Skip to content

Commit

Permalink
Merge branch 'develop' into update/billing-profile-manager-client-0.1…
Browse files Browse the repository at this point in the history
….589-SNAPSHOT
  • Loading branch information
davidangb authored Nov 12, 2024
2 parents eb91c24 + dc11484 commit a944ddf
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 14 deletions.
37 changes: 35 additions & 2 deletions .scala-steward.conf
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,39 @@ pullRequests.frequency = "0 0 ? * MON" # every monday at midnight
# Defaults to no labels (no labels are added).
pullRequests.customLabels = [ "Scala_Steward" ]

# pullRequests.grouping allows you to specify how Scala Steward should group
# your updates in order to reduce the number of pull-requests.
#
# Updates will be placed in the first group with which they match, starting
# from the first in the array. Those that do not match any group will follow
# the default procedure (one PR per update).
#
# Each element in the array will have the following schema:
#
# - name (mandatory): the name of the group, will be used for things like naming the branch
# - title (optional): if provided it will be used as the title for the PR
# - filter (mandatory): a non-empty list containing the filters to use to know
# if an update falls into this group.
#
# `filter` properties would have this format:
#
# {
# version = "major" | "minor" | "patch" | "pre-release" | "build-metadata",
# group = "{group}",
# artifact = "{artifact}"
# }
#
# For more information on the values for the `version` filter visit https://semver.org/
#
# Every field in a `filter` is optional but at least one must be provided.
#
# For grouping every update together a filter like {group = "*"} can be # provided.
#
# To create a new PR for each unique combination of artifact-versions, include ${hash} in the name.
#
# Default: []
pullRequests.grouping = [ { name = "minor_patch", title = "CORE-69: Minor and patch updates - ${artifactVersions}", filter = [ { version = "minor" }, { version = "patch" } ] } ]

# Only these dependencies which match the given patterns are updated.
#
# Each pattern must have `groupId`, and may have `artifactId` and `version`.
Expand All @@ -53,7 +86,7 @@ pullRequests.customLabels = [ "Scala_Steward" ]
# If set, Scala Steward will only create or update `n` PRs each time it runs (see `pullRequests.frequency` above).
# Useful if running frequently and/or CI build are costly
# Default: None
updates.limit = 10
updates.limit = 5

# The extensions of files that should be updated.
# Default: [".scala", ".sbt", ".sbt.shared", ".sc", ".yml", "pom.xml"]
Expand All @@ -65,7 +98,7 @@ updates.limit = 10
# you don't change it yourself.
# If "never", Scala Steward will never update the PR
# Default: "on-conflicts"
updatePullRequests = "always"
updatePullRequests = "on-conflicts"

# If set, Scala Steward will use this message template for the commit messages and PR titles.
# Supported variables: ${artifactName}, ${currentVersion}, ${nextVersion} and ${default}
Expand Down
4 changes: 2 additions & 2 deletions automation/project/Dependencies.scala
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ object Dependencies {

val akkaV = "2.6.8"
val akkaHttpV = "10.2.0"
val jacksonV = "2.18.0"
val jacksonV = "2.18.1"

val workbenchLibsHash = "80e4b8d"
val serviceTestV = s"5.0-${workbenchLibsHash}"
Expand Down Expand Up @@ -39,7 +39,7 @@ object Dependencies {
"com.fasterxml.jackson.core" % "jackson-databind" % jacksonV,
"com.fasterxml.jackson.core" % "jackson-core" % jacksonV,
"com.fasterxml.jackson.module" % ("jackson-module-scala_" + scalaV) % jacksonV,
"ch.qos.logback" % "logback-classic" % "1.5.10",
"ch.qos.logback" % "logback-classic" % "1.5.12",
"net.logstash.logback" % "logstash-logback-encoder" % "6.6",
"com.google.apis" % "google-api-services-oauth2" % "v1-rev112-1.22.0" excludeAll (
ExclusionRule("com.google.guava", "guava-jdk5"),
Expand Down
18 changes: 8 additions & 10 deletions project/Dependencies.scala
Original file line number Diff line number Diff line change
Expand Up @@ -57,19 +57,19 @@ object Dependencies {
// rawlsCoreDependencies, does not need these. As of this writing, metrics4-scala and metrics3-statsd are only
// needed by the metrics subproject of Rawls.
// metrics-scala transitively pulls in io.dropwizard.metrics:metrics-core
val metricsScala: ModuleID = "nl.grons" %% "metrics4-scala" % "4.3.2"
val metricsScala: ModuleID = "nl.grons" %% "metrics4-scala" % "4.3.3"
val metricsStatsd: ModuleID = "com.readytalk" % "metrics3-statsd" % "4.2.0"

