chore(deps): Non-AWS dependency updates #2758
Conversation
gu-scala-steward-public-repos
bot
added
the
dependencies
gu-scala-steward-public-repos
bot
force-pushed
the
update/non_aws
branch
from
e82535c to
af476fb
Compare
| given Decoder[Identity] = deriveDecoder | ||
| given Decoder[RequestContext] = deriveDecoder |
There was a problem hiding this comment.
I can't quite work out how it compiled before, as semiauto should need the full chain defined. Unfortunately because it uses deriving.Mirror, it's not possible to see the actual implicits used in Intellij before/after.
| val parallelCollections = "org.scala-lang.modules" %% "scala-parallel-collections" % "1.0.4" | ||
| val commonsIO = "commons-io" % "commons-io" % "2.18.0" | ||
| val jodaTime = "joda-time" % "joda-time" % "2.13.1" | ||
| val tapirVersion = "1.11.33"// stick with 1.11.33 for now as later versions indirectly pull in netty-codec-base which duplicates netty-codec content |
There was a problem hiding this comment.
We need to avoid splitting between netty 4.1 and 4.2 as the jars have been shifted around.
The netty-codec module has been split into a number of different sub-modules, which the netty-codec module then depends on. In other words, netty-codec is now multiple jar files instead of one.
AWS sdk is still on the 4.1 until this (or similar) is merged aws/aws-sdk-java-v2#6205
But later versions of tapir (via ZIO) are on 4.2.
See netty migration guide for the reasoning behind the incompatibility
https://github.com/netty/netty/wiki/Netty-4.2-Migration-Guide#:~:text=The%20netty%2Dcodec%20module%20has%20been%20split%20into%20a%20number%20of%20different%20sub%2Dmodules%2C%20which%20the%20netty%2Dcodec%20module%20then%20depends%20on.%20In%20other%20words%2C%20netty%2Dcodec%20is%20now%20multiple%20jar%20files%20instead%20of%20one.
| val circeVersion = "0.14.10" | ||
| val sttpVersion = "3.10.1" | ||
|
|
||
| val awsSdkVersion = "2.31.71" |
There was a problem hiding this comment.
I separated this by one line from the non aws ones, so that it doesn't cause git conflicts as the automatic PRs are raised separately for AWS and non AWS bumps.
| val assemblyMergeStrategyDiscardModuleInfo = | ||
| assembly / assemblyMergeStrategy := { | ||
| case PathList("META-INF", "maven", "org.webjars", "swagger-ui", "pom.properties") => | ||
| MergeStrategy.singleOrError | ||
| case PathList(ps @ _*) if ps.last == "module-info.class" => MergeStrategy.discard | ||
| case PathList(ps @ _*) if ps.last == "deriving.conf" => MergeStrategy.filterDistinctLines | ||
| case PathList("META-INF", "io.netty.versions.properties") => MergeStrategy.discard | ||
| case PathList("mime.types") => MergeStrategy.filterDistinctLines | ||
| case PathList("logback.xml") => MergeStrategy.preferProject | ||
| /* | ||
| * AWS SDK v2 includes a codegen-resources directory in each jar, with conflicting names. | ||
| * This appears to be for generating clients from HTTP services. | ||
| * So it's redundant in a binary artefact. | ||
| */ | ||
| case PathList("codegen-resources", _*) => MergeStrategy.discard | ||
| case PathList("META-INF", "FastDoubleParser-LICENSE") => MergeStrategy.concat | ||
| case PathList("META-INF", "FastDoubleParser-NOTICE") => MergeStrategy.concat | ||
| case PathList("META-INF", "okio.kotlin_module") => MergeStrategy.discard | ||
| case x => | ||
| val oldStrategy = (assembly / assemblyMergeStrategy).value | ||
| oldStrategy(x) | ||
| } |
There was a problem hiding this comment.
just a small reformat, no change needed in the end
| // Override to fix this vulnerability https://github.com/guardian/support-service-lambdas/security/dependabot/24 | ||
| // This is a transitive dependency of async-http-client-backend-cats-ce2 so when we upgrade that we can remove this | ||
| val asyncHttpClientOverride = "org.asynchttpclient" % "async-http-client" % "2.12.4" | ||
| val asyncHttpClientOverride = "org.asynchttpclient" % "async-http-client" % "3.0.2" |
There was a problem hiding this comment.
this should not have been bumped a major version due to binary incompatiblity at run time #2910
Actually this override is no longer needed.
About this PR
Updates:
1.5.11to1.5.181.7.5to1.7.62.3.0to2.3.12.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.17.2to2.17.32.43.1to2.43.33.10.1to3.10.33.10.1to3.10.33.10.1to3.10.33.10.1to3.10.33.10.1to3.10.33.10.1to3.10.31.9.11to1.11.321.9.11to1.11.321.9.11to1.11.321.9.11to1.11.321.9.11to1.11.3222.31.0to29.1.0⚠2.18.0to2.19.01.0.17to1.0.182.0.22to2.1.182.1.17to2.5.02.0.22to2.1.182.0.22to2.1.180.14.10to0.14.130.14.10to0.14.132.13.1to2.14.02.12.4to3.0.2⚠0.22.15to0.23.300.22.15to0.23.300.22.15to0.23.300.22.15to0.23.305.14.1to5.14.21.0.4to1.2.02.3.0to2.4.01.10.2to1.10.111.10.2to1.10.111.17.1to1.18.12.5.2to2.5.45.2.0to7.3.2⚠2.12.0to2.13.02.5.5to3.6.1⚠Usage
✅ Please merge!
I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.
If you have any feedback, just mention me in the comments below.
Configure Scala Steward for your repository with a
.scala-steward.conffile.Have a fantastic day writing Scala!
💡 Applied Scalafix Migrations
🔍 Files still referring to the old version numbers
The following files still refer to the old version numbers.
You might want to review and update them manually.
⚙ Adjust future updates
Add these to your
.scala-steward.conffile to ignore future updates of these dependencies:Or, add these to slow down future updates of these dependencies: