Dependency updates (#356)

- Update to DV plugin 3.18 - Update to Gradle 8.10 - Update to address vulnerability in `unzip-stream`
2024-11-24 02:12:12 +00:00 · 2024-08-26 13:12:08 -06:00 · 2024-08-26 13:12:08 -06:00 · d32a10b3ae
commit d32a10b3ae
parent ca7f3fa2f5 e598a32529
29 changed files with 44 additions and 44 deletions
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/groovy-dsl/settings.gradle
+++ b/.github/workflow-samples/groovy-dsl/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/kotlin-dsl/build.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/build.gradle.kts
@ -8,9 +8,9 @@ repositories {
 dependencies {
    api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.2.1-jre")
+    implementation("com.google.guava:guava:33.3.0-jre")
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.0")
 }
 tasks.test {
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.develocity") version "3.17.6"
+    id("com.gradle.develocity") version "3.18"
    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
 }
--- a/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
+++ b/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6" 
+    id "com.gradle.develocity" version "3.18" 
 }
 develocity {
--- a/.github/workflow-samples/no-wrapper/settings.gradle
+++ b/.github/workflow-samples/no-wrapper/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
 }
 develocity {
--- a/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/non-executable-wrapper/settings.gradle
+++ b/.github/workflow-samples/non-executable-wrapper/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
 }
 develocity {
--- a/.github/workflows/integ-test-inject-develocity.yml
+++ b/.github/workflows/integ-test-inject-develocity.yml
@ -33,11 +33,11 @@ jobs:
      matrix:
        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18]
        include:
        - plugin-version: 3.16.2
          accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.17.6
+        - plugin-version: 3.18
          accessKeyEnv: DEVELOCITY_ACCESS_KEY
    runs-on: ${{ matrix.os }}
@ -84,7 +84,7 @@ jobs:
      matrix:
        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout sources
@ -133,7 +133,7 @@ jobs:
      matrix:
        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18 ]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
@ -169,7 +169,7 @@ jobs:
      matrix:
        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18 ]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout sources
--- a/.github/workflows/integ-test-provision-gradle-versions.yml
+++ b/.github/workflows/integ-test-provision-gradle-versions.yml
@ -75,7 +75,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        gradle: [8.9, 8.8, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1] # 8.8 is the latest installed on windows runners
+        gradle: ["8.10", 8.9, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
        os: ${{fromJSON(inputs.runner-os)}}
        include:
          - java-version: 11
--- a/docs/deprecation-upgrade-guide.md
+++ b/docs/deprecation-upgrade-guide.md
@ -101,7 +101,7 @@ The exact syntax depends on whether or not your project is configured with the [
 - name: Setup Gradle for a non-wrapper project
  uses: gradle/actions/setup-gradle@v4
  with:
-    gradle-version: 8.9
+    gradle-version: "8.10"
 - name: Assemble the project
  run: gradle assemble
--- a/docs/setup-gradle.md
+++ b/docs/setup-gradle.md
@ -57,11 +57,11 @@ The `setup-gradle` action can download and install a specified Gradle version, a
 Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid having to download them again later.
