From 38615d11fe2bb15746b987e9c93a399e6b6c2eb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 20:29:53 +0000
Subject: [PATCH 1/5] chore(deps): bump leafo/gh-actions-luarocks from 4 to 5

Bumps [leafo/gh-actions-luarocks](https://github.com/leafo/gh-actions-luarocks) from 4 to 5.
- [Release notes](https://github.com/leafo/gh-actions-luarocks/releases)
- [Commits](https://github.com/leafo/gh-actions-luarocks/compare/v4...v5)

---
updated-dependencies:
- dependency-name: leafo/gh-actions-luarocks
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/health-argocd-local-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/health-argocd-local-ci.yml b/.github/workflows/health-argocd-local-ci.yml
index b5a35c24..e3616578 100644
--- a/.github/workflows/health-argocd-local-ci.yml
+++ b/.github/workflows/health-argocd-local-ci.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - uses: leafo/gh-actions-lua@v10
-      - uses: leafo/gh-actions-luarocks@v4
+      - uses: leafo/gh-actions-luarocks@v5
       - name: Test
         run: |
           luarocks --server=https://rocks.moonscript.org install lyaml

From 3fd66b63a6506e818dd8d1fb98539bbef9b919f5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 20:29:56 +0000
Subject: [PATCH 2/5] chore(deps): bump dawidd6/action-download-artifact from 8
 to 9

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 8 to 9.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/v8...v9)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/sonar.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index 77d37ea9..197e81b8 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -32,7 +32,7 @@ jobs:
 
       # Download from previous workflow: https://github.com/dawidd6/action-download-artifact
       - name: Download artifact
-        uses: dawidd6/action-download-artifact@v8
+        uses: dawidd6/action-download-artifact@v9
         with:
           workflow: ${{ github.event.workflow_run.workflow_id }}
           run_id: ${{ github.event.workflow_run.id }}

From 7b2b368abf9ddda6c3769e33274f56a68c3c2cd2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 20:29:56 +0000
Subject: [PATCH 3/5] fix(deps): manage kotlin version to avoid excludes

---
 build.gradle | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/build.gradle b/build.gradle
index 870de594..45635e90 100644
--- a/build.gradle
+++ b/build.gradle
@@ -66,6 +66,7 @@ dependencies {
   implementation enforcedPlatform("com.fasterxml.jackson:jackson-bom:${jacksonVersion}")
   annotationProcessor enforcedPlatform("com.fasterxml.jackson:jackson-bom:${jacksonVersion}")
   implementation enforcedPlatform('org.eclipse.jetty:jetty-bom:11.0.24')
+  implementation enforcedPlatform('org.jetbrains.kotlin:kotlin-bom:2.1.10')
 
   implementation "io.javaoperatorsdk:operator-framework:${operatorFrameworkVersion}", {
     // self managed to avoid conflicts
@@ -90,8 +91,6 @@ dependencies {
   implementation "io.javalin:javalin:6.4.0", {
     // self managed to avoid conflicts
     exclude group: "org.slf4j"
-    // conflict with Kotlin version in Okio 3.9.0
-    exclude group: "org.jetbrains.kotlin", module: "kotlin-stdlib-jdk8"
   }
 
   // logging
@@ -150,7 +149,6 @@ dependencies {
   testImplementation 'junit:junit:4.13.2'
   testImplementation 'com.squareup.okhttp3:okhttp:4.12.0', {
     exclude group: 'com.squareup.okio', module: 'okio'
-    exclude group: "org.jetbrains.kotlin", module: "kotlin-stdlib-jdk8"
   }
 }
 

From 92128daf6f2b80c2f66c8a5c9b00b4322867bba4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= <joerg.siebahn@sda-se.com>
Date: Tue, 4 Mar 2025 09:16:54 +0100
Subject: [PATCH 4/5] fix(deps): manage slf4j version to avoid excludes

