From cfe791d63f7c36ffc95ffa75990a92b2fac0c47e Mon Sep 17 00:00:00 2001 From: Dennis Labordus Date: Mon, 30 Aug 2021 09:40:22 +0200 Subject: [PATCH 01/11] Added Dependabot configuration + small changes to github actions. Signed-off-by: Dennis Labordus --- .github/dependabot.yml | 40 +++++++++++++++++++++++ .github/workflows/build-project.yml | 5 +-- .github/workflows/release-project.yml | 5 +-- .github/workflows/sonarcloud-analysis.yml | 11 ++++--- 4 files changed, 52 insertions(+), 9 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..4f72716 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,40 @@ +# SPDX-FileCopyrightText: 2021 Alliander N.V. +# +# SPDX-License-Identifier: Apache-2.0 + +version: 2 + +registries: + maven-github: + type: maven-repository + url: https://maven.pkg.github.com/com-pas/* + username: OWNER + password: ${{ secrets.DB_GITHUB_PACKAGES }} + +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 5 + + # Maintain dependencies for Maven + - package-ecosystem: "maven" + directory: "/" + registries: + - maven-github + schedule: + interval: "daily" + open-pull-requests-limit: 5 + ignore: + # Next two dependencies shouldn't be upgrade, because Quarkus isn't using newer version of EL. + - dependency-name: org.hibernate.validator:hibernate-validator + versions: [ "[7.0,)" ] + - dependency-name: org.glassfish:jakarta.el + versions: [ "[4.0,)" ] + # Next two dependencies shouldn't be upgrade, because RestEasy isn't using newer version. (2.3.X) + - dependency-name: jakarta.xml.bind:jakarta.xml.bind-api + versions: [ "[3.0,)" ] + - dependency-name: com.sun.xml.bind:jaxb-impl + versions: [ "[3.0,)" ] diff --git a/.github/workflows/build-project.yml b/.github/workflows/build-project.yml index d108fe8..34b8858 100644 --- a/.github/workflows/build-project.yml +++ b/.github/workflows/build-project.yml @@ -15,9 +15,10 @@ jobs: steps: - uses: actions/checkout@v2 - name: Set up JDK 1.11 - uses: actions/setup-java@v1 + uses: actions/setup-java@v2.3.0 with: - java-version: 1.11 + distribution: 'zulu' + java-version: '11' - name: Create custom Maven Settings.xml uses: whelk-io/maven-settings-xml-action@v18 with: diff --git a/.github/workflows/release-project.yml b/.github/workflows/release-project.yml index a4b4727..bac04a9 100644 --- a/.github/workflows/release-project.yml +++ b/.github/workflows/release-project.yml @@ -21,10 +21,11 @@ jobs: shell: bash # Extra the tagname form the git reference, value of GITHUB_REF will be something like refs/tags/. run: echo "##[set-output name=tagname;]$(echo ${GITHUB_REF##*/})" - - uses: actions/setup-java@v2 + - name: Set up JDK 1.11 + uses: actions/setup-java@v2.3.0 with: + distribution: 'zulu' java-version: '11' - distribution: 'adopt' - name: Create custom Maven Settings.xml uses: whelk-io/maven-settings-xml-action@v18 with: diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index 48f7c5f..3e8cb31 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -14,18 +14,19 @@ jobs: - uses: actions/checkout@v2 with: fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v1 + - name: Set up JDK 1.11 + uses: actions/setup-java@v2.3.0 with: - java-version: 11 + distribution: 'zulu' + java-version: '11' - name: Cache SonarCloud packages - uses: actions/cache@v1 + uses: actions/cache@v2.1.6 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v1 + uses: actions/cache@v2.1.6 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} From ed0bae05982b52f50b45c0ec930f5f2640cec294 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 07:52:40 +0000 Subject: [PATCH 02/11] Bump compas-scl-xsd from 0.0.1 to 0.0.2 Bumps [compas-scl-xsd](https://github.com/com-pas/compas-scl-xsd) from 0.0.1 to 0.0.2. - [Release notes](https://github.com/com-pas/compas-scl-xsd/releases) - [Commits](https://github.com/com-pas/compas-scl-xsd/compare/0.0.1...0.0.2) --- updated-dependencies: - dependency-name: org.lfenergy.compas.xsd:compas-scl-xsd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 331ccf6..cacd84b 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ SPDX-License-Identifier: Apache-2.0 11 UTF-8 - 0.0.1 + 0.0.2 1.7.31 2.12.4 2.3.3 From 7f4ab67d2d98ae22f743a6d12957598b0e00e269 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 07:52:42 +0000 Subject: [PATCH 03/11] Bump jakarta.el from 3.0.3 to 3.0.4 Bumps [jakarta.el](https://github.com/eclipse-ee4j/el-ri) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/eclipse-ee4j/el-ri/releases) - [Commits](https://github.com/eclipse-ee4j/el-ri/commits) --- updated-dependencies: - dependency-name: org.glassfish:jakarta.el dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 331ccf6..6fb40b8 100644 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,7 @@ SPDX-License-Identifier: Apache-2.0 org.glassfish jakarta.el - 3.0.3 + 3.0.4 test From bf015d0d4736b0ee59ac4e28fa394067a352e2d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 07:52:45 +0000 Subject: [PATCH 04/11] Bump javax.ws.rs-api from 2.1 to 2.1.1 Bumps [javax.ws.rs-api](https://github.com/eclipse-ee4j/jaxrs-api) from 2.1 to 2.1.1. - [Release notes](https://github.com/eclipse-ee4j/jaxrs-api/releases) - [Commits](https://github.com/eclipse-ee4j/jaxrs-api/commits/2.1.1) --- updated-dependencies: - dependency-name: javax.ws.rs:javax.ws.rs-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 331ccf6..99d4d58 100644 --- a/pom.xml +++ b/pom.xml @@ -114,7 +114,7 @@ SPDX-License-Identifier: Apache-2.0 javax.ws.rs javax.ws.rs-api - 2.1 + 2.1.1 org.jboss.resteasy From c98be7641956a4a06c9cd4510c761580574c90d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 07:52:51 +0000 Subject: [PATCH 05/11] Bump jackson.version from 2.12.4 to 2.12.5 Bumps `jackson.version` from 2.12.4 to 2.12.5. Updates `jackson-databind` from 2.12.4 to 2.12.5 - [Release notes](https://github.com/FasterXML/jackson/releases) - [Commits](https://github.com/FasterXML/jackson/commits) Updates `jackson-dataformat-yaml` from 2.12.4 to 2.12.5 - [Release notes](https://github.com/FasterXML/jackson-dataformats-text/releases) - [Commits](https://github.com/FasterXML/jackson-dataformats-text/compare/jackson-dataformats-text-2.12.4...jackson-dataformats-text-2.12.5) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 331ccf6..5fd8f42 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ SPDX-License-Identifier: Apache-2.0 0.0.1 1.7.31 - 2.12.4 + 2.12.5 2.3.3 5.7.2 3.11.2 From ba96ea261694dc3ac8f0c3e1d537e09641f623cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 07:52:54 +0000 Subject: [PATCH 06/11] Bump jandex-maven-plugin from 1.1.0 to 1.1.1 Bumps [jandex-maven-plugin](https://github.com/wildfly/jandex-maven-plugin) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/wildfly/jandex-maven-plugin/releases) - [Commits](https://github.com/wildfly/jandex-maven-plugin/compare/1.1.0...1.1.1) --- updated-dependencies: - dependency-name: org.jboss.jandex:jandex-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 331ccf6..cd2deb6 100644 --- a/pom.xml +++ b/pom.xml @@ -218,7 +218,7 @@ SPDX-License-Identifier: Apache-2.0 org.jboss.jandex jandex-maven-plugin - 1.1.0 + 1.1.1 make-index From f410d6b965bd4320af6ab504d648bbdc5fd01b8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 08:10:31 +0000 Subject: [PATCH 07/11] Bump maven-source-plugin from 3.2.0 to 3.2.1 Bumps [maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-3.2.0...maven-source-plugin-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ca36bb2..b9a330d 100644 --- a/pom.xml +++ b/pom.xml @@ -288,7 +288,7 @@ SPDX-License-Identifier: Apache-2.0 org.apache.maven.plugins maven-source-plugin - 3.2.0 + 3.2.1 attach-sources From d292a6ea4b9c5fdd032756027974cac6098a620a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 08:10:42 +0000 Subject: [PATCH 08/11] Bump slf4j.version from 1.7.31 to 1.7.32 Bumps `slf4j.version` from 1.7.31 to 1.7.32. Updates `slf4j-api` from 1.7.31 to 1.7.32 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.31...v_1.7.32) Updates `slf4j-simple` from 1.7.31 to 1.7.32 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.31...v_1.7.32) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ca36bb2..707bb7b 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ SPDX-License-Identifier: Apache-2.0 UTF-8 0.0.2 - 1.7.31 + 1.7.32 2.12.5 2.3.3 5.7.2 From f9b2dcca779f496118e6c1c24dc53d51f22658c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 08:10:58 +0000 Subject: [PATCH 09/11] Bump mockito-junit-jupiter from 3.11.2 to 3.12.4 Bumps [mockito-junit-jupiter](https://github.com/mockito/mockito) from 3.11.2 to 3.12.4. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v3.11.2...v3.12.4) --- updated-dependencies: - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ca36bb2..790b106 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ SPDX-License-Identifier: Apache-2.0 2.12.5 2.3.3 5.7.2 - 3.11.2 + 3.12.4 0.9.1 From 397d3736ff9a23ba7d7f2ba5ac2da3762057b65f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 08:11:05 +0000 Subject: [PATCH 10/11] Bump jacoco-maven-plugin from 0.8.6 to 0.8.7 Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.6 to 0.8.7. - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](https://github.com/jacoco/jacoco/compare/v0.8.6...v0.8.7) --- updated-dependencies: - dependency-name: org.jacoco:jacoco-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ca36bb2..c54e2da 100644 --- a/pom.xml +++ b/pom.xml @@ -240,7 +240,7 @@ SPDX-License-Identifier: Apache-2.0 java - 0.8.6 + 0.8.7 jacoco From c7f0139ee8cfc180efa03c5f43b1eeaf3be99455 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Sep 2021 15:20:48 +0000 Subject: [PATCH 11/11] Bump jandex-maven-plugin from 1.1.1 to 1.2.0 Bumps [jandex-maven-plugin](https://github.com/wildfly/jandex-maven-plugin) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/wildfly/jandex-maven-plugin/releases) - [Commits](https://github.com/wildfly/jandex-maven-plugin/compare/1.1.1...1.2.0) --- updated-dependencies: - dependency-name: org.jboss.jandex:jandex-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 36293f7..1500d09 100644 --- a/pom.xml +++ b/pom.xml @@ -218,7 +218,7 @@ SPDX-License-Identifier: Apache-2.0 org.jboss.jandex jandex-maven-plugin - 1.1.1 + 1.2.0 make-index