Dependabot aggregate updates 2023-07-20 #7795

lpalashevski · 2023-07-20T17:11:57Z

See list of dependency update commits for more details.

com.google.guava:guava:32.1.1-jre causes build error

* What went wrong:
Could not determine the dependencies of task ':open-metadata-implementation:adapters:open-connectors:repository-services-connectors:open-metadata-collection-store-connectors:graph-repository-connector:fatJar'.
> Could not resolve all dependencies for configuration ':open-metadata-implementation:adapters:open-connectors:repository-services-connectors:open-metadata-collection-store-connectors:graph-repository-connector:runtimeClasspath'.
   > There was an error while evaluating a component metadata rule for com.google.guava:guava:32.1.1-jre.
      > Cannot add capability com.google.collections:google-collections with version 32.1.1 because it's already defined with version 32.1.1-jre

Quick investigation shows that most probably there are problems related to metadata published for this release causing version resolution conflicts. To solve this we need to introduce custom exclusions / restrictions to satisfy some legacy capability requirements brought by transitive dependencies such as org.apache.cassandra:cassandra-all:4.1.2 and org.janusgraph:janusgraph-driver:0.6.3

Instead using com.google.guava:guava:32.0.1-jre

Since we are waiting on major JanusGraph release, I've decided not to chase this further (already spent significant time) and fix it by going back to recent version 32.0.1-jre
that works in combination with JanusGaraph and does not have vulnerabilities.

Bumps [net.openhft:chronicle-bom](https://github.com/OpenHFT/OpenHFT) from 2.24ea55 to 2.24ea71. - [Release notes](https://github.com/OpenHFT/OpenHFT/releases) - [Commits](https://github.com/OpenHFT/OpenHFT/commits) --- updated-dependencies: - dependency-name: net.openhft:chronicle-bom dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.11.0 to 1.11.2. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.11.0...v1.11.2) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-prometheus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.9.1 to 1.1.10.2. - [Release notes](https://github.com/xerial/snappy-java/releases) - [Commits](xerial/snappy-java@v1.1.9.1...v1.1.10.2) --- updated-dependencies: - dependency-name: org.xerial.snappy:snappy-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.23.0 to 3.23.4. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v3.23.0...v3.23.4) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps io.freefair.aggregate-javadoc from 6.6.3 to 8.1.0. --- updated-dependencies: - dependency-name: io.freefair.aggregate-javadoc dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [io.openlineage:openlineage-java](https://github.com/OpenLineage/OpenLineage) from 0.28.0 to 0.29.2. - [Release notes](https://github.com/OpenLineage/OpenLineage/releases) - [Changelog](https://github.com/OpenLineage/OpenLineage/blob/main/CHANGELOG.md) - [Commits](OpenLineage/OpenLineage@0.28.0...0.29.2) --- updated-dependencies: - dependency-name: io.openlineage:openlineage-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [com.google.guava:guava](https://github.com/google/guava) from 31.1-jre to 32.1.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps io.freefair.lombok from 8.0.1 to 8.1.0. --- updated-dependencies: - dependency-name: io.freefair.lombok dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com> # Conflicts: # settings.gradle

Bumps org.hibernate:hibernate-validator from 8.0.0.Final to 8.0.1.Final. --- updated-dependencies: - dependency-name: org.hibernate:hibernate-validator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [com.github.jnr:jnr-posix](https://github.com/jnr/jnr-posix) from 3.1.16 to 3.1.17. - [Commits](jnr/jnr-posix@jnr-posix-3.1.16...jnr-posix-3.1.17) --- updated-dependencies: - dependency-name: com.github.jnr:jnr-posix dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@80e868c...08b4669) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 2.20.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1.0.26...v2.20.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3...v3.1.2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps library/alpine from 3.18.0 to 3.18.2. --- updated-dependencies: - dependency-name: library/alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps the spring group with 16 updates: org.springframework.boot, [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-validation](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-actuator](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot), [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-ldap](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) and [org.springframework.security:spring-security-oauth2-jose](https://github.com/spring-projects/spring-security). Updates `org.springframework.boot` from 2.7.11 to 2.7.13 Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-web` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-validation` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-test` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-test` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-security` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.security:spring-security-config` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-core` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-ldap` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-web` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-oauth2-jose` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-autoconfigure dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-web dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-validation dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-test dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-security dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-data-redis dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-actuator dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-ldap dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-oauth2-jose dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com> # Conflicts: # bom/build.gradle

