From 0ecbcc0ce4254f14fa297262facb3c8684abfd9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marius=20Co=C8=9Bofan=C4=83?= Date: Fri, 11 Apr 2025 11:14:00 +0200 Subject: [PATCH 1/8] SEC-3079 Pin workflow action versions (#197) --- .github/workflows/check.yml | 12 ++++++------ .github/workflows/publish.yml | 10 +++++----- .github/workflows/repository-maintenance.yml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 9fd99f2..fb00a7b 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -14,23 +14,23 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: temurin java-version: 21 - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v1.0.6 + uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6 - name: Checkstyle - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # v2.12.0 with: arguments: checkstyleMain checkstyleTest - name: PMD - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # v2.12.0 with: arguments: pmdMain pmdTest - name: Test - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # v2.12.0 with: arguments: test diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e4be58b..2e01b77 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,20 +12,20 @@ jobs: needs: check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: temurin java-version: 21 - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v1.0.6 + uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6 - name: Build sourcesJar and javadocJar - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # v2.12.0 with: arguments: sourcesJar javadocJar - name: Publish to MavenCentral - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # v2.12.0 with: arguments: publishMavenPublicationToSonatypeRepository --max-workers 1 closeAndReleaseSonatypeStagingRepository env: diff --git a/.github/workflows/repository-maintenance.yml b/.github/workflows/repository-maintenance.yml index 4bc7952..db3d309 100644 --- a/.github/workflows/repository-maintenance.yml +++ b/.github/workflows/repository-maintenance.yml @@ -15,8 +15,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v4.2.1 - - uses: actions/setup-java@v4.4.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 name: Setup Java with: distribution: temurin From 48260fa91e4984cb1b2941ef7c9d2f08c568d9be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:10:41 +0200 Subject: [PATCH 2/8] build(deps): bump org.springframework.boot from 3.4.4 to 3.4.5 (#201) Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.4.4 to 3.4.5. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-version: 3.4.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 610468a..0fd36fb 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,6 +1,6 @@ [versions] java = "21" -spring-boot = "3.4.4" +spring-boot = "3.4.5" spring-dependency-management = "1.1.7" openapi-generator = "7.12.0" openapi-tools = "0.2.6" From c6c3ba98cbfee94a3ba8693b709c3cf21e7cd86b Mon Sep 17 00:00:00 2001 From: Patrick Boos Date: Mon, 5 May 2025 14:12:51 +0200 Subject: [PATCH 3/8] v3.1.1 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 46c7e11..e1f45c4 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ apply from: "${rootDir}/gradle/publish-root.gradle" allprojects { group = 'com.getyourguide.openapi.validation' description = 'OpenAPI Validation library' - version = '3.1.0' + version = '3.1.1' java { toolchain { From 897947a78550ba39c474f5e1b77c847bbc11377d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:14:42 +0200 Subject: [PATCH 4/8] build(deps): bump org.openapi.generator from 7.12.0 to 7.13.0 (#200) Bumps org.openapi.generator from 7.12.0 to 7.13.0. --- updated-dependencies: - dependency-name: org.openapi.generator dependency-version: 7.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 0fd36fb..cb0f6fc 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,7 +2,7 @@ java = "21" spring-boot = "3.4.5" spring-dependency-management = "1.1.7" -openapi-generator = "7.12.0" +openapi-generator = "7.13.0" openapi-tools = "0.2.6" swagger = "2.2.29" swagger-request-validator = "2.44.1" From 05eaeb024f6dda3aefe6ed9824262f7594427e85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:15:16 +0200 Subject: [PATCH 5/8] build(deps): bump com.datadoghq:java-dogstatsd-client (#198) Bumps [com.datadoghq:java-dogstatsd-client](https://github.com/DataDog/java-dogstatsd-client) from 4.4.3 to 4.4.4. - [Release notes](https://github.com/DataDog/java-dogstatsd-client/releases) - [Changelog](https://github.com/DataDog/java-dogstatsd-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/DataDog/java-dogstatsd-client/compare/v4.4.3...v4.4.4) --- updated-dependencies: - dependency-name: com.datadoghq:java-dogstatsd-client dependency-version: 4.4.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index cb0f6fc..efd37f0 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -11,7 +11,7 @@ lombok = "1.18.36" commons-codec = "1.18.0" find-bugs = "3.0.2" gradle-nexus-publish-plugin = "2.0.0" -datadog-statsd = "4.4.3" +datadog-statsd = "4.4.4" # Verify checkstyle = "8.44" pmd = "6.55.0" From d73ca95fe78a71d98ef0e2ab584c69d0b393ed12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:15:42 +0200 Subject: [PATCH 6/8] build(deps): bump mockito from 5.16.1 to 5.17.0 (#196) Bumps `mockito` from 5.16.1 to 5.17.0. Updates `org.mockito:mockito-core` from 5.16.1 to 5.17.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.16.1...v5.17.0) Updates `org.mockito:mockito-junit-jupiter` from 5.16.1 to 5.17.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.16.1...v5.17.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-version: 5.17.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-version: 5.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index efd37f0..8d50e9b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -17,7 +17,7 @@ checkstyle = "8.44" pmd = "6.55.0" jacoco = "0.8.7" # Testing -mockito = "5.16.1" +mockito = "5.17.0" junit-jupiter = "5.11.4" [libraries] From af7e22d39c6562c7a1a81181273caaee83a347a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:16:39 +0200 Subject: [PATCH 7/8] build(deps): bump io.swagger.core.v3:swagger-annotations (#195) Bumps io.swagger.core.v3:swagger-annotations from 2.2.29 to 2.2.30. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations dependency-version: 2.2.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 8d50e9b..dfe67eb 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -4,7 +4,7 @@ spring-boot = "3.4.5" spring-dependency-management = "1.1.7" openapi-generator = "7.13.0" openapi-tools = "0.2.6" -swagger = "2.2.29" +swagger = "2.2.30" swagger-request-validator = "2.44.1" jakarta-validation = "3.1.1" lombok = "1.18.36" From 2c0bd0ef7e7f23a9de0692f2f9a3f020610236ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 14:17:34 +0200 Subject: [PATCH 8/8] build(deps): bump org.projectlombok:lombok from 1.18.36 to 1.18.38 (#194) Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.36 to 1.18.38. - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](https://github.com/projectlombok/lombok/compare/v1.18.36...v1.18.38) --- updated-dependencies: - dependency-name: org.projectlombok:lombok dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index dfe67eb..03b03df 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -7,7 +7,7 @@ openapi-tools = "0.2.6" swagger = "2.2.30" swagger-request-validator = "2.44.1" jakarta-validation = "3.1.1" -lombok = "1.18.36" +lombok = "1.18.38" commons-codec = "1.18.0" find-bugs = "3.0.2" gradle-nexus-publish-plugin = "2.0.0"