diff --git a/.github/workflows/auto-spotless-check.yml b/.github/workflows/auto-spotless-check.yml index 755959dbf..69e9763bb 100644 --- a/.github/workflows/auto-spotless-check.yml +++ b/.github/workflows/auto-spotless-check.yml @@ -25,7 +25,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: cache-read-only: true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 260b56660..afef1c49a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: cache-read-only: ${{ github.event_name == 'pull_request' }} - name: Gradle build and test @@ -85,7 +85,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: cache-read-only: ${{ github.event_name == 'pull_request' }} - name: Gradle test @@ -107,7 +107,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: cache-read-only: ${{ github.event_name == 'pull_request' }} @@ -166,7 +166,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 # skipping release branches because the versions in those branches are not snapshots # (also this skips pull requests) if: ${{ github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java-contrib' }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6620ca513..f069746df 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -47,10 +47,10 @@ jobs: - name: Set up gradle if: matrix.language == 'java' - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: languages: ${{ matrix.language }} # using "latest" helps to keep up with the latest Kotlin support @@ -65,6 +65,6 @@ jobs: run: ./gradlew assemble --no-build-cache --no-daemon - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 75c7728cd..7d7c04a90 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -17,4 +17,4 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: gradle/actions/wrapper-validation@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 732f62642..4f5823845 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: sarif_file: results.sarif diff --git a/.github/workflows/owasp-dependency-check-daily.yml b/.github/workflows/owasp-dependency-check-daily.yml index a026cb498..a0a0134b1 100644 --- a/.github/workflows/owasp-dependency-check-daily.yml +++ b/.github/workflows/owasp-dependency-check-daily.yml @@ -27,7 +27,7 @@ jobs: run: | sed -i "s/org.gradle.jvmargs=/org.gradle.jvmargs=-Xmx3g /" gradle.properties - - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - run: ./gradlew dependencyCheckAnalyze env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 961e585b9..2bac541ea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Gradle build run: ./gradlew build @@ -41,7 +41,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Integration test run: ./gradlew integrationTest @@ -124,7 +124,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Build and publish artifacts run: ./gradlew assemble publishToSonatype closeAndReleaseSonatypeStagingRepository env: diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 4603adb07..7ce9ef36a 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -45,8 +45,8 @@ dependencies { api("com.google.code.findbugs:annotations:3.0.1u2") api("com.google.code.findbugs:jsr305:3.0.2") - api("com.uber.nullaway:nullaway:0.12.7") - api("org.assertj:assertj-core:3.27.3") + api("com.uber.nullaway:nullaway:0.12.8") + api("org.assertj:assertj-core:3.27.4") api("org.awaitility:awaitility:4.3.0") api("org.bouncycastle:bcpkix-jdk15on:1.70") api("org.junit-pioneer:junit-pioneer:1.9.1") diff --git a/disk-buffering/build.gradle.kts b/disk-buffering/build.gradle.kts index 8250c1bdf..8d78c9df8 100644 --- a/disk-buffering/build.gradle.kts +++ b/disk-buffering/build.gradle.kts @@ -7,7 +7,7 @@ plugins { id("com.github.johnrengelman.shadow") id("me.champeau.jmh") version "0.7.3" id("ru.vyarus.animalsniffer") version "2.0.1" - id("com.squareup.wire") version "5.3.5" + id("com.squareup.wire") version "5.3.8" } description = "Exporter implementations that store signals on disk" diff --git a/opamp-client/build.gradle.kts b/opamp-client/build.gradle.kts index e41d1fff9..416f9d72f 100644 --- a/opamp-client/build.gradle.kts +++ b/opamp-client/build.gradle.kts @@ -5,7 +5,7 @@ import java.net.URL plugins { id("otel.java-conventions") id("de.undercouch.download") version "5.6.0" - id("com.squareup.wire") version "5.3.5" + id("com.squareup.wire") version "5.3.8" } description = "Client implementation of the OpAMP spec."