Merge branch 'main' into oak2024

odpi · Jan 3, 2025 · 19177ef · 19177ef
2 parents 04d68d9 + e8308ec
commit 19177ef
Show file tree

Hide file tree

Showing 9 changed files with 93 additions and 431 deletions.
diff --git a/.github/workflows/codeql-v5.yml b/.github/workflows/codeql-v5.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
       - uses: gradle/wrapper-validation-action@v2
       - name: Setup Java JDK
         uses: actions/setup-java@v4
@@ -38,7 +38,7 @@ jobs:
           java-version: '17'
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.25.7
+        uses: github/codeql-action/init@v3.27.5
         with:
           languages: java
           queries: security-and-quality
@@ -51,6 +51,6 @@ jobs:
           cache-disabled: true
           arguments: -x javadoc -x test build -PskipOpenTypesFVT
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.25.7
+        uses: github/codeql-action/analyze@v3.27.5
         with:
           ram: 4096
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
@@ -16,9 +16,9 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.2
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v1.9.3
+        uses: lycheeverse/lychee-action@v2.1.0
         with:
           # Can switch to true once we run clean
           fail: false

diff --git a/.github/workflows/merge-v5.yml b/.github/workflows/merge-v5.yml
@@ -22,7 +22,7 @@ jobs:
     name: "Merge v5"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.2
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v2
       - name: Set up JDK

diff --git a/.github/workflows/pr-v5.yml b/.github/workflows/pr-v5.yml
@@ -16,7 +16,7 @@ jobs:
     name: "Verify PR v5"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.2
       - uses: gradle/wrapper-validation-action@v2
       - name: Set up JDK
         uses: actions/setup-java@v4

diff --git a/.github/workflows/release-v5.yml b/.github/workflows/release-v5.yml
@@ -24,7 +24,7 @@ jobs:
     name: "Release"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.2
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v2
       # Prep for docker builds

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -30,12 +30,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.2.0  # tag=v3.0.0
+        uses: actions/checkout@v4.2.2  # tag=v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534  # tag=v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46  # tag=v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -62,6 +62,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.25.7  # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.27.5  # tag=v1.0.26
         with:
           sarif_file: results.sarif
diff --git a/bom/README.md b/bom/README.md
@@ -0,0 +1,53 @@
+<!-- SPDX-License-Identifier: CC-BY-4.0 -->
+<!-- Copyright Contributors to the Egeria project. -->
+
+
+# Summary of BOM changes on 12/23/2024 for version 5.2 of Egeria
+Not all changes suggested by Dependabot worked. The following summarizes the 
+version updates that worked and those that will need further investigation and potentially code changes.
+The BOM has been annotated to indicate proposed changes that did not work.
+
+# Changes that worked
+These version updates were successful.
+
+| package                  | old version | new version     |
+|--------------------------|-------------|-----------------| 
+|  classgraphVersion       | 4.8.177       | 4.8.179     | 
+|  commonsioVersion        | 2.16.1       | 2.18.0       | 
+|   commonscliVersion    | 1.8.0           | 1.9.0      |
+|   jenaVersion      | 5.0.0         | 5.2.0         |    
+|   junitjupiterVersion    | 5.11.2        | 5.11.3   |   
+|   jwtVersion      | 9.41.2        | 9.47          |   
+|   kafkaVersion      | 3.7.0         | 3.9.0         |
+|   lettuceVersion      | 6.3.2.RELEASE | 6.5.0.RELEASE |   
+|    openlineageVersion      | 1.23.0        | 1.25.0    |   
+|    postgresVersion     | 42.7.3        | 42.7.4        |  
+|   nettyVersion      | 4.1.114.Final | 4.1.115.Final |   
+|   prometheusVersion      | 1.13.6        | 1.14.2        |   
+|   quartzVersion      | 2.3.2         | 2.5.0         |   
+|  swaggerVersion       | 2.2.22        | 2.2.25        |   
+|  jnrVersion       | 3.1.19        | 3.1.20        |   
+| openhft | 2.26ea50 | 2.27ea5 | 
+| lombokVersion | 1.18.32 | 1.18.36 | 
+
+
+# Changes requiring further evaluation and potential changes
+These changes either broke the build or caused an XTDB runtime error due to the Lucene
+package renaming issue.
+
+| package                | current version | proposed version | status                         |
+|------------------------|-----------------|------------------|--------------------------------|
+| jacksonDatabindVersion | 2.18.0          | 2.18.2           | xtdb runtime failure           |
+| logbackVersion         | 1.5.6           | 1.5.8            | build breaks                   |
+| cassandraVersion       | 4.1.5           | 5.0.1            | doesn't work                   |
+| log4jVersion           | 2.24.1          | 2.24.3           | doesn't build                  |  
+| jacksonjdk8Version     | 2.18.0          | 2.18.2           | runtime failure                |
+| commonscodecVersion    | 1.16.0          | 1.17.0           | xtdb runtime failure - lucene  |
+| commonstextVersion     | 1.11.0          |                  | xtdb runtime failure - lucene  |
+| luceneVersion          | 8.11.3          |                  | xtdb runtime failure - lucene  |
+|                        |                 |                  |                                |
+|                        |                 |                  |                                |
+
+----
+License: [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/),
+Copyright Contributors to the Egeria project.
diff --git a/bom/build.gradle b/bom/build.gradle
@@ -19,25 +19,28 @@ javaPlatform {
 
