From 6dc4c6c60569ddc65c7441cdc3f5e7264c9601f3 Mon Sep 17 00:00:00 2001 From: Eric Anderson Date: Thu, 11 Jun 2026 15:15:22 -0700 Subject: [PATCH] Upgrade dependencies Also add a mention in RELEASING.md that we should check github actions for updates. --- .github/workflows/branch-testing.yml | 6 +-- .../workflows/gradle-wrapper-validation.yml | 4 +- .github/workflows/lock.yml | 2 +- .github/workflows/testing.yml | 18 +++---- MODULE.bazel | 12 ++--- RELEASING.md | 4 ++ examples/build.gradle | 2 +- examples/example-gauth/pom.xml | 2 +- .../build.gradle | 4 +- examples/example-hostname/build.gradle | 2 +- examples/example-oauth/pom.xml | 2 +- examples/example-opentelemetry/build.gradle | 4 +- examples/pom.xml | 4 +- gradle/libs.versions.toml | 52 +++++++++++-------- gradle/wrapper/gradle-wrapper.properties | 2 +- repositories.bzl | 12 ++--- settings.gradle | 8 +-- 17 files changed, 76 insertions(+), 64 deletions(-) diff --git a/.github/workflows/branch-testing.yml b/.github/workflows/branch-testing.yml index ece8ec4cd58..2f462242f38 100644 --- a/.github/workflows/branch-testing.yml +++ b/.github/workflows/branch-testing.yml @@ -20,14 +20,14 @@ jobs: fail-fast: false # Should swap to true if we grow a large matrix steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.jre }} distribution: 'temurin' - name: Gradle cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.gradle/caches diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index da1e2fed114..91eada5371d 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -9,5 +9,5 @@ jobs: name: "Gradle wrapper validation" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: gradle/actions/wrapper-validation@v4 + - uses: actions/checkout@v6 + - uses: gradle/actions/wrapper-validation@v6 diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 3070a1a2f7c..b29a5573512 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -13,7 +13,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v5 + - uses: dessant/lock-threads@v6 with: github-token: ${{ github.token }} issue-inactive-days: 90 diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 23ec9666dcb..0292e6602f9 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -21,14 +21,14 @@ jobs: fail-fast: false # Should swap to true if we grow a large matrix steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.jre }} distribution: 'temurin' - name: Gradle cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.gradle/caches @@ -37,7 +37,7 @@ jobs: restore-keys: | ${{ runner.os }}-gradle- - name: Maven cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.m2/repository @@ -46,7 +46,7 @@ jobs: restore-keys: | ${{ runner.os }}-maven- - name: Protobuf cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: /tmp/protobuf-cache key: ${{ runner.os }}-maven-${{ hashFiles('buildscripts/make_dependencies.sh') }} @@ -55,7 +55,7 @@ jobs: run: buildscripts/kokoro/unix.sh - name: Post Failure Upload Test Reports to Artifacts if: ${{ failure() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: Test Reports (JRE ${{ matrix.jre }}) path: | @@ -71,7 +71,7 @@ jobs: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} run: ./gradlew :grpc-all:coveralls -PskipAndroid=true -x compileJava - name: Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: token: ${{ secrets.CODECOV_TOKEN }} @@ -88,7 +88,7 @@ jobs: USE_BAZEL_VERSION: ${{ matrix.bazel_version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Check versions match in MODULE.bazel and repositories.bzl run: | @@ -96,7 +96,7 @@ jobs: <(sed -n '/GRPC_DEPS_START/,/GRPC_DEPS_END/ {/GRPC_DEPS_/! p}' repositories.bzl) - name: Bazel cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cache/bazel/*/cache diff --git a/MODULE.bazel b/MODULE.bazel index fe173ba0498..a259cf60080 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -13,16 +13,16 