Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve open backend dependabots #16079

Merged
merged 35 commits into from
Oct 7, 2024

Conversation

thetaurean
Copy link
Collaborator

This PR resolves a collection of dependabots, 17 in total.

Test Steps:

  1. Run test suites

Changes

  • Dependencies updated (see commit messages or linked issues for which)

Checklist

Testing

  • Tested locally?
  • Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • (For Changes to /frontend-react/...) Ran npm run lint:write?
  • Added tests?

Linked Issues

dependabot bot and others added 30 commits September 29, 2024 07:34
Bumps [com.sendgrid:sendgrid-java](https://github.com/sendgrid/sendgrid-java) from 4.10.2 to 4.10.3.
- [Release notes](https://github.com/sendgrid/sendgrid-java/releases)
- [Changelog](https://github.com/sendgrid/sendgrid-java/blob/main/CHANGELOG.md)
- [Commits](sendgrid/sendgrid-java@4.10.2...4.10.3)

---
updated-dependencies:
- dependency-name: com.sendgrid:sendgrid-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.commonmark:commonmark](https://github.com/commonmark/commonmark-java) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/commonmark/commonmark-java/releases)
- [Changelog](https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md)
- [Commits](commonmark/commonmark-java@commonmark-parent-0.22.0...commonmark-parent-0.23.0)

---
updated-dependencies:
- dependency-name: org.commonmark:commonmark
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/networknt/json-schema-validator/releases)
- [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md)
- [Commits](networknt/json-schema-validator@1.5.1...1.5.2)

---
updated-dependencies:
- dependency-name: com.networknt:json-schema-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps commons-io:commons-io from 2.16.1 to 2.17.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the hapifhir group with 3 updates in the /prime-router directory: ca.uhn.hapi.fhir:hapi-fhir-structures-r4, ca.uhn.hapi.fhir:hapi-fhir-caching-caffeine and ca.uhn.hapi.fhir:hapi-fhir-client.


Updates `ca.uhn.hapi.fhir:hapi-fhir-structures-r4` from 7.2.2 to 7.4.2

Updates `ca.uhn.hapi.fhir:hapi-fhir-caching-caffeine` from 7.2.2 to 7.4.2

Updates `ca.uhn.hapi.fhir:hapi-fhir-client` from 7.2.2 to 7.4.2

---
updated-dependencies:
- dependency-name: ca.uhn.hapi.fhir:hapi-fhir-structures-r4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hapifhir
- dependency-name: ca.uhn.hapi.fhir:hapi-fhir-caching-caffeine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hapifhir
- dependency-name: ca.uhn.hapi.fhir:hapi-fhir-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: hapifhir
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps ca.uhn.hapi.fhir:org.hl7.fhir.utilities from 6.3.24 to 6.3.29.

---
updated-dependencies:
- dependency-name: ca.uhn.hapi.fhir:org.hl7.fhir.utilities
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the flyway group in /prime-router with 3 updates: org.flywaydb:flyway-database-postgresql, [org.flywaydb:flyway-core](https://github.com/flyway/flyway) and org.flywaydb.flyway.


Updates `org.flywaydb:flyway-database-postgresql` from 10.18.0 to 10.18.2

Updates `org.flywaydb:flyway-core` from 10.18.0 to 10.18.2
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](flyway/flyway@flyway-10.18.0...flyway-10.18.2)

Updates `org.flywaydb.flyway` from 10.18.0 to 10.18.2

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-database-postgresql
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: flyway
- dependency-name: org.flywaydb:flyway-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: flyway
- dependency-name: org.flywaydb.flyway
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: flyway
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.azure:azure-security-keyvault-secrets](https://github.com/Azure/azure-sdk-for-java) from 4.8.6 to 4.8.7.
- [Release notes](https://github.com/Azure/azure-sdk-for-java/releases)
- [Commits](Azure/azure-sdk-for-java@azure-security-keyvault-keys_4.8.6...azure-security-keyvault-keys_4.8.7)

---
updated-dependencies:
- dependency-name: com.azure:azure-security-keyvault-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps `jacksonVersion` from 2.17.2 to 2.18.0.

