Skip to content

Combined dependencies PR#9005

Merged
eddumelendez merged 29 commits intomainfrom
combined-pr-branch
Jul 26, 2024
Merged

Combined dependencies PR#9005
eddumelendez merged 29 commits intomainfrom
combined-pr-branch

Conversation

@eddumelendez
Copy link
Member

@eddumelendez eddumelendez commented Jul 26, 2024

Combining multiple dependencies PRs into one.

Instructions for merging
  • Use a merge commit, so that GitHub will mark all original PRs as merged.
  • If your repository does not have merge commits enabled, please temporarily enable them in settings. Tick Allow merge commits in the repository settings.
  • When ready, merge this PR using Create a merge commit.

Combined PRs

dependabot bot and others added 29 commits May 27, 2024 22:47
@dependabot
Bump redis.clients:jedis from 5.1.0 to 5.1.3 in /examples
c944eff 
Bumps [redis.clients:jedis](https://github.com/redis/jedis) from 5.1.0 to 5.1.3.
- [Release notes](https://github.com/redis/jedis/releases)
- [Commits](redis/jedis@v5.1.0...v5.1.3)

---
updated-dependencies:
- dependency-name: redis.clients:jedis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.postgresql:postgresql from 42.7.1 to 42.7.3 in /examples
172f650 
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.1 to 42.7.3.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.1...REL42.7.3)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump io.lettuce:lettuce-core in /examples
dd229a7 
Bumps [io.lettuce:lettuce-core](https://github.com/lettuce-io/lettuce-core) from 6.3.1.RELEASE to 6.3.2.RELEASE.
- [Release notes](https://github.com/lettuce-io/lettuce-core/releases)
- [Changelog](https://github.com/redis/lettuce/blob/6.3.2.RELEASE/RELEASE-NOTES.md)
- [Commits](redis/lettuce@6.3.1.RELEASE...6.3.2.RELEASE)

---
updated-dependencies:
- dependency-name: io.lettuce:lettuce-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump io.fabric8:kubernetes-client from 6.12.1 to 6.13.0 in /modules/k3s
d175c5c 
Bumps [io.fabric8:kubernetes-client](https://github.com/fabric8io/kubernetes-client) from 6.12.1 to 6.13.0.
- [Release notes](https://github.com/fabric8io/kubernetes-client/releases)
- [Changelog](https://github.com/fabric8io/kubernetes-client/blob/main/CHANGELOG.md)
- [Commits](fabric8io/kubernetes-client@v6.12.1...v6.13.0)

---
updated-dependencies:
- dependency-name: io.fabric8:kubernetes-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.activemq:artemis-jakarta-client in /modules/activemq
625c94f 
Bumps org.apache.activemq:artemis-jakarta-client from 2.33.0 to 2.35.0.

---
updated-dependencies:
- dependency-name: org.apache.activemq:artemis-jakarta-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.assertj:assertj-core from 3.25.3 to 3.26.3 in /modules/milvus
6897b39 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.neo4j.driver:neo4j-java-driver in /examples
178b4cf 
Bumps [org.neo4j.driver:neo4j-java-driver](https://github.com/neo4j/neo4j-java-driver) from 4.4.13 to 4.4.18.
- [Release notes](https://github.com/neo4j/neo4j-java-driver/releases)
- [Commits](neo4j/neo4j-java-driver@4.4.13...4.4.18)

---
updated-dependencies:
- dependency-name: org.neo4j.driver:neo4j-java-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.projectlombok:lombok from 1.18.30 to 1.18.34 in /examples
c749f94 
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.30 to 1.18.34.
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.30...v1.18.34)

---
updated-dependencies:
- dependency-name: org.projectlombok:lombok
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.kafka:kafka-clients from 3.6.1 to 3.7.1 in /examples
fa33a8c 
Bumps org.apache.kafka:kafka-clients from 3.6.1 to 3.7.1.

