024 00:17:08 -0700 Subject: [PATCH] dependency updates --- .github/actions/run-gradle/action.yml | 2 +- .github/workflows/build.yml | 2 +- .github/workflows/codacy.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/dependency-check.yml | 2 +- .../dependency-submission-pr-retreive.yml | 2 +- .../dependency-submission-pr-submit.yml | 2 +- .github/workflows/dependency-submission.yml | 2 +- .github/workflows/devskim.yml | 2 +- .github/workflows/examples.yml | 2 +- .../workflows/gradle-wrapper-validation.yml | 2 +- .github/workflows/qodana.yml | 2 +- .github/workflows/scorecards-analysis.yml | 4 ++-- .github/workflows/semgrep.yml | 2 +- .github/workflows/snyk.yml | 2 +- .github/workflows/spelling.yml | 2 +- .github/workflows/trivy.yml | 2 +- .../benmanes/caffeine/cache/Caffeine.java | 2 +- .../settings.gradle.kts | 2 +- examples/graal-native/settings.gradle.kts | 2 +- examples/hibernate/settings.gradle.kts | 2 +- examples/indexable/settings.gradle.kts | 2 +- .../resilience-failsafe/settings.gradle.kts | 2 +- .../write-behind-rxjava/settings.gradle.kts | 2 +- gradle/config/pmd/rulesSets.xml | 1 + gradle/libs.versions.toml | 18 +++++++++--------- gradle/plugins/settings.gradle.kts | 2 +- settings.gradle.kts | 2 +- 28 files changed, 39 insertions(+), 38 deletions(-) diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml index 16ee6b85b9..54eefc9b64 100644 --- a/.github/actions/run-gradle/action.yml +++ b/.github/actions/run-gradle/action.yml @@ -79,7 +79,7 @@ runs: distribution: temurin - name: Setup Gradle id: setup-gradle - uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 env: JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }} ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4c8a2ceb7f..b5ee5d33c8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -195,7 +195,7 @@ jobs: find . -path */jacoco/*.exec -o -path */results/*.xml | tar czf ${{ env.ARTIFACT_NAME }}.tar.gz --files-from - - name: Upload test results - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) with: retention-days: 1 diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 3989d6dc0a..b183d6dd3d 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -47,7 +47,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 48e8e080aa..f499e7d75f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -57,10 +57,10 @@ jobs: java: ${{ env.JAVA_VERSION }} token: ${{ secrets.GITHUB_TOKEN }} - name: Initialize CodeQL - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: java - name: Autobuild - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index b53cbd20a2..ee20b8b6e3 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -60,7 +60,7 @@ jobs: with: files: build/reports/dependency-check-report.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/dependency-submission-pr-retreive.yml b/.github/workflows/dependency-submission-pr-retreive.yml index c0b6a6cd01..2aa03e1240 100644 --- a/.github/workflows/dependency-submission-pr-retreive.yml +++ b/.github/workflows/dependency-submission-pr-retreive.yml @@ -35,6 +35,6 @@ jobs: repo1.maven.org:443 services.gradle.org:443 - name: Retrieve and submit dependency graph - uses: gradle/actions/dependency-submission@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + uses: gradle/actions/dependency-submission@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 with: dependency-graph: download-and-submit diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml index 56ac8691e2..0cab8a83ba 100644 --- a/.github/workflows/dependency-submission-pr-submit.yml +++ b/.github/workflows/dependency-submission-pr-submit.yml @@ -38,7 +38,7 @@ jobs: java-version: ${{ env.JAVA_VERSION }} distribution: temurin - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + uses: gradle/actions/dependency-submission@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} dependency-graph: generate-and-upload diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index 3303fa6fd8..891d78f690 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -38,6 +38,6 @@ jobs: java-version: ${{ env.JAVA_VERSION }} distribution: temurin - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + uses: gradle/actions/dependency-submission@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index f8989f8c18..4aabf76a62 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -31,6 +31,6 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index 4dc92f8376..3ff896014b 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -39,7 +39,7 @@ jobs: java-version: ${{ env.JAVA_VERSION }} distribution: temurin - name: Setup Gradle - uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 with: add-job-summary: never cache-read-only: false diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 54d5a55f47..548ede3d46 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -18,4 +18,4 @@ jobs: github.com:443 services.gradle.org:443 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: gradle/actions/wrapper-validation@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 + - uses: gradle/actions/wrapper-validation@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4.0.1 diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml index 9fbb92bef6..bda6efa69d 100644 --- a/.github/workflows/qodana.yml +++ b/.github/workflows/qodana.yml @@ -68,6 +68,6 @@ jobs: with: upload-result: true - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index ec9ee82673..a34a76bece 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -51,12 +51,12 @@ jobs: results_file: results.sarif repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - name: Upload artifact - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 294536fe95..5e69497f71 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -34,7 +34,7 @@ jobs: if: steps.check_files.outputs.files_exists == 'true' run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 if: steps.check_files.outputs.files_exists == 'true' continue-on-error: true