val scalaLogging: ModuleID = "com.typesafe.scala-logging" %% "scala-logging" % "3.9.5"
val jacksonCore: ModuleID = "com.fasterxml.jackson.core" % "jackson-core" % "2.18.0"
val jacksonCore: ModuleID = "com.fasterxml.jackson.core" % "jackson-core" % "2.18.1"
val jodaTime: ModuleID = "joda-time" % "joda-time" % "2.13.0"
val jodaConvert: ModuleID = "org.joda" % "joda-convert" % "2.2.4"
val typesafeConfig: ModuleID = "com.typesafe" % "config" % "1.4.3"
val sentryLogback: ModuleID = "io.sentry" % "sentry-logback" % "7.15.0"
val sentryLogback: ModuleID = "io.sentry" % "sentry-logback" % "7.16.0"
val webjarsLocator: ModuleID = "org.webjars" % "webjars-locator" % "0.52"
val commonsJEXL: ModuleID = "org.apache.commons" % "commons-jexl" % "2.1.1"
val cats: ModuleID = "org.typelevel" %% "cats-core" % "2.12.0"
val logbackClassic: ModuleID = "ch.qos.logback" % "logback-classic" % "1.5.10"
val logbackClassic: ModuleID = "ch.qos.logback" % "logback-classic" % "1.5.12"
val scalaUri: ModuleID = "io.lemonlabs" %% "scala-uri" % "3.0.0"
val scalatest: ModuleID = "org.scalatest" %% "scalatest" % "3.2.19" % "test"
val mockito: ModuleID = "org.scalatestplus" %% "mockito-4-2" % "3.2.11.0" % Test
Expand Down Expand Up @@ -105,7 +105,7 @@ object Dependencies {
val workbenchOauth2: ModuleID = "org.broadinstitute.dsde.workbench" %% "workbench-oauth2" % workbenchOauth2V
val workbenchOauth2Tests: ModuleID = "org.broadinstitute.dsde.workbench" %% "workbench-oauth2" % workbenchOauth2V % "test" classifier "tests"

val googleStorageLocal: ModuleID = "com.google.cloud" % "google-cloud-nio" % "0.127.25" % "test"
val googleStorageLocal: ModuleID = "com.google.cloud" % "google-cloud-nio" % "0.127.26" % "test"

val workbenchUtil: ModuleID = "org.broadinstitute.dsde.workbench" %% "workbench-util" % s"0.10-${workbenchLibsHash}"

Expand Down Expand Up @@ -133,7 +133,7 @@ object Dependencies {
val resourceBufferService = clientLibExclusions("bio.terra" % "terra-resource-buffer-client" % "0.198.42-SNAPSHOT")
val billingProfileManager = clientLibExclusions("bio.terra" % "billing-profile-manager-client" % "0.1.589-SNAPSHOT")
val terraCommonLib = tclExclusions(clientLibExclusions("bio.terra" % "terra-common-lib" % "0.1.23-SNAPSHOT" classifier "plain"))
val sam: ModuleID = clientLibExclusions("org.broadinstitute.dsde.workbench" %% "sam-client" % "v0.0.296")
val sam: ModuleID = clientLibExclusions("org.broadinstitute.dsde.workbench" %% "sam-client" % "v0.0.306")
val leonardo: ModuleID = "org.broadinstitute.dsde.workbench" % "leonardo-client_2.13" % "1.3.6-2e87300"

// OpenTelemetry
Expand All @@ -148,17 +148,15 @@ object Dependencies {
val kindProjector = compilerPlugin(("org.typelevel" %% "kind-projector" % "0.13.3").cross(CrossVersion.full))
val betterMonadicFor = compilerPlugin("com.olegpy" %% "better-monadic-for" % "0.3.1")

val openApiParser: ModuleID = "io.swagger.parser.v3" % "swagger-parser-v3" % "2.1.22"
val openApiParser: ModuleID = "io.swagger.parser.v3" % "swagger-parser-v3" % "2.1.23"

// Overrides for transitive dependencies. These apply - via Settings.scala - to all projects in this codebase.
// These are overrides only; if the direct dependencies stop including any of these, they will not be included
// in Rawls by being listed here.
// One reason to specify an override here is to avoid static-analysis security warnings.
val transitiveDependencyOverrides = Seq(
//Override for reactor-netty to address CVE-2023-34054 and CVE-2023-34062
"io.projectreactor.netty" % "reactor-netty-http" % "1.0.39",
// override commons-codec to address a non-CVE warning from DefectDojo
"commons-codec" % "commons-codec" % "1.16.1"
"commons-codec" % "commons-codec" % "1.17.1"
)

val extraOpenTelemetryDependencies = Seq(
Expand Down

0 comments on commit a944ddf

Please sign in to comment.