From 77040967501d8d7a69a8dc51ee59d395d14a4bc5 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 12 Sep 2025 07:18:29 -0700 Subject: [PATCH 1/2] Pin npm hash --- .github/renovate.json5 | 10 --------- .github/scripts/package-lock.json | 27 +++++++++++++++++++++++ .github/scripts/package.json | 9 ++++++++ .github/workflows/assign-issue-owners.yml | 4 ++-- 4 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 .github/scripts/package-lock.json create mode 100644 .github/scripts/package.json diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6a0416b696..c6a64fbe08 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -198,16 +198,6 @@ 'npx (?[^@]+)@(?[^\\s]+)', ], }, - { - customType: 'regex', - datasourceTemplate: 'npm', - managerFilePatterns: [ - '.github/workflows/**', - ], - matchStrings: [ - 'npm install (?[^@\\s]+)@(?[^\\s]+)', - ], - }, { customType: 'regex', datasourceTemplate: 'java-version', diff --git a/.github/scripts/package-lock.json b/.github/scripts/package-lock.json new file mode 100644 index 0000000000..513b765cab --- /dev/null +++ b/.github/scripts/package-lock.json @@ -0,0 +1,27 @@ +{ + "name": "github-scripts", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "github-scripts", + "version": "1.0.0", + "dependencies": { + "yaml": "2.8.0" + } + }, + "node_modules/yaml": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.0.tgz", + "integrity": "sha512-4lLa/EcQCB0cJkyts+FpIRx5G/llPxfP6VQU5KByHEhLxY3IJCH0f0Hy1MHI8sClTvsIb8qwRJ6R/ZdlDJ/leQ==", + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + } + } + } +} diff --git a/.github/scripts/package.json b/.github/scripts/package.json new file mode 100644 index 0000000000..7477003a2d --- /dev/null +++ b/.github/scripts/package.json @@ -0,0 +1,9 @@ +{ + "//": "Dependencies for GitHub Actions workflows that use actions/github-script", + "name": "github-scripts", + "version": "1.0.0", + "private": true, + "dependencies": { + "yaml": "2.8.0" + } +} diff --git a/.github/workflows/assign-issue-owners.yml b/.github/workflows/assign-issue-owners.yml index 11965eae58..7d7acba676 100644 --- a/.github/workflows/assign-issue-owners.yml +++ b/.github/workflows/assign-issue-owners.yml @@ -19,8 +19,8 @@ jobs: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install yaml - run: npm install yaml@2.8.1 + - name: Install yaml dependency used below + run: npm install .github/scripts - name: Parse component label and assign owners uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 From 208193144ff7751116af4c52cd243f773b5b7ac9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 01:44:30 +0000 Subject: [PATCH 2/2] fix(deps): update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.20.0-alpha --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 637f8fbac9..015c3b7737 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -2,7 +2,7 @@ plugins { `java-platform` } -val otelInstrumentationVersion = "2.19.0-alpha" +val otelInstrumentationVersion = "2.20.0-alpha" val semconvVersion = "1.37.0" javaPlatform {