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "com.google.auto.value:auto-value-annotations:1.11.0", "com.google.auto.value:auto-value:1.11.0", "com.google.code.findbugs:jsr305:3.0.2", - "com.google.code.gson:gson:2.13.2", - "com.google.errorprone:error_prone_annotations:2.48.0", + "com.google.code.gson:gson:2.14.0", + "com.google.errorprone:error_prone_annotations:2.50.0", "com.google.guava:failureaccess:1.0.1", - "com.google.guava:guava:33.5.0-android", + "com.google.guava:guava:33.6.0-android", "com.google.re2j:re2j:1.8", "com.google.s2a.proto.v2:s2a-proto:0.1.3", "com.google.truth:truth:1.4.5", - "dev.cel:runtime:0.12.0", - "dev.cel:protobuf:0.12.0", - "dev.cel:common:0.12.0", + "dev.cel:runtime:0.13.0", + "dev.cel:protobuf:0.13.0", + "dev.cel:common:0.13.0", "com.squareup.okhttp:okhttp:2.7.5", "com.squareup.okio:okio:2.10.0", # 3.0+ needs swapping to -jvm; need work to avoid flag-day "io.netty:netty-buffer:4.2.15.Final", diff --git a/RELEASING.md b/RELEASING.md index c57829b8c25..14b8fa6f769 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -250,3 +250,7 @@ gRPC for things that will need a migration effort. When happy with the dependency upgrades, update the versions in `MODULE.bazel`, `repositories.bzl`, and the various `pom.xml` and `build.gradle` files in `examples/`. + +Upgrade the `uses:` for actions in `.github/workflows` to newer versions. Make +sure to see what changed in each new major version, but it is most often just +requiring a newer Node.js version. diff --git a/examples/build.gradle b/examples/build.gradle index 544a7a4a8a0..89b21ccc017 100644 --- a/examples/build.gradle +++ b/examples/build.gradle @@ -22,7 +22,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.83.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.8' +def protobufVersion = '3.25.9' def protocVersion = protobufVersion dependencies { diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml index f822d27beef..28b6f3bb35a 100644 --- a/examples/example-gauth/pom.xml +++ b/examples/example-gauth/pom.xml @@ -31,7 +31,7 @@ com.google.code.gson gson - 2.13.2 + 2.14.0 diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle index d0b0e27dccc..a1f08b00162 100644 --- a/examples/example-gcp-csm-observability/build.gradle +++ b/examples/example-gcp-csm-observability/build.gradle @@ -24,8 +24,8 @@ java { // updating the version in our release process. def grpcVersion = '1.83.0-SNAPSHOT' // CURRENT_GRPC_VERSION def protocVersion = '3.25.8' -def openTelemetryVersion = '1.56.0' -def openTelemetryPrometheusVersion = '1.56.0-alpha' +def openTelemetryVersion = '1.63.0' +def openTelemetryPrometheusVersion = '1.63.0-alpha' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle index a736617f968..136cbcc2f9c 100644 --- a/examples/example-hostname/build.gradle +++ b/examples/example-hostname/build.gradle @@ -3,7 +3,7 @@ plugins { id 'java' id "com.google.protobuf" version "0.9.5" - id 'com.google.cloud.tools.jib' version '3.4.4' // For releasing to Docker Hub + id 'com.google.cloud.tools.jib' version '3.5.3' // For releasing to Docker Hub } repositories { diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml index 426e9e16192..1168103d18e 100644 --- a/examples/example-oauth/pom.xml +++ b/examples/example-oauth/pom.xml @@ -33,7 +33,7 @@ com.google.code.gson gson - 2.13.2 + 2.14.0 diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle index 470b6a87fc3..9bcf65d209b 100644 --- a/examples/example-opentelemetry/build.gradle +++ b/examples/example-opentelemetry/build.gradle @@ -23,8 +23,8 @@ java { // updating the version in our release process. def grpcVersion = '1.83.0-SNAPSHOT' // CURRENT_GRPC_VERSION def protocVersion = '3.25.8' -def openTelemetryVersion = '1.56.0' -def openTelemetryPrometheusVersion = '1.56.0-alpha' +def openTelemetryVersion = '1.63.0' +def openTelemetryPrometheusVersion = '1.63.0-alpha' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/pom.xml b/examples/pom.xml index fc631f7dfb4..bf4e34068a1 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -13,8 +13,8 @@ UTF-8 1.83.0-SNAPSHOT - 3.25.8 - 3.25.8 + 3.25.9 + 3.25.9 1.8 1.8 diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index e88c4f3da25..33644b95e25 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -37,9 +37,9 @@ checkstyle = "com.puppycrawl.tools:checkstyle:10.26.1" # checkstyle 10.0+ requires Java 11+ # See https://checkstyle.sourceforge.io/releasenotes_old_8-35_10-26.html#Release_10.0 # checkForUpdates: checkstylejava8:9.