Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update requirements.txt to address dependabot security alerts. (#1936) #461

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/.OwlBot.lock.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2023 Google LLC
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -13,4 +13,5 @@
# limitations under the License.
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
digest: sha256:e62f3ea524b11c1cd6ff7f80362736d86c0056631346b5b106a421686fce2726
digest: sha256:084ad4c60551b075846bcb2405ec1c14b0d00ec1eb5503d4dd0d2a92cdc2d3e2
# created: 2024-03-15T14:33:32.257974519Z
9 changes: 7 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,15 @@ updates:
schedule:
interval: "daily"
# Disable version updates for Maven dependencies
open-pull-requests-limit: 0
# we use renovate-bot as well as shared-dependencies BOM to update maven dependencies.
ignore:
- dependency-name: "*"
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "daily"
# Disable version updates for pip dependencies
open-pull-requests-limit: 0
# If a security vulnerability comes in, we will be notified about
# it via template in the synthtool repository.
ignore:
- dependency-name: "*"
1 change: 1 addition & 0 deletions .github/release-trigger.yml
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
enabled: true
multiScmName: java-pubsublite-kafka
48 changes: 41 additions & 7 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,39 @@ jobs:
strategy:
fail-fast: false
matrix:
java: [8, 11, 17]
java: [11, 17, 21]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: ${{matrix.java}}
- run: java -version
- run: .kokoro/build.sh
env:
JOB_TYPE: test
units-java8:
# Building using Java 17 and run the tests with Java 8 runtime
name: "units (8)"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: 8
distribution: temurin
- name: "Set jvm system property environment variable for surefire plugin (unit tests)"
# Maven surefire plugin (unit tests) allows us to specify JVM to run the tests.
# https://maven.apache.org/surefire/maven-surefire-plugin/test-mojo.html#jvm
run: echo "SUREFIRE_JVM_OPT=-Djvm=${JAVA_HOME}/bin/java" >> $GITHUB_ENV
shell: bash
- uses: actions/setup-java@v3
with:
java-version: 17
distribution: temurin
- run: .kokoro/build.sh
env:
JOB_TYPE: test
windows:
runs-on: windows-latest
steps:
Expand All @@ -44,7 +66,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: 8
- run: java -version
- run: .kokoro/build.bat
Expand All @@ -54,22 +76,34 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
java: [8, 11, 17]
java: [17]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: ${{matrix.java}}
- run: java -version
- run: .kokoro/dependencies.sh
javadoc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- run: java -version
- run: .kokoro/build.sh
env:
JOB_TYPE: javadoc
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: 11
- run: java -version
- run: .kokoro/build.sh
Expand All @@ -81,7 +115,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: 8
- run: java -version
- run: .kokoro/build.sh
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/renovate_config_check.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Renovate Bot Config Validation

on:
pull_request:
paths:
- 'renovate.json'

jobs:
renovate_bot_config_validation:
runs-on: ubuntu-22.04

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20'

- name: Install Renovate and Config Validator
run: |
npm install -g npm@latest
npm install --global renovate
renovate-config-validator
2 changes: 1 addition & 1 deletion .github/workflows/samples.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: zulu
distribution: temurin
java-version: 8
- name: Run checkstyle
run: mvn -P lint --quiet --batch-mode checkstyle:check
Expand Down
1 change: 1 addition & 0 deletions .kokoro/nightly/integration.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,4 @@ env_vars: {
key: "SECRET_MANAGER_KEYS"
value: "java-it-service-account"
}

1 change: 1 addition & 0 deletions .kokoro/nightly/java11-integration.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,4 @@ env_vars: {
key: "SECRET_MANAGER_KEYS"
value: "java-it-service-account"
}

2 changes: 1 addition & 1 deletion .kokoro/presubmit/graalvm-native-17.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# Configure the docker image for kokoro-trampoline.
env_vars: {
key: "TRAMPOLINE_IMAGE"
value: "gcr.io/cloud-devrel-kokoro-resources/graalvm17:22.3.0"
value: "gcr.io/cloud-devrel-kokoro-resources/graalvm17:22.3.3"
}

env_vars: {
Expand Down
2 changes: 1 addition & 1 deletion .kokoro/presubmit/graalvm-native.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# Configure the docker image for kokoro-trampoline.
env_vars: {
key: "TRAMPOLINE_IMAGE"
value: "gcr.io/cloud-devrel-kokoro-resources/graalvm:22.3.0"
value: "gcr.io/cloud-devrel-kokoro-resources/graalvm:22.3.3"
}

env_vars: {
Expand Down
1 change: 1 addition & 0 deletions .kokoro/presubmit/integration.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,4 @@ env_vars: {
key: "SECRET_MANAGER_KEYS"
value: "java-it-service-account"
}

Loading
Loading