From 852f63692c2b3cef22ba3303980843c196f8e74a Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Thu, 5 Oct 2023 07:52:38 +0200 Subject: [PATCH 1/4] add dependabot config --- .github/dependabot.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b257aaa --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,22 @@ +version: 2 +updates: + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "monthly" + day: "monday" + time: "06:00" + timezone: "UTC" + groups: + maven-dependencies: + patterns: + - "*" + + - package-ecosystem: "github-actions" + directory: "/" # even for `.github/workflows` + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*" \ No newline at end of file From 1040552ddea93e9e294e109144274201012725b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Oct 2023 05:58:58 +0000 Subject: [PATCH 2/4] Bump the github-actions group with 1 update (#22) --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/publish-central.yml | 2 +- .github/workflows/publish-github.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b1c59bf..b32bc11 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-java@v3 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 560d70e..e67ee8f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 2 - uses: actions/setup-java@v3 diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml index 526cc8d..22333fe 100644 --- a/.github/workflows/publish-central.yml +++ b/.github/workflows/publish-central.yml @@ -10,7 +10,7 @@ jobs: publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: "refs/tags/${{ github.event.inputs.tag }}" - uses: actions/setup-java@v3 diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index a332c57..4b262ce 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-java@v3 with: java-version: 11 From c88aee25f68652eed91de2a7e5a03b124b1cef3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Oct 2023 05:59:22 +0000 Subject: [PATCH 3/4] Bump the maven-dependencies group with 17 updates (#23) --- pom.xml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/pom.xml b/pom.xml index 18f1b3f..fdacfb9 100644 --- a/pom.xml +++ b/pom.xml @@ -40,11 +40,11 @@ 1.70 - 5.8.2 - 3.12.4 - 1.34 + 5.10.0 + 5.5.0 + 1.37 2.2 - 32.0.0-jre + 32.1.2-jre @@ -58,7 +58,7 @@ org.jetbrains annotations - 23.0.0 + 24.0.1 provided @@ -106,7 +106,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.0.0 + 3.4.1 enforce-java @@ -126,7 +126,7 @@ maven-compiler-plugin - 3.9.0 + 3.11.0 8 UTF-8 @@ -152,11 +152,11 @@ org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M5 + 3.1.2 maven-jar-plugin - 3.2.2 + 3.3.0 @@ -168,7 +168,7 @@ maven-source-plugin - 3.2.1 + 3.3.0 attach-sources @@ -180,7 +180,7 @@ maven-javadoc-plugin - 3.3.1 + 3.6.0 attach-javadocs @@ -195,7 +195,7 @@ maven-shade-plugin - 3.2.4 + 3.5.1 package @@ -241,7 +241,7 @@ org.owasp dependency-check-maven - 8.3.1 + 8.4.0 24 0 @@ -268,7 +268,7 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.10 prepare-agent @@ -294,7 +294,7 @@ maven-gpg-plugin - 3.0.1 + 3.1.0 sign-artifacts @@ -329,7 +329,7 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.8 + 1.6.13 true ossrh From 6f6fdd504da6a02b5db84539bb51cc989cf9af2c Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Thu, 5 Oct 2023 08:00:31 +0200 Subject: [PATCH 4/4] remove codacy coverage report --- .github/workflows/build.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b32bc11..8e0bc37 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,12 +37,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Upload code coverage report - id: codacyCoverageReporter - run: bash <(curl -Ls https://coverage.codacy.com/get.sh) - env: - CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} - continue-on-error: true - uses: actions/upload-artifact@v3 with: name: artifacts