with: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index c004606521..8b094accbf 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,7 +42,7 @@ jobs: with: files: snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 if: steps.check_files.outputs.files_exists == 'true' with: sarif_file: snyk.sarif diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 28181a7ef6..7124035ea1 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -34,4 +34,4 @@ jobs: objects.githubusercontent.com:443 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Typos - uses: crate-ci/typos@935271f0204ebdf61717cf6caac31d8d115f1c14 # v1.23.6 + uses: crate-ci/typos@9ad6f5c0549e0eb32bd70e26d5083421d639f278 # v1.24.3 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 9fa2ff9c13..532ed7b778 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -29,6 +29,6 @@ jobs: format: sarif output: trivy-results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: trivy-results.sarif diff --git a/caffeine/src/main/java/com/github/benmanes/caffeine/cache/Caffeine.java b/caffeine/src/main/java/com/github/benmanes/caffeine/cache/Caffeine.java index aca9157caa..cce05ae4ec 100644 --- a/caffeine/src/main/java/com/github/benmanes/caffeine/cache/Caffeine.java +++ b/caffeine/src/main/java/com/github/benmanes/caffeine/cache/Caffeine.java @@ -1157,7 +1157,7 @@ public AsyncLoadingCache buildAsync( requireState(valueStrength == null, "Weak or soft values can not be combined with AsyncLoadingCache"); requireState(isStrongKeys() || (evictionListener == null), - "Weak keys cannot be combined eviction listener and with AsyncLoadingCache"); + "Weak keys cannot be combined with eviction listener and with AsyncLoadingCache"); requireWeightWithWeigher(); requireNonNull(loader); diff --git a/examples/coalescing-bulkloader-reactor/settings.gradle.kts b/examples/coalescing-bulkloader-reactor/settings.gradle.kts index 4a15860715..f5b6d72e9e 100644 --- a/examples/coalescing-bulkloader-reactor/settings.gradle.kts +++ b/examples/coalescing-bulkloader-reactor/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/examples/graal-native/settings.gradle.kts b/examples/graal-native/settings.gradle.kts index 0b5d107581..bb2d3bba58 100644 --- a/examples/graal-native/settings.gradle.kts +++ b/examples/graal-native/settings.gradle.kts @@ -5,7 +5,7 @@ pluginManagement { } } plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/examples/hibernate/settings.gradle.kts b/examples/hibernate/settings.gradle.kts index ddc7c567c9..f8abb99ccf 100644 --- a/examples/hibernate/settings.gradle.kts +++ b/examples/hibernate/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/examples/indexable/settings.gradle.kts b/examples/indexable/settings.gradle.kts index 840f1e7f28..ca1905e6d4 100644 --- a/examples/indexable/settings.gradle.kts +++ b/examples/indexable/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/examples/resilience-failsafe/settings.gradle.kts b/examples/resilience-failsafe/settings.gradle.kts index 862c0f3f7b..5327d280c0 100644 --- a/examples/resilience-failsafe/settings.gradle.kts +++ b/examples/resilience-failsafe/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/examples/write-behind-rxjava/settings.gradle.kts b/examples/write-behind-rxjava/settings.gradle.kts index 666e6abd31..b90c4bba19 100644 --- a/examples/write-behind-rxjava/settings.gradle.kts +++ b/examples/write-behind-rxjava/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/gradle/config/pmd/rulesSets.xml b/gradle/config/pmd/rulesSets.xml index e3de7a3705..fb261cb702 100644 --- a/gradle/config/pmd/rulesSets.xml +++ b/gradle/config/pmd/rulesSets.xml @@ -112,6 +112,7 @@ + diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 047f6ea333..42e71eda29 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -8,12 +8,12 @@ bouncycastle-jdk18on = "1.78.1" cache2k = "2.6.1.Final" caffeine = "3.1.8" checker-framework = "3.46.0" -checkstyle = "10.18.0" +checkstyle = "10.18.1" coherence = "22.06.2" commons-collections4 = "4.4" commons-compress = "1.27.1" commons-io = "2.16.1" -commons-lang3 = "3.16.0" +commons-lang3 = "3.17.0" commons-math3 = "3.6.1" commons-text = "1.12.0" concurrentlinkedhashmap = "1.4.2" @@ -22,7 +22,7 @@ coveralls = "2.12.2" dependency-check = "10.0.3" eclipse-collections = "12.0.0.M3" ehcache3 = "3.10.8" -errorprone = "2.30.0" +errorprone = "2.31.0" errorprone-plugin = "4.0.1" errorprone-support = "0.18.0" expiring-map = "0.5.11" @@ -66,7 +66,7 @@ junit5 = "5.11.0" jvm-dependency-conflict-resolution = "2.1.2" kotlin = "2.0.20" lincheck = "2.33" -mockito = "5.12.0" +mockito = "5.13.0" nexus-publish = "2.0.0" nullaway = "0.11.2" nullaway-plugin = "2.0.0" @@ -78,15 +78,15 @@ osgi-promise = "1.3.0" pax-exam = "4.13.5" pax-url = "2.6.14" picocli = "4.7.6" -pmd = "7.4.0" -protobuf = "4.27.3" +pmd = "7.5.0" +protobuf = "4.28.0" slf4j = "2.0.16" slf4j-test = "3.0.1" -snakeyaml = "2.2" +snakeyaml = "2.3" sonarqube = "5.1.0.4882" spotbugs = "4.8.6" spotbugs-contrib = "7.6.4" -spotbugs-plugin = "6.0.20" +spotbugs-plugin = "6.0.21" stream = "2.9.8" tcache = "2.0.1" testng = "7.10.2" @@ -96,7 +96,7 @@ versions = "0.51.0" xz = "1.10" ycsb = "0.17.0" zero-allocation-hashing = "0.26ea0" -zstd = "1.5.6-4" +zstd = "1.5.6-5" [libraries] asm-bom = { module = "org.ow2.asm:asm-bom", version.ref = "asm" } diff --git a/gradle/plugins/settings.gradle.kts b/gradle/plugins/settings.gradle.kts index 0af187a88e..0b0c3d2c4a 100644 --- a/gradle/plugins/settings.gradle.kts +++ b/gradle/plugins/settings.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } diff --git a/settings.gradle.kts b/settings.gradle.kts index 0cf7bc3de7..e9da1ea86e 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -2,7 +2,7 @@ pluginManagement { includeBuild("gradle/plugins") } plugins { - id("com.gradle.develocity") version "3.17.6" + id("com.gradle.develocity") version "3.18" id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2" id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" }