+ -cel-runtime = "dev.cel:runtime:0.12.0" -cel-protobuf = "dev.cel:protobuf:0.12.0" -cel-compiler = "dev.cel:compiler:0.12.0" +cel-runtime = "dev.cel:runtime:0.13.0" +cel-protobuf = "dev.cel:protobuf:0.13.0" +cel-compiler = "dev.cel:compiler:0.13.0" checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3" commons-math3 = "org.apache.commons:commons-math3:3.6.1" conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2" @@ -48,7 +48,7 @@ conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2" cronet-api = "org.chromium.net:cronet-api:119.6045.31" # checkForUpdates: cronet-embedded:119.6045.31 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31" -errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.48.0" +errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.50.0" # 2.32.0+ requires Java 17+ # checkForUpdates: errorprone-core:2.31.+ errorprone-core = "com.google.errorprone:error_prone_core:2.31.0" @@ -67,13 +67,13 @@ google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.42.1 # 3.23.11+ require protobuf 4.x # checkForUpdates: google-cloud-logging:3.23.10 google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.10" -gson = "com.google.code.gson:gson:2.13.2" -guava = "com.google.guava:guava:33.5.0-android" +gson = "com.google.code.gson:gson:2.14.0" +guava = "com.google.guava:guava:33.6.0-android" guava-betaChecker = "com.google.guava:guava-beta-checker:1.0" -guava-testlib = "com.google.guava:guava-testlib:33.5.0-android" +guava-testlib = "com.google.guava:guava-testlib:33.6.0-android" # JRE version is needed for projects where its a transitive dependency, f.e. gcp-observability. # May be different from the -android version. -guava-jre = "com.google.guava:guava:33.5.0-jre" +guava-jre = "com.google.guava:guava:33.6.0-jre" hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2" # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9 # checkForUpdates: jakarta-servlet-api:5.+ @@ -82,16 +82,16 @@ javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1" # 12.0.0+ require Java 17+ # checkForUpdates: jetty-client:11.+ jetty-client = "org.eclipse.jetty:jetty-client:11.0.26" -jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.7" +jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.10" # 10.0.25+ uses uses @Deprecated(since=/forRemoval=) from Java 9 # checkForUpdates: jetty-http2-server10:10.0.24 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.24" -jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.7" +jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.10" # checkForUpdates: jetty-servlet10:10.0.24 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.24" jsr305 = "com.google.code.findbugs:jsr305:3.0.2" junit = "junit:junit:4.13.2" -lincheck = "org.jetbrains.lincheck:lincheck:3.4" +lincheck = "org.jetbrains.lincheck:lincheck:3.6" # Update notes / 2023-07-19 sergiitk: # Couldn't update to 5.4.0, updated to the last in 4.x line. Version 5.x breaks some tests. # Error log: https://github.com/grpc/grpc-java/pull/10359#issuecomment-1632834435 @@ -119,22 +119,22 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" } opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" } opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" } -opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.60.1" -opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.60.1-alpha" -opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.54.0-alpha" -opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.60.1" -opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.60.1" +opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.63.0" +opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.63.0-alpha" +opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.57.0-alpha" +opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.63.0" +opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.63.0" perfmark-api = "io.perfmark:perfmark-api:0.27.0" # Not upgrading to 4.x as it is not yet ABI compatible. # https://github.com/protocolbuffers/protobuf/issues/17247 # checkForUpdates: protobuf-java:3.+ -protobuf-java = "com.google.protobuf:protobuf-java:3.25.8" +protobuf-java = "com.google.protobuf:protobuf-java:3.25.9" # checkForUpdates: protobuf-java-util:3.+ -protobuf-java-util = "com.google.protobuf:protobuf-java-util:3.25.8" +protobuf-java-util = "com.google.protobuf:protobuf-java-util:3.25.9" # checkForUpdates: protobuf-javalite:3.