---
updated-dependencies:
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.junit.platform:junit-platform-launcher in /modules/spock
3ba40ab 
Bumps [org.junit.platform:junit-platform-launcher](https://github.com/junit-team/junit5) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/commits)

---
updated-dependencies:
- dependency-name: org.junit.platform:junit-platform-launcher
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.assertj:assertj-core in /modules/localstack
68361a3 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump com.amazonaws:aws-java-sdk-dynamodb in /modules/dynalite
ba5db14 
Bumps [com.amazonaws:aws-java-sdk-dynamodb](https://github.com/aws/aws-sdk-java) from 1.12.763 to 1.12.765.
- [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md)
- [Commits](aws/aws-sdk-java@1.12.763...1.12.765)

---
updated-dependencies:
- dependency-name: com.amazonaws:aws-java-sdk-dynamodb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.assertj:assertj-core in /modules/localstack
b52809b 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.0.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.25.3...assertj-build-3.26.0)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump io.trino:trino-jdbc from 452 to 453 in /modules/trino
5268d5f 
Bumps io.trino:trino-jdbc from 452 to 453.

---
updated-dependencies:
- dependency-name: io.trino:trino-jdbc
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump com.google.guava:guava from 33.2.0-jre to 33.2.1-jre in /core
9ebac53 
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.0-jre to 33.2.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/dynali…
7a20dca 
…te/com.amazonaws-aws-java-sdk-dynamodb-1.12.765' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/locals…
b3819e7 
…tack/org.assertj-assertj-core-3.26.3' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/milvus…
b74730a 
…/org.assertj-assertj-core-3.26.3' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/spock/…
cae3926 
…org.junit.platform-junit-platform-launcher-1.10.3' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/active…
96c7507 
…mq/org.apache.activemq-artemis-jakarta-client-2.35.0' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/org.a…
f7dacfa 
…pache.kafka-kafka-clients-3.7.1' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/org.p…
bf9a89f 
…rojectlombok-lombok-1.18.34' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/org.n…
bfa9fab 
…eo4j.driver-neo4j-java-driver-4.4.18' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/k3s/io…
c671b57 
….fabric8-kubernetes-client-6.13.0' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/core/com.googl…
913cea8 
…e.guava-guava-33.2.1-jre' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/io.le…
b957c9e 
…ttuce-lettuce-core-6.3.2.RELEASE' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/org.p…
2791c38 
…ostgresql-postgresql-42.7.3' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/examples/redis…
fd92466 
….clients-jedis-5.1.3' into combined-pr-branch
@eddumelendez
Merge remote-tracking branch 'origin/dependabot/gradle/modules/locals…
ab243d6 
…tack/org.assertj-assertj-core-3.26.0' into combined-pr-branch
@eddumelendez eddumelendez requested a review from a team July 26, 2024 08:24
@eddumelendez eddumelendez added the dependencies Pull requests that update a dependency file label Jul 26, 2024
@eddumelendez eddumelendez added this to the next milestone Jul 26, 2024
@artur-ciocanu
Copy link

artur-ciocanu commented Jul 26, 2024
edited
Loading

@eddumelendez I was wondering if we can include Apache Commons Compress upgrade to 1.26.2 instead of 1.24.0. There are a couple of CVEs relate to 1.24.0: https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.24.0.

I was about to open a PR, but it seems that you already have a process in place, hence my comment.

@eddumelendez
Copy link
Member Author

eddumelendez commented Jul 26, 2024

@artur-ciocanu check this comment about why not upgrading for now.

@eddumelendez eddumelendez merged commit da05109 into main Jul 26, 2024
@eddumelendez eddumelendez deleted the combined-pr-branch branch July 26, 2024 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file modules/activemq modules/dynalite modules/k3s modules/localstack modules/milvus modules/spock Spock Extension modules/trino

Projects

None yet

Milestone

1.20.1

Development

Successfully merging this pull request may close these issues.

2 participants

@eddumelendez @artur-ciocanu