diff --git a/Dockerfile b/Dockerfile index d23cd80272..df92847b85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN dnf install -y \ dejavu-fonts-common-2.35-7.el8 \ dejavu-sans-fonts-2.35-7.el8 \ procps-ng-3.3.15-14.el8 \ - iproute-6.2.0-5.el8_9 \ + iproute-6.2.0-6.el8_10.x86_64 \ hostname-3.20-6.el8 \ && dnf clean all diff --git a/build.gradle b/build.gradle index b6e2935737..184a95f387 100755 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ plugins { id 'com.adarshr.test-logger' version '4.0.0' // To discover library versions with known vulnerabilities - id 'org.owasp.dependencycheck' version '9.1.0' + id 'org.owasp.dependencycheck' version '9.2.0' // Task to assist in downloading artifacts id 'de.undercouch.download' version '5.6.0' @@ -244,8 +244,8 @@ project(':wres-system') { api 'org.jvnet.jaxb2_commons:jaxb2-basics-runtime:0.13.1' // Builders - compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.32' - annotationProcessor 'org.projectlombok:lombok:1.18.32' + compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.34' + annotationProcessor 'org.projectlombok:lombok:1.18.34' // Database drivers need to be on the runtime classpath in order to // acquire connections initially. See #103431 @@ -313,7 +313,7 @@ project(':wres-datamodel') { compileOnly group: 'net.jcip', name: 'jcip-annotations', version: '1.0' // Mocking help - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' // JUnit 5 API and runtime testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' @@ -351,7 +351,7 @@ project(':wres-io') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' // to use native postgres copy, need this on compile, otherwise runtime implementation('org.postgresql:postgresql:42.7.3') { @@ -381,7 +381,7 @@ project(':wres-io') { implementation group: 'org.locationtech.jts', name: 'jts-core', version: '1.19.0' implementation group: 'org.locationtech.jts', name: 'jts-io', version: '1.19.0', ext: 'pom' - implementation 'org.liquibase:liquibase-core:4.27.0' + implementation 'org.liquibase:liquibase-core:4.28.0' // Use instead of the bridge between JUL and SLF4J. #60801-283 runtimeOnly 'com.mattbertolini:liquibase-slf4j:5.0.0' @@ -395,7 +395,7 @@ project(':wres-io') { runtimeOnly 'org.slf4j:jcl-over-slf4j:2.1.0-alpha1' //JB @ 02/16/17 - testImplementation 'com.google.guava:guava-testlib:33.2.0-jre' + testImplementation 'com.google.guava:guava-testlib:33.2.1-jre' // Mocking help testImplementation 'org.mockito:mockito-inline:5.2.0' @@ -524,7 +524,7 @@ project(':wres-writing') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' // Better-than-Java's HTTP client implementation 'com.squareup.okhttp3:okhttp:4.12.0' @@ -583,9 +583,9 @@ project(':wres-reading') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' - implementation 'org.apache.commons:commons-compress:1.26.1' + implementation 'org.apache.commons:commons-compress:1.26.2' // Better-than-Java's HTTP client implementation 'com.squareup.okhttp3:okhttp:4.12.0' @@ -603,7 +603,7 @@ project(':wres-reading') { implementation group: 'org.apache.commons', name: 'commons-collections4', version: '4.4' - implementation 'org.liquibase:liquibase-core:4.27.0' + implementation 'org.liquibase:liquibase-core:4.28.0' // Use instead of the bridge between JUL and SLF4J. #60801-283 runtimeOnly 'com.mattbertolini:liquibase-slf4j:5.0.0' @@ -611,11 +611,11 @@ project(':wres-reading') { compileOnly 'net.jcip:jcip-annotations:1.0' // Builders - compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.32' - annotationProcessor 'org.projectlombok:lombok:1.18.32' + compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.34' + annotationProcessor 'org.projectlombok:lombok:1.18.34' //JB @ 02/16/17 - testImplementation 'com.google.guava:guava-testlib:33.2.0-jre' + testImplementation 'com.google.guava:guava-testlib:33.2.1-jre' // Mocking help testImplementation 'org.mockito:mockito-inline:5.2.0' @@ -663,7 +663,7 @@ project(':wres-metrics') { exclude group: 'edu.washington.cs.types.checker', module: 'checker-framework' } - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' // JUnit 5 API and runtime testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' @@ -913,7 +913,7 @@ project(':wres-vis') { testRuntimeOnly 'org.junit.vintage:junit-vintage-engine:5.10.2' // Mocking help - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' testRuntimeOnly files('dist/lib/conf') @@ -969,7 +969,7 @@ project(':wres-config') { } // Include later dependency versions for the excluded dependencies above implementation 'com.google.protobuf:protobuf-java:3.21.12' - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' // To validate WKT strings as geometries implementation group: 'org.locationtech.jts', name: 'jts-core', version: '1.19.0' @@ -984,7 +984,7 @@ project(':wres-config') { implementation group: 'com.opencsv', name: 'opencsv', version: '5.9' // YAML/JSON schema validation - implementation 'com.networknt:json-schema-validator:1.4.0' + implementation 'com.networknt:json-schema-validator:1.4.3' // To auto-generate builders for Java records through annotation processing annotationProcessor 'io.soabase.record-builder:record-builder-processor:41' @@ -1017,7 +1017,7 @@ project(':wres-config') { implementation group: 'org.jvnet.jaxb2_commons', name: 'jaxb2-basics-annotate', version: '1.1.0' // Mocking help - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' testImplementation 'org.junit.jupiter:junit-jupiter-params:5.10.2' @@ -1342,13 +1342,13 @@ project(':wres-tasker') { implementation 'org.eclipse.jetty:jetty-server:11.0.20' // Support HTTP/2 - implementation 'org.eclipse.jetty.http2:http2-server:11.0.20' + implementation 'org.eclipse.jetty.http2:http2-server:11.0.21' // Support ALPN - implementation 'org.eclipse.jetty:jetty-alpn-java-server:11.0.20' + implementation 'org.eclipse.jetty:jetty-alpn-java-server:11.0.21' // Servlet container library to run a web application with: - implementation 'org.eclipse.jetty:jetty-webapp:11.0.20' + implementation 'org.eclipse.jetty:jetty-webapp:11.0.21' // Needed at compile-time to reference ServletContainer.class and // DefaultServlet.class @@ -1373,7 +1373,7 @@ project(':wres-tasker') { } // Because of CVE-2022-24823. TODO: remove when Redisson catches up - implementation group: 'io.netty', name: 'netty-all', version: '4.1.109.Final' + implementation group: 'io.netty', name: 'netty-all', version: '4.1.111.Final' // Better-than-Java's HTTP client. Used to talk to manager. implementation 'com.squareup.okhttp3:okhttp:4.12.0' @@ -1521,10 +1521,10 @@ project(':wres-eventsbroker') { } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' // Include later dependency version - implementation group: 'org.apache.commons', name: 'commons-configuration2', version: '2.10.1' + implementation group: 'org.apache.commons', name: 'commons-configuration2', version: '2.11.0' // Include later dependency version implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: '1.78.1' @@ -1591,7 +1591,7 @@ project(':wres-events') { } // Because of CVE-2022-24823. TODO: remove when Qpid catches up - implementation group: 'io.netty', name: 'netty-all', version: '4.1.109.Final' + implementation group: 'io.netty', name: 'netty-all', version: '4.1.111.Final' // For various utilities implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.14.0' @@ -1606,7 +1606,7 @@ project(':wres-events') { testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.2' // Mocking help - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' // Mocking final classes testImplementation 'org.mockito:mockito-inline:5.2.0' @@ -1871,7 +1871,7 @@ dependencies { implementation 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' // Servlet container library to run a web application with: - implementation 'org.eclipse.jetty:jetty-webapp:11.0.20' + implementation 'org.eclipse.jetty:jetty-webapp:11.0.21' // Needed at compile-time to reference ServletContainer.class and // DefaultServlet.class @@ -1892,7 +1892,7 @@ dependencies { } // Because of CVE-2022-24823. TODO: remove when Redisson catches up - implementation group: 'io.netty', name: 'netty-all', version: '4.1.109.Final' + implementation group: 'io.netty', name: 'netty-all', version: '4.1.111.Final' implementation('edu.ucar:cdm-core:5.4.2') { // Because we use slf4j, not jcl: @@ -1905,7 +1905,7 @@ dependencies { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.2.0-jre' + implementation 'com.google.guava:guava:33.2.1-jre' // JCIP annotations compileOnly group: 'net.jcip', name: 'jcip-annotations', version: '1.0' @@ -1942,7 +1942,7 @@ dependencies { testCompileOnly 'junit:junit:4.13.2' testRuntimeOnly 'org.junit.vintage:junit-vintage-engine:5.10.2' - testImplementation 'org.mockito:mockito-core:5.11.0' + testImplementation 'org.mockito:mockito-core:5.12.0' testImplementation group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1' } diff --git a/wres-broker/Dockerfile b/wres-broker/Dockerfile index ee4dd01574..39fe9ae5a1 100644 --- a/wres-broker/Dockerfile +++ b/wres-broker/Dockerfile @@ -1,4 +1,4 @@ -FROM rabbitmq:3.13.2-management-alpine +FROM rabbitmq:3.13.3-management-alpine # Wish we could do the following, but busybox does not support long gids: #RUN addgroup -g 1370800073 wres && adduser -D -u 498 -g 1370800073 wres_docker diff --git a/wres-eventsbroker/Dockerfile b/wres-eventsbroker/Dockerfile index e8ccc402a5..3c08daeaef 100644 --- a/wres-eventsbroker/Dockerfile +++ b/wres-eventsbroker/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.19.1 AS builder -ARG BROKER_VERSION=2.35.0 +ARG BROKER_VERSION=2.34.0 WORKDIR /workspace @@ -33,7 +33,7 @@ FROM registry.access.redhat.com/ubi8/ubi:8.9-1160.1715068735 RUN dnf install -y \ java-17-openjdk-headless-1:17.0.11.0.9-2.el8.x86_64 \ procps-ng-3.3.15-14.el8 \ - iproute-6.2.0-5.el8_9 \ + iproute-6.2.0-6.el8_10.x86_64 \ libaio-0.3.112-1.el8 \ && dnf clean all diff --git a/wres-tasker/Dockerfile b/wres-tasker/Dockerfile index e47cd8fbf6..230bc7ba84 100644 --- a/wres-tasker/Dockerfile +++ b/wres-tasker/Dockerfile @@ -4,7 +4,7 @@ RUN dnf install -y \ java-17-openjdk-headless-1:17.0.11.0.9-2.el8.x86_64 \ unzip-6.0-46.el8 \ procps-ng-3.3.15-14.el8 \ - iproute-6.2.0-5.el8_9 \ + iproute-6.2.0-6.el8_10.x86_64 \ hostname-3.20-6.el8 \ && dnf clean all diff --git a/wres-vis/Dockerfile b/wres-vis/Dockerfile index c044e66939..cff406b801 100644 --- a/wres-vis/Dockerfile +++ b/wres-vis/Dockerfile @@ -8,7 +8,7 @@ RUN dnf install -y \ dejavu-fonts-common-2.35-7.el8 \ dejavu-sans-fonts-2.35-7.el8 \ procps-ng-3.3.15-14.el8 \ - iproute-6.2.0-5.el8_9 \ + iproute-6.2.0-6.el8_10.x86_64 \ hostname-3.20-6.el8 \ && dnf clean all diff --git a/wres-writing/Dockerfile b/wres-writing/Dockerfile index cfbf785bfe..a318aebbce 100644 --- a/wres-writing/Dockerfile +++ b/wres-writing/Dockerfile @@ -8,7 +8,7 @@ RUN dnf install -y \ dejavu-fonts-common-2.35-7.el8 \ dejavu-sans-fonts-2.35-7.el8 \ procps-ng-3.3.15-14.el8 \ - iproute-6.2.0-5.el8_9 \ + iproute-6.2.0-6.el8_10.x86_64 \ hostname-3.20-6.el8 \ && dnf clean all