+ -protobuf-javalite = "com.google.protobuf:protobuf-javalite:3.25.8" +protobuf-javalite = "com.google.protobuf:protobuf-javalite:3.25.9" # checkForUpdates: protobuf-protoc:3.+ -protobuf-protoc = "com.google.protobuf:protoc:3.25.8" +protobuf-protoc = "com.google.protobuf:protoc:3.25.9" re2j = "com.google.re2j:re2j:1.8" robolectric = "org.robolectric:robolectric:4.16.1" s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.3" @@ -142,10 +142,16 @@ signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r signature-java = "org.codehaus.mojo.signature:java18:1.0" # 11.0.0+ require Java 17+ # checkForUpdates: tomcat-embed-core:10.+ -tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.52" +tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.55" # checkForUpdates: tomcat-embed-core9:9.+ -tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.115" +tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.118" truth = "com.google.truth:truth:1.4.5" -# checkForUpdates: undertow-servlet22:2.2.+ +# 2.2.39 fails UndertowInteropTest.veryLargeRequest() +# https://github.com/grpc/grpc-java/issues/12859 +# (disabled) checkForUpdates: undertow-servlet22:2.2.+ +# checkForUpdates: undertow-servlet22:2.2.38.Final undertow-servlet22 = "io.undertow:undertow-servlet:2.2.38.Final" +# 2.3.21 fails UndertowInteropTest.veryLargeRequest() +# https://github.com/grpc/grpc-java/issues/12859 +# checkForUpdates: undertow-servlet:2.3.20.Final undertow-servlet = "io.undertow:undertow-servlet:2.3.20.Final" diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d4081da476b..4f5eb9dcc0e 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.5-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/repositories.bzl b/repositories.bzl index a679a7749de..6451625befa 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -18,16 +18,16 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "com.google.auto.value:auto-value-annotations:1.11.0", "com.google.auto.value:auto-value:1.11.0", "com.google.code.findbugs:jsr305:3.0.2", - "com.google.code.gson:gson:2.13.2", - "com.google.errorprone:error_prone_annotations:2.48.0", + "com.google.code.gson:gson:2.14.0", + "com.google.errorprone:error_prone_annotations:2.50.0", "com.google.guava:failureaccess:1.0.1", - "com.google.guava:guava:33.5.0-android", + "com.google.guava:guava:33.6.0-android", "com.google.re2j:re2j:1.8", "com.google.s2a.proto.v2:s2a-proto:0.1.3", "com.google.truth:truth:1.4.5", - "dev.cel:runtime:0.12.0", - "dev.cel:protobuf:0.12.0", - "dev.cel:common:0.12.0", + "dev.cel:runtime:0.13.0", + "dev.cel:protobuf:0.13.0", + "dev.cel:common:0.13.0", "com.squareup.okhttp:okhttp:2.7.5", "com.squareup.okio:okio:2.10.0", # 3.0+ needs swapping to -jvm; need work to avoid flag-day "io.netty:netty-buffer:4.2.15.Final", diff --git a/settings.gradle b/settings.gradle index 51c4bdc0d3d..768835c8c55 100644 --- a/settings.gradle +++ b/settings.gradle @@ -20,12 +20,13 @@ pluginManagement { // https://github.com/kt3k/coveralls-gradle-plugin/tags id "com.github.kt3k.coveralls" version "2.12.2" // https://github.com/GoogleCloudPlatform/appengine-plugins/releases - id "com.google.cloud.tools.appengine" version "2.8.6" + id "com.google.cloud.tools.appengine" version "2.8.7" // https://github.com/GoogleContainerTools/jib/blob/master/jib-gradle-plugin/CHANGELOG.md - id "com.google.cloud.tools.jib" version "3.5.1" + id "com.google.cloud.tools.jib" version "3.5.3" // https://github.com/google/osdetector-gradle-plugin/tags id "com.google.osdetector" version "1.7.3" // https://github.com/google/protobuf-gradle-plugin/releases + // 0.10+ requires Java 11+ id "com.google.protobuf" version "0.9.5" // https://github.com/GradleUp/shadow/releases // 8.3.2+ requires Java 11+ @@ -36,7 +37,8 @@ pluginManagement { // https://github.com/melix/jmh-gradle-plugin/releases id "me.champeau.jmh" version "0.7.3" // https://github.com/tbroyer/gradle-errorprone-plugin/releases - id "net.ltgt.errorprone" version "4.3.0" + // 5+ requires Java 11+ + id "net.ltgt.errorprone" version "4.4.0" // https://github.com/xvik/gradle-animalsniffer-plugin/releases id "ru.vyarus.animalsniffer" version "2.0.1" }