From 8e3be51ba9e15930db24b83dd28340f661242bd6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 01:19:24 +0000 Subject: [PATCH 01/10] fix(deps): bump io.javaoperatorsdk:operator-framework Bumps [io.javaoperatorsdk:operator-framework](https://github.com/operator-framework/java-operator-sdk) from 5.0.1 to 5.0.3. - [Release notes](https://github.com/operator-framework/java-operator-sdk/releases) - [Commits](https://github.com/operator-framework/java-operator-sdk/compare/v5.0.1...v5.0.3) --- updated-dependencies: - dependency-name: io.javaoperatorsdk:operator-framework dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f4cf1172..57e89314 100644 --- a/build.gradle +++ b/build.gradle @@ -51,7 +51,7 @@ jib { project.ext { mongoDbDriverVersion = "5.3.1" slf4jVersion = "2.0.16" - operatorFrameworkVersion = "5.0.1" + operatorFrameworkVersion = "5.0.3" kubernetesServerMockVersion = "7.1.0" // align with transitive dependency of operator framework mockitoVersion = "5.2.0" jacksonVersion = "2.18.2" From 5037e9560c7e42138fce88396b6044ee603917d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 01:19:20 +0000 Subject: [PATCH 02/10] test(deps): bump org.awaitility:awaitility from 4.2.2 to 4.3.0 Bumps [org.awaitility:awaitility](https://github.com/awaitility/awaitility) from 4.2.2 to 4.3.0. - [Changelog](https://github.com/awaitility/awaitility/blob/master/changelog.txt) - [Commits](https://github.com/awaitility/awaitility/compare/awaitility-4.2.2...awaitility-4.3.0) --- updated-dependencies: - dependency-name: org.awaitility:awaitility dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 57e89314..672fc95e 100644 --- a/build.gradle +++ b/build.gradle @@ -137,7 +137,7 @@ dependencies { exclude group: 'net.bytebuddy', 'module': 'byte-buddy' exclude group: 'net.bytebuddy', 'module': 'byte-buddy-agent' } - testImplementation 'org.awaitility:awaitility:4.2.2' + testImplementation 'org.awaitility:awaitility:4.3.0' testImplementation "io.fabric8:kubernetes-server-mock:${kubernetesServerMockVersion}", { // self managed to avoid conflicts exclude group: "org.slf4j" From 87eddbcf5c8f283e4c7296b534ec9212b6477fa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 01:19:16 +0000 Subject: [PATCH 03/10] fix(deps): bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.16 to 1.5.17. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.17) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 672fc95e..8854c3ce 100644 --- a/build.gradle +++ b/build.gradle @@ -97,7 +97,7 @@ dependencies { // logging annotationProcessor "org.slf4j:slf4j-api:${slf4jVersion}" implementation "org.slf4j:slf4j-api:${slf4jVersion}" - implementation 'ch.qos.logback:logback-classic:1.5.16', { + implementation 'ch.qos.logback:logback-classic:1.5.17', { exclude group: "org.slf4j", module: "slf4j-api" } implementation "ch.qos.logback.contrib:logback-json-classic:${logbackContribVersion}", { From 28785edb7ee34d32a3af084b267655330120c4b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 01:19:13 +0000 Subject: [PATCH 04/10] test(deps): bump org.junit:junit-bom from 5.11.4 to 5.12.0 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.4 to 5.12.0. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.4...r5.12.0) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 8854c3ce..fb46df9a 100644 --- a/build.gradle +++ b/build.gradle @@ -111,7 +111,7 @@ dependencies { implementation 'io.micrometer:micrometer-registry-prometheus:1.14.4' // test - testImplementation enforcedPlatform("org.junit:junit-bom:5.11.4") + testImplementation enforcedPlatform("org.junit:junit-bom:5.12.0") testImplementation 'org.junit.jupiter:junit-jupiter' testImplementation 'org.junit-pioneer:junit-pioneer:2.3.0' testImplementation 'org.assertj:assertj-core:3.27.3', { From 895e7d37e320f68dee3c326493d5219b0e9f9da7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 02:19:10 +0100 Subject: [PATCH 05/10] fix(deps): bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 Bumps org.slf4j:slf4j-api from 2.0.16 to 2.0.17. --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- kustomize/release/kustomization.yaml | 34 ++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index fb46df9a..3db23361 100644 --- a/build.gradle +++ b/build.gradle @@ -50,7 +50,7 @@ jib { project.ext { mongoDbDriverVersion = "5.3.1" - slf4jVersion = "2.0.16" + slf4jVersion = "2.0.17" operatorFrameworkVersion = "5.0.3" kubernetesServerMockVersion = "7.1.0" // align with transitive dependency of operator framework mockitoVersion = "5.2.0" diff --git a/kustomize/release/kustomization.yaml b/kustomize/release/kustomization.yaml index 5c1c0bb3..2a0aec49 100644 --- a/kustomize/release/kustomization.yaml +++ b/kustomize/release/kustomization.yaml @@ -4,3 +4,37 @@ namespace: mongodb-operator resources: - mongodb-operator-ns.yaml - no-namespace +images: + - name: quay.io/sdase/mongodb-operator + newName: mongodb-operator + newTag: local-2 + +secretGenerator: + - name: mongodb-operator + literals: + - mongodbConnectionString=mongodb://test-root:test-s3cr3t@mongodb.mongodb + +patches: + - target: + kind: Deployment + name: mongodb-operator + patch: | + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: IfNotPresent + - target: + name: mongodb-operator + kind: Deployment + patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: mongodb-operator + spec: + template: + spec: + containers: + - name: operator + env: + - name: ENABLE_JSON_LOGGING + value: "false" From 82b9806b8e2c689318efc5e46a16f6e48e667fd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 21:32:21 +0000 Subject: [PATCH 06/10] chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/cve-check.yml | 2 +- .github/workflows/java-ci.yml | 2 +- .github/workflows/publish-docs.