---
 build.gradle | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/build.gradle b/build.gradle
index 45635e90..4e8219b9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -67,16 +67,14 @@ dependencies {
   annotationProcessor enforcedPlatform("com.fasterxml.jackson:jackson-bom:${jacksonVersion}")
   implementation enforcedPlatform('org.eclipse.jetty:jetty-bom:11.0.24')
   implementation enforcedPlatform('org.jetbrains.kotlin:kotlin-bom:2.1.10')
+  annotationProcessor enforcedPlatform("org.slf4j:slf4j-bom:${slf4jVersion}")
+  implementation enforcedPlatform("org.slf4j:slf4j-bom:${slf4jVersion}")
 
   implementation "io.javaoperatorsdk:operator-framework:${operatorFrameworkVersion}", {
-    // self managed to avoid conflicts
-    exclude group: "org.slf4j"
     // recheck when operator-framework is upgraded
     exclude group: 'com.squareup.okio', module: 'okio'
   }
   annotationProcessor "io.javaoperatorsdk:operator-framework:${operatorFrameworkVersion}", {
-    // self managed to avoid conflicts
-    exclude group: "org.slf4j"
     // recheck when operator-framework is upgraded
     exclude group: 'com.squareup.okio', module: 'okio'
   }
@@ -88,17 +86,11 @@ dependencies {
   implementation 'org.hibernate.validator:hibernate-validator:8.0.2.Final'
   implementation 'jakarta.el:jakarta.el-api:6.0.1'
   implementation 'org.bouncycastle:bcpkix-jdk18on:1.80'
-  implementation "io.javalin:javalin:6.4.0", {
-    // self managed to avoid conflicts
-    exclude group: "org.slf4j"
-  }
+  implementation "io.javalin:javalin:6.4.0"
 
   // logging
-  annotationProcessor "org.slf4j:slf4j-api:${slf4jVersion}"
-  implementation "org.slf4j:slf4j-api:${slf4jVersion}"
-  implementation 'ch.qos.logback:logback-classic:1.5.17', {
-    exclude group: "org.slf4j", module: "slf4j-api"
-  }
+  implementation "org.slf4j:slf4j-api"
+  implementation 'ch.qos.logback:logback-classic:1.5.17'
   implementation "ch.qos.logback.contrib:logback-json-classic:${logbackContribVersion}", {
     exclude group: "ch.qos.logback", module: "logback-classic"
     exclude group: "ch.qos.logback", module: "logback-core"
@@ -120,7 +112,6 @@ dependencies {
   }
   // try to replace local commons-compress management on update!
   testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.18.1', {
-    exclude group: "org.slf4j", module: "slf4j-api"
     // newer version from operator-framework
     exclude group: "org.apache.commons", module: "commons-lang3"
   }
@@ -138,11 +129,8 @@ dependencies {
   }
   testImplementation 'org.awaitility:awaitility:4.3.0'
   testImplementation "io.fabric8:kubernetes-server-mock:${kubernetesServerMockVersion}", {
-    // self managed to avoid conflicts
-    exclude group: "org.slf4j"
     exclude group: 'com.squareup.okio', module: 'okio'
     exclude group: 'junit', module: 'junit'
-    // vulnerability in 4.1.117.Final
   }
   // CVE-2020-15250 in 4.12
   // -> pulled transitively from OkHttp3 mockwebserver used by kubernetes-server-mock

From 3accfcf6108f04913e1d64d757b654d4460d8a1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 21:29:59 +0100
Subject: [PATCH 5/5] chore(deps): bump leafo/gh-actions-lua from 10 to 11

Bumps [leafo/gh-actions-lua](https://github.com/leafo/gh-actions-lua) from 10 to 11.
- [Release notes](https://github.com/leafo/gh-actions-lua/releases)
- [Commits](https://github.com/leafo/gh-actions-lua/compare/v10...v11)

---
updated-dependencies:
- dependency-name: leafo/gh-actions-lua
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/health-argocd-local-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/health-argocd-local-ci.yml b/.github/workflows/health-argocd-local-ci.yml
index e3616578..2e431756 100644
--- a/.github/workflows/health-argocd-local-ci.yml
+++ b/.github/workflows/health-argocd-local-ci.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
-      - uses: leafo/gh-actions-lua@v10
+      - uses: leafo/gh-actions-lua@v11
       - uses: leafo/gh-actions-luarocks@v5
       - name: Test
         run: |