From 54f82c5a54d54ccf95953ac58ab57bfb296085f4 Mon Sep 17 00:00:00 2001 From: thc202 Date: Fri, 17 Apr 2026 13:56:14 +0100 Subject: [PATCH 1/2] Update project dependencies with dependabot Change the dependabot configuration to update the project (Gradle) dependencies. Signed-off-by: thc202 --- .github/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1b52049975f..e945d01abfb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,19 @@ updates: applies-to: version-updates patterns: - "*" + - package-ecosystem: "gradle" + directory: "/" + exclude-paths: + - "buildSrc" + schedule: + interval: "weekly" + groups: + gradle: + applies-to: version-updates + patterns: + - "*" + ignore: + - dependency-name: "gradle-wrapper" + - dependency-name: "com.google.errorprone:error_prone_core" + versions: [ ">= 2.43.0" ] # versions 2.43.x and later require Java 21 + - dependency-name: "com.diffplug.spotless*" # newer versions lead to runtime error, will need to update the common zap plugin first From ba4ed135b91244206c853a5375b7ffc4a25633ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Apr 2026 07:15:58 +0000 Subject: [PATCH 2/2] Bump the gha group with 3 updates Bumps the gha group with 3 updates: [gradle/actions](https://github.com/gradle/actions), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `gradle/actions` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f...50e97c2cd7a37755bbfafc9c5b7cafaece252f6e) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...bcafcacb16a39f128d818304e6c9c0c18556b85f) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/release-live-docker.yml | 6 +++--- .github/workflows/release-main-docker.yml | 8 ++++---- .github/workflows/release-weekly-docker.yml | 6 +++--- .github/workflows/run-integration-tests.yml | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e43f66637b0..02e999c0a68 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,6 +24,6 @@ jobs: with: distribution: 'temurin' java-version: ${{ matrix.java }} - - uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 + - uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 - run: ./gradlew assemble - run: ./gradlew check diff --git a/.github/workflows/release-live-docker.yml b/.github/workflows/release-live-docker.yml index 60f153e391b..c1e8dd0db4e 100644 --- a/.github/workflows/release-live-docker.yml +++ b/.github/workflows/release-live-docker.yml @@ -27,20 +27,20 @@ jobs: uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: zapbot password: ${{ secrets.ZAPBOT_DOCKER_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: docker file: docker/Dockerfile-live diff --git a/.github/workflows/release-main-docker.yml b/.github/workflows/release-main-docker.yml index 4f844f15ab7..73511298d36 100644 --- a/.github/workflows/release-main-docker.yml +++ b/.github/workflows/release-main-docker.yml @@ -30,20 +30,20 @@ jobs: uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: zapbot password: ${{ secrets.ZAPBOT_DOCKER_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push stable Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: docker file: docker/Dockerfile-stable @@ -66,7 +66,7 @@ jobs: index:org.opencontainers.image.licenses=Apache-2.0 - name: Build and push bare Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: docker file: docker/Dockerfile-bare diff --git a/.github/workflows/release-weekly-docker.yml b/.github/workflows/release-weekly-docker.yml index d8cd9b9d112..fbe402e3238 100644 --- a/.github/workflows/release-weekly-docker.yml +++ b/.github/workflows/release-weekly-docker.yml @@ -27,20 +27,20 @@ jobs: uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: zapbot password: ${{ secrets.ZAPBOT_DOCKER_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: docker file: docker/Dockerfile-weekly diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml index 27bea6faa2e..17a25d20363 100644 --- a/.github/workflows/run-integration-tests.yml +++ b/.github/workflows/run-integration-tests.yml @@ -19,14 +19,14 @@ jobs: uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: docker file: docker/Dockerfile-tests