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml index f9beae0e..731aeb6d 100644 --- a/.github/workflows/cve-check.yml +++ b/.github/workflows/cve-check.yml @@ -144,7 +144,7 @@ jobs: - name: Upload CVE files if: failure() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: cves path: cve_slack_payload_*.json diff --git a/.github/workflows/java-ci.yml b/.github/workflows/java-ci.yml index b011788e..1d14e4b7 100644 --- a/.github/workflows/java-ci.yml +++ b/.github/workflows/java-ci.yml @@ -37,7 +37,7 @@ jobs: ./gradlew jibDockerBuild && docker run --rm --entrypoint="echo" mongodb-operator:latest 'image is not distroless' && exit 1 || echo 'image is distroless' - - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 if: always() with: name: java-ci-test-results diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index b48b2f9c..34a25ab8 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -31,7 +31,7 @@ jobs: run: mkdocs build --config-file mkdocs.yml && ls -al - name: Archive test build if: github.event_name == 'pull_request' - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: site path: | From 93124ecb28ed5385d615f83b6691eee16114d720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Feb 2025 14:04:40 +0000 Subject: [PATCH 07/10] test(deps): bump com.squareup.okhttp3:okhttp from 3.12.12 to 4.12.0 Bumps [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) from 3.12.12 to 4.12.0. - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](https://github.com/square/okhttp/compare/parent-3.12.12...parent-4.12.0) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:okhttp dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3db23361..635c57c3 100644 --- a/build.gradle +++ b/build.gradle @@ -149,7 +149,7 @@ dependencies { // CVE-2020-15250 in 4.12 // -> pulled transitively from OkHttp3 mockwebserver used by kubernetes-server-mock testImplementation 'junit:junit:4.13.2' - testImplementation 'com.squareup.okhttp3:okhttp:3.12.12', { + testImplementation 'com.squareup.okhttp3:okhttp:4.12.0', { exclude group: 'com.squareup.okio', module: 'okio' } } From 53585452d81d4ebc06c7d96c7a28d96e55861524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= Date: Thu, 27 Feb 2025 09:59:09 +0100 Subject: [PATCH 08/10] test(deps): align kotlin dependencies --- build.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 635c57c3..8b16d728 100644 --- a/build.gradle +++ b/build.gradle @@ -28,7 +28,7 @@ java { vendor = JvmVendorSpec.ADOPTIUM } } -tasks.withType(JavaCompile) { +tasks.withType(JavaCompile).configureEach { options.encoding = 'UTF-8' } @@ -151,6 +151,7 @@ dependencies { testImplementation 'junit:junit:4.13.2' testImplementation 'com.squareup.okhttp3:okhttp:4.12.0', { exclude group: 'com.squareup.okio', module: 'okio' + exclude group: "org.jetbrains.kotlin", module: "kotlin-stdlib-jdk8" } } From fdd71a79da252240fc82fd23c0d02bf19b5eb515 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= Date: Thu, 27 Feb 2025 10:00:14 +0100 Subject: [PATCH 09/10] fix(deps): bump netty to 4.1.119 --- build.gradle | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 8b16d728..870de594 100644 --- a/build.gradle +++ b/build.gradle @@ -56,10 +56,13 @@ project.ext { mockitoVersion = "5.2.0" jacksonVersion = "2.18.2" logbackContribVersion = "0.1.5" + nettyVersion = "4.1.119.Final" } dependencies { + implementation enforcedPlatform("io.netty:netty-bom:${nettyVersion}") + annotationProcessor enforcedPlatform("io.netty:netty-bom:${nettyVersion}") implementation enforcedPlatform("com.fasterxml.jackson:jackson-bom:${jacksonVersion}") annotationProcessor enforcedPlatform("com.fasterxml.jackson:jackson-bom:${jacksonVersion}") implementation enforcedPlatform('org.eclipse.jetty:jetty-bom:11.0.24') @@ -69,10 +72,7 @@ dependencies { exclude group: "org.slf4j" // recheck when operator-framework is upgraded exclude group: 'com.squareup.okio', module: 'okio' - // vulnerability in 4.1.117.Final, may be removed when netty is updated in operator framework - exclude group: 'io.netty', module: 'netty-common' } - implementation 'io.netty:netty-common:4.1.118.Final' annotationProcessor "io.javaoperatorsdk:operator-framework:${operatorFrameworkVersion}", { // self managed to avoid conflicts exclude group: "org.slf4j" @@ -144,7 +144,6 @@ dependencies { exclude group: 'com.squareup.okio', module: 'okio' exclude group: 'junit', module: 'junit' // vulnerability in 4.1.117.Final - exclude group: 'io.netty', module: 'netty-common' } // CVE-2020-15250 in 4.12 // -> pulled transitively from OkHttp3 mockwebserver used by kubernetes-server-mock From 9a96f28f31186e2595eb05532a500e5c3cfa78d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= Date: Thu, 27 Feb 2025 10:01:46 +0100 Subject: [PATCH 10/10] docs(build): fix name of Java setup step --- .github/workflows/cve-check.yml | 2 +- .github/workflows/license-check.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml index 731aeb6d..db3759b2 100644 --- a/.github/workflows/cve-check.yml +++ b/.github/workflows/cve-check.yml @@ -30,7 +30,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up JDK 17 + - name: Set up JDK uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: 'temurin' diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index c15b5360..84ee4bd0 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -26,7 +26,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up JDK 21 + - name: Set up JDK uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: 'temurin'