From 43f5da2846f0c1b83f507b18c2f792da6a490a1e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 6 Feb 2024 14:53:18 +0000 Subject: [PATCH 01/14] fix: upgrade org.graalvm.tools:profiler from 23.0.1 to 23.0.3 Snyk has created this PR to upgrade org.graalvm.tools:profiler from 23.0.1 to 23.0.3. See this package in Maven Repository: https://mvnrepository.com/artifact/org.graalvm.tools/profiler/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index c7cdec605..9cfd57ed0 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -377,7 +377,7 @@ org.graalvm.tools profiler - 23.0.1 + 23.0.3 runtime From 9104b6775bcab609be4024ad937232e73612ccc2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 6 Feb 2024 14:53:21 +0000 Subject: [PATCH 02/14] fix: upgrade org.graalvm.js:js from 23.0.2 to 23.0.3 Snyk has created this PR to upgrade org.graalvm.js:js from 23.0.2 to 23.0.3. See this package in Maven Repository: https://mvnrepository.com/artifact/org.graalvm.js/js/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index c7cdec605..059ac2cfe 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -366,7 +366,7 @@ org.graalvm.js js - 23.0.2 + 23.0.3 runtime From 94d108b729e94881f3d8c5f7de80f4e9234485cd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 6 Feb 2024 18:29:34 +0000 Subject: [PATCH 03/14] fix: upgrade org.graalvm.sdk:graal-sdk from 23.0.2 to 23.1.2 Snyk has created this PR to upgrade org.graalvm.sdk:graal-sdk from 23.0.2 to 23.1.2. See this package in Maven Repository: https://mvnrepository.com/artifact/org.graalvm.sdk/graal-sdk/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/024e32ec-7f80-485c-b7bf-f69d45f933ce?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index c7cdec605..eac6122f5 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -361,7 +361,7 @@ org.graalvm.sdk graal-sdk - 23.0.2 + 23.1.2 org.graalvm.js From f4c5483cccaabb44607b7314e6d62d4ca88faeb1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 8 Feb 2024 01:21:13 +0000 Subject: [PATCH 04/14] fix: upgrade org.graalvm.js:js-scriptengine from 23.0.1 to 23.1.2 Snyk has created this PR to upgrade org.graalvm.js:js-scriptengine from 23.0.1 to 23.1.2. See this package in Maven Repository: https://mvnrepository.com/artifact/org.graalvm.js/js-scriptengine/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index c7cdec605..325095146 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -372,7 +372,7 @@ org.graalvm.js js-scriptengine - 23.0.1 + 23.1.2 org.graalvm.tools From 0329865095812eab4cb1995146a2f98fc98e2e04 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 9 Feb 2024 18:23:33 +0000 Subject: [PATCH 05/14] fix: upgrade io.swagger.parser.v3:swagger-parser from 2.1.19 to 2.1.20 Snyk has created this PR to upgrade io.swagger.parser.v3:swagger-parser from 2.1.19 to 2.1.20. See this package in Maven Repository: https://mvnrepository.com/artifact/io.swagger.parser.v3/swagger-parser/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/d2b50195-8fec-4072-a556-44a8dd42fc9c?utm_source=github&utm_medium=referral&page=upgrade-pr --- adapter-http/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adapter-http/pom.xml b/adapter-http/pom.xml index 6b7e3e60f..2f7ea8cef 100644 --- a/adapter-http/pom.xml +++ b/adapter-http/pom.xml @@ -67,7 +67,7 @@ io.swagger.parser.v3 swagger-parser - 2.1.19 + 2.1.20 io.swagger.core.v3 From 06e6c3a530c0392acae06a2e6fd66b2aea656033 Mon Sep 17 00:00:00 2001 From: Madhavan Sridharan Date: Fri, 9 Feb 2024 17:08:59 -0500 Subject: [PATCH 06/14] upgrade GHA jobs to use node 20 and add dependabot for GHA auto-updates --- .github/dependabot.yml | 13 +++++++++++++ .github/workflows/build.yml | 2 +- .github/workflows/preview.yml | 12 ++++++------ .github/workflows/release.yml | 20 ++++++++++---------- 4 files changed, 30 insertions(+), 17 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..25688a193 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# Set update schedule for GitHub Actions + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 196d6e95e..088a8cf21 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,7 +26,7 @@ jobs: java-version: '21' - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index 82f0b1fe8..ddcfb9770 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -22,10 +22,10 @@ jobs: steps: - name: checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: setup java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'oracle' java-version: '21' @@ -47,7 +47,7 @@ jobs: df -h - name: Cache Maven packages - uses: actions/cache@v3.2.3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} @@ -70,16 +70,16 @@ jobs: mvn clean verify -Drevision="${{ env.PREVIEW_VERSION }}" - name: Setup docker buildx - uses: docker/setup-buildx-action@v2.2.1 + uses: docker/setup-buildx-action@v3 - name: docker hub login - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: docker test build - uses: docker/build-push-action@v3.3.0 + uses: docker/build-push-action@v5 with: context: . file: Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8e2e7cddb..92b7dec7f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,10 +19,10 @@ jobs: steps: - name: checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: setup java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'oracle' java-version: '21' @@ -44,7 +44,7 @@ jobs: df -h - name: Cache Maven packages - uses: actions/cache@v3.2.3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} @@ -65,10 +65,10 @@ jobs: mvn clean package -Drevision="${{ env.RELEASE_VERSION }}" -P enable-container-tests - name: Setup docker buildx - uses: docker/setup-buildx-action@v2.2.1 + uses: docker/setup-buildx-action@v3 - name: docker hub login - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -95,7 +95,7 @@ jobs: cp nb5/target/nb5.jar nb5/target/nb5 staging - name: upload artifacts - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: binaries path: staging @@ -105,7 +105,7 @@ jobs: # continue-on-error: false # # - name: upload javadoc - # uses: actions/upload-artifact@v3 + # uses: actions/upload-artifact@v4 # with: # name: javadoc # path: target/nosqlbench-*-javadoc.jar @@ -115,7 +115,7 @@ jobs: scripts/bump-minor-version - name: docker push to hub - uses: docker/build-push-action@v3.3.0 + uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 @@ -178,7 +178,7 @@ jobs: - name: Archive Test Results if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: test-results path: | @@ -193,7 +193,7 @@ jobs: # - name: set git email # run: git config --global user.name "${{ secrets.NBDROID_NAME }}" # - name: download javadocs -# uses: actions/download-artifact@v3 +# uses: actions/download-artifact@v4 # with: # name: javadoc # - run: ls -la From 3908bc6222b73a2600fa3ead2c41efbb118ebde2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 11 Feb 2024 00:45:37 +0000 Subject: [PATCH 07/14] fix: upgrade io.netty:netty-handler from 4.1.105.Final to 4.1.106.Final Snyk has created this PR to upgrade io.netty:netty-handler from 4.1.105.Final to 4.1.106.Final. See this package in Maven Repository: https://mvnrepository.com/artifact/io.netty/netty-handler/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index d136810d1..9b32b8dfe 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -188,7 +188,7 @@ io.netty netty-handler - 4.1.105.Final + 4.1.106.Final io.netty From 093a476adf6ca2d6d9adcd7e3c3e45d8c5905ad4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 11 Feb 2024 17:47:56 +0000 Subject: [PATCH 08/14] fix: upgrade io.dropwizard.metrics:metrics-graphite from 4.2.23 to 4.2.24 Snyk has created this PR to upgrade io.dropwizard.metrics:metrics-graphite from 4.2.23 to 4.2.24. See this package in Maven Repository: https://mvnrepository.com/artifact/io.dropwizard.metrics/metrics-graphite/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index d136810d1..e652c9521 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -122,7 +122,7 @@ io.dropwizard.metrics metrics-graphite - 4.2.23 + 4.2.24 io.dropwizard.metrics From 0b33022f87d7a46773af7dd1b980108f6056256f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 11 Feb 2024 17:47:59 +0000 Subject: [PATCH 09/14] fix: upgrade io.dropwizard.metrics:metrics-core from 4.2.23 to 4.2.24 Snyk has created this PR to upgrade io.dropwizard.metrics:metrics-core from 4.2.23 to 4.2.24. See this package in Maven Repository: https://mvnrepository.com/artifact/io.dropwizard.metrics/metrics-core/ See this project in Snyk: https://app.snyk.io/org/nosqlbench/project/6a966a50-08ee-405a-ae9a-1cfab95ff2c5?utm_source=github&utm_medium=referral&page=upgrade-pr --- mvn-defaults/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mvn-defaults/pom.xml b/mvn-defaults/pom.xml index d136810d1..5433004ea 100644 --- a/mvn-defaults/pom.xml +++ b/mvn-defaults/pom.xml @@ -127,7 +127,7 @@ io.dropwizard.metrics metrics-core - 4.2.23 + 4.2.24 org.apache.commons From fa65c7c10dacfb50aa0f821f1a59b58f80f9893d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:55:02 +0000 Subject: [PATCH 10/14] Bump docker/build-push-action from 3.3.0 to 5.1.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.3.0 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3.3.0...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/preview.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index ddcfb9770..2e5da43c6 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -79,7 +79,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: docker test build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v5.1.0 with: context: . file: Dockerfile @@ -130,7 +130,7 @@ jobs: scripts/bump-minor-version - name: docker push to hub - uses: docker/build-push-action@v3.3.0 + uses: docker/build-push-action@v5.1.0 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 92b7dec7f..ca97ccbc8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,7 +74,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: docker test build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5.1.0 with: context: . file: Dockerfile @@ -115,7 +115,7 @@ jobs: scripts/bump-minor-version - name: docker push to hub - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v5.1.0 with: context: . platforms: linux/amd64,linux/arm64 From 8d20456fcaa7a53d4e6e4b959320deb0eb329d67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:55:05 +0000 Subject: [PATCH 11/14] Bump actions/upload-artifact from 1 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v1...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index ddcfb9770..49477cf14 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -100,7 +100,7 @@ jobs: cp nb5/target/nb5.jar nb5/target/nb5 staging - name: upload artifacts - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: binaries path: staging From c477a831e8a305e3ecfbccdf10b11d2a748ca8a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:55:09 +0000 Subject: [PATCH 12/14] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 306d6580c..132574cf3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: java-version: '21' - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 5a4dcb7d2181b15eab92c9f539e1e8cc2fdf1d76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:55:14 +0000 Subject: [PATCH 13/14] Bump actions/setup-java from 3 to 4 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 306d6580c..62cc93805 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: distribution: 'oracle' java-version: '21' From a7c0b38b822b472331c99b15e31b21a930c8be15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:55:19 +0000 Subject: [PATCH 14/14] Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 306d6580c..4240e67f5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -63,7 +63,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -77,4 +77,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3