Bumps commons-io:commons-io from 2.11.0 to 2.13.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps org.apache.cassandra:cassandra-all from 4.1.1 to 4.1.2. --- updated-dependencies: - dependency-name: org.apache.cassandra:cassandra-all dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com> # Conflicts: # bom/build.gradle

Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.26 to 1.18.28. - [Release notes](https://github.com/projectlombok/lombok/releases) - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.26...v1.18.28) --- updated-dependencies: - dependency-name: org.projectlombok:lombok dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph) from 4.8.158 to 4.8.160. - [Release notes](https://github.com/classgraph/classgraph/releases) - [Commits](classgraph/classgraph@classgraph-4.8.158...classgraph-4.8.160) --- updated-dependencies: - dependency-name: io.github.classgraph:classgraph dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [org.testng:testng](https://github.com/testng-team/testng) from 7.7.1 to 7.8.0. - [Release notes](https://github.com/testng-team/testng/releases) - [Changelog](https://github.com/testng-team/testng/blob/master/CHANGES.txt) - [Commits](testng-team/testng@7.7.1...7.8.0) --- updated-dependencies: - dependency-name: org.testng:testng dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [org.antlr:antlr4](https://github.com/antlr/antlr4) from 4.12.0 to 4.13.0. - [Release notes](https://github.com/antlr/antlr4/releases) - [Changelog](https://github.com/antlr/antlr4/blob/master/doc/go-changes.md) - [Commits](antlr/antlr4@4.12.0...4.13.0) --- updated-dependencies: - dependency-name: org.antlr:antlr4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.0. - [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases) - [Commits](codehaus-plexus/plexus-utils@plexus-utils-3.5.1...plexus-utils-4.0.0) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-utils dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com> # Conflicts: # bom/build.gradle

Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](lycheeverse/lychee-action@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: lycheeverse/lychee-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

sonatype-lift · 2023-07-20T17:12:00Z

Sonatype Lift is retiring

Sonatype Lift will be retiring on Sep 12, 2023, with its analysis stopping on Aug 12, 2023. We understand that this news may come as a disappointment, and Sonatype is committed to helping you transition off it seamlessly. If you’d like to retain your data, please export your issues from the web console.
We are extremely grateful and thank you for your support over the years.

📖 Read about the impacts and timeline

Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

dependabot bot and others added 25 commits July 20, 2023 18:29

Manually adjusting versions for compatibility.

665e8c6

Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

lpalashevski requested a review from mandy-chessell July 20, 2023 17:11

lpalashevski requested a review from planetf1 as a code owner July 20, 2023 17:11

Using guava:32.0.1-jre

f31e39c

Signed-off-by: Ljupcho Palashevski <lpalashevski@gmail.com>

lpalashevski self-assigned this Jul 21, 2023

lpalashevski merged commit f66566d into odpi:main Jul 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot aggregate updates 2023-07-20 #7795

Dependabot aggregate updates 2023-07-20 #7795

lpalashevski commented Jul 20, 2023 •

edited

Loading

sonatype-lift bot commented Jul 20, 2023

Dependabot aggregate updates 2023-07-20 #7795

Dependabot aggregate updates 2023-07-20 #7795

Conversation

lpalashevski commented Jul 20, 2023 • edited Loading

sonatype-lift bot commented Jul 20, 2023

Sonatype Lift is retiring

lpalashevski commented Jul 20, 2023 •

edited

Loading