Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CORE-69]: Bump the minor-patch-dependencies group with 2 updates #1800

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[CORE-69]: Bump the minor-patch-dependencies group with 2 updates #1800

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 4, 2024
edited
Loading

Bumps the minor-patch-dependencies group with 2 updates: au.com.dius.pact and com.google.cloud:libraries-bom.

Updates au.com.dius.pact from 4.6.14 to 4.6.15

Updates com.google.cloud:libraries-bom from 26.49.0 to 26.50.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.50.0

GCP Libraries BOM 26.50.0

Here are the differences from the previous version (26.49.0)

The group ID of the following artifacts is com.google.cloud.

Notable Changes

Protobuf-Java v4.28.3

This version of Libraries-Bom is upgrading the Protobuf Java (PBJ) Runtime version to v4.28.3. The Java SDK aims to use the latest Protobuf version to utilize the latest stable features and to mitigate vulnerabilities (CVEs).

Potential PBJ Runtime 4.28.3 Upgrade Issues

There are a few potential compatibility issues that may arise for users following the PBJ Runtime upgrade to v4.28.3. Details about these potential issues are outlined below.

Note: The following issues may not be exhaustive and users may encounter additional issues.

Source Compatibility Issues

PBJ 4.26.x removed some methods from runtime. Users may see source compilation issues when compiling their application. If you do not use any of the following removed methods, you should not see these issues.

... (truncated)

Commits
  • 23ace8b chore: release main (#6817)
  • 88b0c80 deps: update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.14...
  • 5662b26 chore: Override the version of protobuf-bom to 4.28.3 in libraries-bom. (#6836)
  • 2c49bcf deps: update dependency com.google.cloud:google-cloud-nio to v0.127.26 (#6835)
  • 9cc59ba deps: update dependency com.google.cloud:google-cloud-bigtable-bom to v2.46.0...
  • 2d2b829 deps: update dependency com.google.cloud:google-cloud-firestore-bom to v3.28....
  • 39c5c2f deps: update dependency com.google.cloud:google-cloud-bigquerystorage-bom to ...
  • 476cc06 deps: update dependency com.google.cloud:google-cloud-logging-logback to v0.1...
  • d02b9b5 deps: update dependency com.google.cloud:google-cloud-pubsub-bom to v1.134.1 ...
  • 0401269 deps: update dependency com.google.cloud:google-cloud-spanner-bom to v6.80.1 ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested review from a team, davidangb and samanehsan and removed request for a team November 4, 2024 11:53
davidangb
davidangb approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@davidangb davidangb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍, even though integration tests are failing. We believe that to be a separate issue.

@marctalbott
Copy link
Member

I've re-run these a few times since tests were fixed and they are still failing on the PR. We'll need to investigate what's causing tests to fail on this PR

@marctalbott
Copy link
Member

Tests passed locally

@marctalbott
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/gradle/main/minor-patch-dependencies-d9664e5532 branch from 2044278 to 8eca531 Compare November 7, 2024 23:31
@dependabot dependabot bot requested a review from a team as a code owner November 7, 2024 23:31
@dependabot dependabot bot requested review from dvoet and calypsomatic and removed request for a team November 7, 2024 23:31
@dvoet dvoet removed their request for review November 8, 2024 15:35
@dependabot dependabot bot force-pushed the dependabot/gradle/main/minor-patch-dependencies-d9664e5532 branch from 8eca531 to 2415316 Compare November 11, 2024 12:02
@dependabot
[CORE-69]: Bump the minor-patch-dependencies group with 2 updates
004a577 
Bumps the minor-patch-dependencies group with 2 updates: au.com.dius.pact and [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom).


Updates `au.com.dius.pact` from 4.6.14 to 4.6.15

Updates `com.google.cloud:libraries-bom` from 26.49.0 to 26.50.0
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](googleapis/java-cloud-bom@v26.49.0...v26.50.0)

---
updated-dependencies:
- dependency-name: au.com.dius.pact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/gradle/main/minor-patch-dependencies-d9664e5532 branch from 2415316 to 004a577 Compare November 18, 2024 12:18
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@samanehsan samanehsan samanehsan approved these changes

@davidangb davidangb davidangb approved these changes

@calypsomatic calypsomatic Awaiting requested review from calypsomatic calypsomatic is a code owner automatically assigned from DataBiosphere/broad-core-services

Assignees
No one assigned
Labels
dependency gradle
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marctalbott @davidangb @samanehsan