diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6a0416b69..c6a64fbe0 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -198,16 +198,6 @@ 'npx (?[^@]+)@(?[^\\s]+)', ], }, - { - customType: 'regex', - datasourceTemplate: 'npm', - managerFilePatterns: [ - '.github/workflows/**', - ], - matchStrings: [ - 'npm install (?[^@\\s]+)@(?[^\\s]+)', - ], - }, { customType: 'regex', datasourceTemplate: 'java-version', diff --git a/.github/scripts/package-lock.json b/.github/scripts/package-lock.json new file mode 100644 index 000000000..f364e1106 --- /dev/null +++ b/.github/scripts/package-lock.json @@ -0,0 +1,27 @@ +{ + "name": "github-scripts", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "github-scripts", + "version": "1.0.0", + "dependencies": { + "yaml": "2.8.1" + } + }, + "node_modules/yaml": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", + "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + } + } + } +} diff --git a/.github/scripts/package.json b/.github/scripts/package.json new file mode 100644 index 000000000..efca3b345 --- /dev/null +++ b/.github/scripts/package.json @@ -0,0 +1,9 @@ +{ + "//": "Dependencies for GitHub Actions workflows that use actions/github-script", + "name": "github-scripts", + "version": "1.0.0", + "private": true, + "dependencies": { + "yaml": "2.8.1" + } +} diff --git a/.github/workflows/assign-issue-owners.yml b/.github/workflows/assign-issue-owners.yml index 11965eae5..7d7acba67 100644 --- a/.github/workflows/assign-issue-owners.yml +++ b/.github/workflows/assign-issue-owners.yml @@ -19,8 +19,8 @@ jobs: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install yaml - run: npm install yaml@2.8.1 + - name: Install yaml dependency used below + run: npm install .github/scripts - name: Parse component label and assign owners uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 diff --git a/.github/workflows/auto-spotless-apply.yml b/.github/workflows/auto-spotless-apply.yml index 36da59e0d..b363b4977 100644 --- a/.github/workflows/auto-spotless-apply.yml +++ b/.github/workflows/auto-spotless-apply.yml @@ -32,7 +32,7 @@ jobs: echo "exists=true" >> $GITHUB_OUTPUT fi - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 if: steps.unzip-patch.outputs.exists == 'true' id: otelbot-token with: diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 582a82f3f..a798378c6 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -29,7 +29,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-bot.sh - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index e939d15ee..c186d16e2 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: create-token with: # analyzing classic branch protections requires a token with admin read permissions diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml index a6d2a64aa..70bfd208a 100644 --- a/.github/workflows/prepare-patch-release.yml +++ b/.github/workflows/prepare-patch-release.yml @@ -47,7 +47,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-bot.sh - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml index f1c5160d5..58c5dc8bb 100644 --- a/.github/workflows/prepare-release-branch.yml +++ b/.github/workflows/prepare-release-branch.yml @@ -59,7 +59,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-bot.sh - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} @@ -116,7 +116,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-bot.sh - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 22b40d3b3..68800fa37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -224,7 +224,7 @@ jobs: java-version: 17 - name: Set up Gradle - uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Update apidiff baseline env: @@ -237,7 +237,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-bot.sh - - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts index 48f443d67..2c2cca8f0 100644 --- a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts +++ b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts @@ -153,7 +153,7 @@ testing { implementation(enforcedPlatform("org.junit:junit-bom:5.13.4")) implementation(enforcedPlatform("org.testcontainers:testcontainers-bom:1.21.3")) implementation(enforcedPlatform("com.google.guava:guava-bom:33.4.8-jre")) - implementation(enforcedPlatform("com.linecorp.armeria:armeria-bom:1.33.2")) + implementation(enforcedPlatform("com.linecorp.armeria:armeria-bom:1.33.3")) compileOnly("com.google.auto.value:auto-value-annotations") compileOnly("com.google.errorprone:error_prone_annotations") diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 637f8fbac..481f978e6 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -45,8 +45,8 @@ dependencies { api("com.google.code.findbugs:annotations:3.0.1u2") api("com.google.code.findbugs:jsr305:3.0.2") - api("com.uber.nullaway:nullaway:0.12.9") - api("org.assertj:assertj-core:3.27.4") + api("com.uber.nullaway:nullaway:0.12.10") + api("org.assertj:assertj-core:3.27.5") api("org.awaitility:awaitility:4.3.0") api("org.bouncycastle:bcpkix-jdk15on:1.70") api("org.junit-pioneer:junit-pioneer:1.9.1") diff --git a/gcp-auth-extension/build.gradle.kts b/gcp-auth-extension/build.gradle.kts index 9803ef080..d7e99ad30 100644 --- a/gcp-auth-extension/build.gradle.kts +++ b/gcp-auth-extension/build.gradle.kts @@ -24,7 +24,7 @@ dependencies { compileOnly("io.opentelemetry:opentelemetry-exporter-otlp") // Only dependencies added to `implementation` configuration will be picked up by Shadow plugin - implementation("com.google.auth:google-auth-library-oauth2-http:1.39.0") + implementation("com.google.auth:google-auth-library-oauth2-http:1.39.1") // Test dependencies testCompileOnly("com.google.auto.service:auto-service-annotations") diff --git a/ibm-mq-metrics/build.gradle.kts b/ibm-mq-metrics/build.gradle.kts index 2370f2893..8645c6d39 100644 --- a/ibm-mq-metrics/build.gradle.kts +++ b/ibm-mq-metrics/build.gradle.kts @@ -42,7 +42,7 @@ dependencies { implementation("org.slf4j:slf4j-simple:2.0.17") testImplementation("com.google.guava:guava") testImplementation("io.opentelemetry:opentelemetry-sdk-testing") - integrationTestImplementation("org.assertj:assertj-core:3.27.4") + integrationTestImplementation("org.assertj:assertj-core:3.27.5") integrationTestImplementation("org.junit.jupiter:junit-jupiter-api:5.13.4") integrationTestImplementation("io.opentelemetry:opentelemetry-sdk-testing") integrationTestImplementation("com.ibm.mq:com.ibm.mq.jakarta.client:9.4.3.1") diff --git a/maven-extension/src/test/resources/projects/springboot_1/pom.xml b/maven-extension/src/test/resources/projects/springboot_1/pom.xml index d1c65f6d0..16201b2d9 100644 --- a/maven-extension/src/test/resources/projects/springboot_1/pom.xml +++ b/maven-extension/src/test/resources/projects/springboot_1/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.5.5 + 3.5.6 io.opentelemetry.contrib.maven.test diff --git a/maven-extension/src/test/resources/projects/springboot_2/pom.xml b/maven-extension/src/test/resources/projects/springboot_2/pom.xml index e46320f27..7b594aa8d 100644 --- a/maven-extension/src/test/resources/projects/springboot_2/pom.xml +++ b/maven-extension/src/test/resources/projects/springboot_2/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.5.5 + 3.5.6 io.opentelemetry.contrib.maven.test