 ```yaml
- - name: Setup Gradle 8.5
+ - name: Setup Gradle 8.10
   uses: gradle/actions/setup-gradle@v4
   with:
-     gradle-version: 8.5
+     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
-  - name: Build with Gradle 8.5
+  - name: Build with Gradle 8.10
    run: gradle build
 ```
@ -749,7 +749,7 @@ Here's a minimal example:
      run: ./gradlew build
 ```
-This configuration will automatically apply `v3.17.6` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.18` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
@ -821,7 +821,7 @@ Here's an example using the env vars:
      env:
        DEVELOCITY_INJECTION_ENABLED: true
        DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17.6
+        DEVELOCITY_PLUGIN_VERSION: 3.18
 ```
 ## Publishing to scans.gradle.com
--- a/sources/.tool-versions
+++ b/sources/.tool-versions
@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 20.10.0
-gradle 8.9
+gradle 8.10
--- a/sources/package-lock.json
+++ b/sources/package-lock.json
@ -9363,9 +9363,9 @@
      }
    },
    "node_modules/unzip-stream": {
-      "version": "0.3.1",
+      "version": "0.3.4",
-      "resolved": "https://registry.npmjs.org/unzip-stream/-/unzip-stream-0.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/unzip-stream/-/unzip-stream-0.3.4.tgz",
-      "integrity": "sha512-RzaGXLNt+CW+T41h1zl6pGz3EaeVhYlK+rdAap+7DxW5kqsqePO8kRtWPaCiVqdhZc86EctSPVYNix30YOMzmw==",
+      "integrity": "sha512-PyofABPVv+d7fL7GOpusx7eRT9YETY2X04PhwbSipdj6bMxVCFJrr+nm0Mxqbf9hUiTin/UsnuFWBXlDZFy0Cw==",
      "dependencies": {
        "binary": "^0.3.0",
        "mkdirp": "^0.5.1"
@ -16629,9 +16629,9 @@
      "dev": true
    },
    "unzip-stream": {
-      "version": "0.3.1",
+      "version": "0.3.4",
-      "resolved": "https://registry.npmjs.org/unzip-stream/-/unzip-stream-0.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/unzip-stream/-/unzip-stream-0.3.4.tgz",
-      "integrity": "sha512-RzaGXLNt+CW+T41h1zl6pGz3EaeVhYlK+rdAap+7DxW5kqsqePO8kRtWPaCiVqdhZc86EctSPVYNix30YOMzmw==",
+      "integrity": "sha512-PyofABPVv+d7fL7GOpusx7eRT9YETY2X04PhwbSipdj6bMxVCFJrr+nm0Mxqbf9hUiTin/UsnuFWBXlDZFy0Cw==",
      "requires": {
        "binary": "^0.3.0",
        "mkdirp": "^0.5.1"
--- a/sources/src/develocity/build-scan.ts
+++ b/sources/src/develocity/build-scan.ts
@ -7,7 +7,7 @@ export async function setup(config: BuildScanConfig): Promise<void> {
    maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
    if (config.getBuildScanPublishEnabled()) {
        maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.6')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.18')
        maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0')
        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
--- a/sources/test/init-scripts/gradle/wrapper/gradle-wrapper.jar
+++ b/sources/test/init-scripts/gradle/wrapper/gradle-wrapper.jar
--- a/sources/test/init-scripts/gradle/wrapper/gradle-wrapper.properties
+++ b/sources/test/init-scripts/gradle/wrapper/gradle-wrapper.properties
@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/sources/test/init-scripts/settings.gradle
+++ b/sources/test/init-scripts/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
--- a/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
+++ b/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
@ -16,7 +16,7 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.17.6'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.18'
    static final String CCUD_PLUGIN_VERSION = '2.0.1'
    static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
@ -27,7 +27,7 @@ class BaseInitScriptTest extends Specification {
    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
    static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.9'), 8, 22)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.10'), 8, 22)
    static final List<TestGradleVersion> ALL_VERSIONS = [
        GRADLE_3_X, // First version where TestKit supports environment variables
--- a/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy
+++ b/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy
@ -196,7 +196,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
        when:
        settingsFile.text = """
            plugins {
-                id 'com.gradle.develocity' version '3.17.6' apply(false)
+                id 'com.gradle.develocity' version '3.18' apply(false)
            }
            gradle.settingsEvaluated {
                apply plugin: 'com.gradle.develocity'
--- a/sources/test/jest/cache-cleanup.test.ts
+++ b/sources/test/jest/cache-cleanup.test.ts
@ -53,7 +53,7 @@ test('will cleanup unused gradle versions', async () => {
    const transforms3 = path.resolve(gradleUserHome, "caches/transforms-3")
    const metadata100 = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.100")
    const wrapper802 = path.resolve(gradleUserHome, "wrapper/dists/gradle-8.0.2-bin")
-    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.9")
+    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.10")
    const metadataCurrent = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.106")
    expect(fs.existsSync(gradle802)).toBe(true)