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.17.2 to 2.18.0
- [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.17.2...jackson-dataformats-text-2.18.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.2 to 2.18.0
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.apache.commons:commons-csv](https://github.com/apache/commons-csv) from 1.11.0 to 1.12.0.
- [Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-csv@rel/commons-csv-1.11.0...rel/commons-csv-1.12.0)

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-csv
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 5.1.0 to 6.0.0.
- [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES)
- [Commits](brettwooldridge/HikariCP@HikariCP-5.1.0...HikariCP-6.0.0)

---
updated-dependencies:
- dependency-name: com.zaxxer:HikariCP
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.3.0-jre to 33.3.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.jetbrains.kotlinx:kotlinx-coroutines-reactor](https://github.com/Kotlin/kotlinx.coroutines) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/Kotlin/kotlinx.coroutines/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.coroutines/blob/master/CHANGES.md)
- [Commits](Kotlin/kotlinx.coroutines@1.8.1...1.9.0)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlinx:kotlinx-coroutines-reactor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.jetbrains.kotlinx:kotlinx-coroutines-core](https://github.com/Kotlin/kotlinx.coroutines) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/Kotlin/kotlinx.coroutines/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.coroutines/blob/master/CHANGES.md)
- [Commits](Kotlin/kotlinx.coroutines@1.8.1...1.9.0)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlinx:kotlinx-coroutines-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.azure.spring:spring-cloud-azure-dependencies](https://github.com/Azure/azure-sdk-for-java) from 5.14.0 to 5.16.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-java/releases)
- [Commits](Azure/azure-sdk-for-java@spring-cloud-azure_5.14.0...spring-cloud-azure_5.16.0)

---
updated-dependencies:
- dependency-name: com.azure.spring:spring-cloud-azure-dependencies
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.3.2 to 3.3.4.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.3.2...v3.3.4)

---
updated-dependencies:
- dependency-name: org.springframework.boot
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.18 to 11.19.1.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.19.1..11.18)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
…om.google.guava-guava-33.3.1-jre' into platform/thetaurean/mass-dependabots
…om.zaxxer-HikariCP-6.0.0' into platform/thetaurean/mass-dependabots
…rg.apache.commons-commons-csv-1.12.0' into platform/thetaurean/mass-dependabots
…acksonVersion-2.18.0' into platform/thetaurean/mass-dependabots
…om.azure-azure-security-keyvault-secrets-4.8.7' into platform/thetaurean/mass-dependabots
…lyway-b72839cc10' into platform/thetaurean/mass-dependabots
…apifhir-10b42aa1fc' into platform/thetaurean/mass-dependabots
…a.uhn.hapi.fhir-org.hl7.fhir.utilities-6.3.29' into platform/thetaurean/mass-dependabots
…gframework.boot-3.3.4' into platform/thetaurean/mass-dependabots
…ains.kotlinx-kotlinx-coroutines-core-1.9.0' into platform/thetaurean/mass-dependabots
…ains.kotlinx-kotlinx-coroutines-reactor-1.9.0' into platform/thetaurean/mass-dependabots
….spring-spring-cloud-azure-dependencies-5.16.0' into platform/thetaurean/mass-dependabots
…rg.commonmark-commonmark-0.23.0' into platform/thetaurean/mass-dependabots
…sds-oauth2-oidc-sdk-11.19.1' into platform/thetaurean/mass-dependabots
…om.sendgrid-sendgrid-java-4.10.3' into platform/thetaurean/mass-dependabots
…om.networknt-json-schema-validator-1.5.2' into platform/thetaurean/mass-dependabots
…ommons-io-commons-io-2.17.0' into platform/thetaurean/mass-dependabots
@thetaurean thetaurean added the platform Platform Team label Oct 3, 2024
@thetaurean thetaurean requested a review from a team as a code owner October 3, 2024 16:20
Copy link

github-actions bot commented Oct 3, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

Copy link

github-actions bot commented Oct 3, 2024

Test Results

1 236 tests  ±0   1 232 ✅ ±0   7m 57s ⏱️ +40s
  162 suites ±0       4 💤 ±0 
  162 files   ±0       0 ❌ ±0 

Results for commit 7c21d2c. ± Comparison against base commit 81f5d3c.

♻️ This comment has been updated with latest results.

Copy link

github-actions bot commented Oct 3, 2024

Integration Test Results

 53 files  ±0   53 suites  ±0   27m 45s ⏱️ +44s
410 tests ±0  401 ✅ ±0  9 💤 ±0  0 ❌ ±0 
413 runs  ±0  404 ✅ ±0  9 💤 ±0  0 ❌ ±0 

Results for commit 7c21d2c. ± Comparison against base commit 81f5d3c.

♻️ This comment has been updated with latest results.

Copy link

sonarqubecloud bot commented Oct 4, 2024

@thetaurean thetaurean merged commit 3644cf6 into master Oct 7, 2024
22 checks passed
@thetaurean thetaurean deleted the platform/thetaurean/mass-dependabots branch October 7, 2024 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
platform Platform Team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants