Merge branch 'main' into gradle-cache-config

trask · web-flow · commit 7cceb8f3e395 · 2025-09-08T09:44:15.000-07:00
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -190,6 +190,16 @@
         'npx (?<depName>[^@]+)@(?<currentValue>[^\\s]+)',
       ],
     },
+    {
+      customType: 'regex',
+      datasourceTemplate: 'npm',
+      managerFilePatterns: [
+        '.github/workflows/**',
+      ],
+      matchStrings: [
+        'npm install (?<depName>[^@\\s]+)@(?<currentValue>[^\\s]+)',
+      ],
+    },
     {
       customType: 'regex',
       datasourceTemplate: 'java-version',
diff --git a/.github/workflows/assign-issue-owners.yml b/.github/workflows/assign-issue-owners.yml
@@ -20,10 +20,10 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install js-yaml
-        run: npm install js-yaml
+        run: npm install js-yaml@4.1.0
 
       - name: Parse component label and assign owners
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             const fs = require('fs');
diff --git a/.github/workflows/assign-reviewers.yml b/.github/workflows/assign-reviewers.yml
@@ -18,6 +18,6 @@ jobs:
       pull-requests: write  # for assigning reviewers
     runs-on: ubuntu-latest
     steps:
-      - uses: open-telemetry/assign-reviewers-action@2f4f06ccc561740d5094d9ca5e66dc2392d13e8f # main
+      - uses: dyladan/component-owners@58bd86e9814d23f1525d0a970682cead459fa783 # v0.1.0
         with:
           config-file: .github/component_owners.yml
diff --git a/.github/workflows/build-common.yml b/.github/workflows/build-common.yml
@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up JDK for running Gradle
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: temurin
           java-version: 17
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -50,7 +50,7 @@ jobs:
         uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
+        uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the latest Kotlin support
@@ -65,6 +65,6 @@ jobs:
         run: ./gradlew assemble --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
+        uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up JDK for running Gradle
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: temurin
           java-version: 17
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -52,6 +52,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
+        uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1
         with:
           sarif_file: results.sarif
diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts
@@ -51,7 +51,7 @@ dependencies {
     api("org.bouncycastle:bcpkix-jdk15on:1.70")
     api("org.junit-pioneer:junit-pioneer:1.9.1")
     api("org.skyscreamer:jsonassert:1.5.3")
-    api("org.apache.kafka:kafka-clients:4.0.0")
+    api("org.apache.kafka:kafka-clients:4.1.0")
     api("org.testcontainers:kafka:1.21.3")
     api("com.lmax:disruptor:3.4.4")
     api("org.jctools:jctools-core:4.0.5")
diff --git a/disk-buffering/build.gradle.kts b/disk-buffering/build.gradle.kts
@@ -6,7 +6,7 @@ plugins {
   id("otel.animalsniffer-conventions")
   id("com.gradleup.shadow")
   id("me.champeau.jmh") version "0.7.3"
-  id("com.squareup.wire") version "5.3.11"
+  id("com.squareup.wire") version "5.4.0"
 }
 
 description = "Exporter implementations that store signals on disk"
diff --git a/gcp-auth-extension/build.gradle.kts b/gcp-auth-extension/build.gradle.kts
@@ -24,7 +24,7 @@ dependencies {
   compileOnly("io.opentelemetry:opentelemetry-exporter-otlp")
 
   // Only dependencies added to `implementation` configuration will be picked up by Shadow plugin
-  implementation("com.google.auth:google-auth-library-oauth2-http:1.38.0")
+  implementation("com.google.auth:google-auth-library-oauth2-http:1.39.0")
 
   // Test dependencies
   testCompileOnly("com.google.auto.service:auto-service-annotations")
diff --git a/ibm-mq-metrics/build.gradle.kts b/ibm-mq-metrics/build.gradle.kts
@@ -33,7 +33,7 @@ dependencies {
   api("io.swagger:swagger-annotations:1.6.16")
   api("org.jetbrains:annotations:26.0.2-1")
   api("com.ibm.mq:com.ibm.mq.allclient:9.4.3.1")
-  api("org.yaml:snakeyaml:2.4")
+  api("org.yaml:snakeyaml:2.5")
   api("com.fasterxml.jackson.core:jackson-databind:2.19.2")
   api("io.opentelemetry:opentelemetry-sdk")
   api("io.opentelemetry:opentelemetry-exporter-otlp")
diff --git a/opamp-client/build.gradle.kts b/opamp-client/build.gradle.kts
@@ -6,7 +6,7 @@ plugins {
   id("otel.java-conventions")
   id("otel.publish-conventions")
   id("otel.animalsniffer-conventions")
-  id("com.squareup.wire") version "5.3.11"
+  id("com.squareup.wire") version "5.4.0"
 }
 
 description = "Client implementation of the OpAMP spec."
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -1,6 +1,6 @@
 pluginManagement {
   plugins {
-    id("com.gradleup.shadow") version "9.0.2"
+    id("com.gradleup.shadow") version "9.1.0"
     id("io.github.gradle-nexus.publish-plugin") version "2.0.0"
     id("com.gradle.develocity") version "4.1.1"
   }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ plugins {`
`6`	`6`	`id("otel.animalsniffer-conventions")`
`7`	`7`	`id("com.gradleup.shadow")`
`8`	`8`	`id("me.champeau.jmh") version "0.7.3"`
`9`		`- id("com.squareup.wire") version "5.3.11"`
	`9`	`+ id("com.squareup.wire") version "5.4.0"`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`description = "Exporter implementations that store signals on disk"`