 // Assign variables for any constraints
 ext {
-    lombokVersion = '1.18.32'
+    lombokVersion = '1.18.36'
     // TODO: version 4 under new package name
     antlrVersion = '3.5.3'
     ST4Version = '4.3.4'
     avroVersion = '1.12.0'
     xtdbVersion = '1.24.4'
     clojureVersion = '1.12.0'
-    classgraphVersion = '4.8.177'
+
+    classgraphVersion = '4.8.179'
     classmateVersion = '1.5.1'
     collections4Version = '4.4'
-    // Version 1.17.0 breaks XTDB because of a change in lucene's library names
+    // TODO: Version 1.17.0 breaks XTDB because of a change in lucene's library names
     commonscodecVersion = '1.16.0'
     commonsconfiguration2Version = '2.10.1'
     commonsconfigurationVersion = '1.10'
-    commonsioVersion = '2.16.1'
+
+    commonsioVersion = '2.18.0'
     commonsloggingVersion = '1.3.2'
-    // Version 1.12.0 breaks XTDB because of a change in lucene's library names
+    // TODO: Version 1.12.0 breaks XTDB because of a change in lucene's library names
     commonstextVersion = '1.11.0'
-    commonscliVersion = '1.8.0'
+
+    commonscliVersion = '1.9.0'
     elasticsearchVersion = '8.7.1'
     findbugsVersion = '3.0.2'
     glassfishVersion = '1.1.4'
@@ -51,40 +54,40 @@ ext {
     hibernatevalidatorVersion = '8.0.1.Final'
     jacksonVersion = '2.15.0'
     jacksonDatabindVersion = '2.18.0'
+//    TODO: jacksonDatabindVersion = '2.18.2' monday - failed at runtime
     jacksonaslVersion = '1.9.14-atlassian-6'
     jakartaannotationVersion = '2.1.1'
     jakartapersistenceVersion = '3.2.0'
     jakartavalidationVersion = '3.1.0'
     janusVersion = '0.6.4'
     javassistVersion = '3.29.2-GA'
     jaxbVersion = '2.3.1'
-    jenaVersion = '5.0.0'
+    jenaVersion = '5.2.0'
     jodatimeVersion = '2.13.0'
     jsonldVersion = '0.13.6'
     junitVersion = '4.13.2'
-    junitjupiterVersion = '5.11.2'
+    junitjupiterVersion = '5.11.3'
     junitplatformVersion = '1.9.2'
-    jwtVersion = '9.41.2'
+    jwtVersion = '9.47'
     jwtApiVersion = '0.11.5'
     jwtImplVersion = '0.11.5'
     jwtJacksonVersion = '0.11.5'
-    kafkaVersion = '3.7.0'
+    kafkaVersion = '3.9.0'
     lang3Version = '3.14.0'
-    //logbackVersion = '1.5.8'
+//    TODO: logbackVersion = '1.5.8' build break
     logbackVersion = '1.5.6'
-
-    lettuceVersion = '6.3.2.RELEASE'
-    // TODO: Lucene Version 9 now available but changed the naming of Codec files and so does not work with XTDB
+    lettuceVersion = '6.5.0.RELEASE'
+    //      TODO: Lucene Version 9 now available but changed the naming of Codec files and so does not work with XTDB
     luceneVersion = '8.11.3'
-    openlineageVersion = '1.23.0'
+    openlineageVersion = '1.25.0'
     ossVersion = '4.16.0'
-    // TODO: Held as data engine breaks
+    //      TODO: Held as data engine breaks
     mockitoVersion = '4.11.0'
     plexusVersion = '4.0.2'
-    postgresVersion = '42.7.4'
-    nettyVersion = '4.1.114.Final'
-    prometheusVersion = '1.13.6'
-    quartzVersion = '2.3.2'
+    postgresVersion = '42.7.4' // already there
+    nettyVersion = '4.1.115.Final'
+    prometheusVersion = '1.14.2'
+    quartzVersion = '2.5.0'
     // TODO: May be able to remove as moving to jakarta servlet
     servletVersion = '4.0.1'
     jakartaServletVersion = '6.0.0'
@@ -105,12 +108,14 @@ ext {
     validationVersion = '2.0.1.Final'
     gsonVersion = '2.11.0'
     antVersion = '1.10.15'
-    jnrVersion = '3.1.19'
-    //cassandraVersion 5.0.1 doesn't work
+     jnrVersion = '3.1.20'
+    //  TODO: cassandraVersion 5.0.1 and 5.0.2 don't work
     cassandraVersion = '4.1.5'
-    protobufVersion = '3.25.5'
+    protobufVersion = '3.25.5' //ok working
     log4jVersion = '2.24.1'
+//    TODO: log4jVersion = '2.24.3' Monday - doesn't build'
     jacksonjdk8Version = '2.18.0'
+//    TODO: jacksonjdk8Version = '2.18.2'monday - failed at runtime
     springdocStarterVersion = '2.2.0'
     jacocoVersion = '0.8.8'
     snakeYamlVersion = '2.3'
@@ -119,7 +124,7 @@ ext {
 dependencies {
     // Only use this to bring in platforms, which are *constraints*
     dependencies {
-        api(platform('net.openhft:chronicle-bom:2.26ea50'))
+        api(platform('net.openhft:chronicle-bom:2.27ea5'))
     }
     constraints {
         api("ch.qos.logback:logback-classic:${logbackVersion}")