Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a developer, I want dependency updates #368

Open
8 tasks
james-d-brown opened this issue Nov 22, 2024 · 17 comments
Open
8 tasks

As a developer, I want dependency updates #368

james-d-brown opened this issue Nov 22, 2024 · 17 comments
Assignees
@HankHerr-NOAA
Labels
dependencies Dependency updates or issues
Milestone
v6.28

Comments

@james-d-brown
Copy link
Collaborator

james-d-brown commented Nov 22, 2024
edited by HankHerr-NOAA
Loading

  • Libraries having update available
  • Libraries marked vulnerable by scan
  • Jetty
  • Artemis
  • Redis
  • RabbitMQ
  • Java Runtime Environment
  • Anything else

Known Issues:
#68
#100

CVEs flagged by the github bot, which we can use alongside the gradle task, dependencyCheckAnalyze

https://github.com/NOAA-OWP/wres/security/dependabot
@james-d-brown james-d-brown added this to the v6.28 milestone Nov 22, 2024
@james-d-brown james-d-brown added the dependencies Dependency updates or issues label Nov 22, 2024
@james-d-brown
Copy link
Collaborator Author

Feel free to edit the OP to replace Anything Else with actual things. For example, we might consider upgrading to a new major version, which will require a quick scan of the release notes w/r to breaking changes and, potentially, additional checking/testing.

@HankHerr-NOAA
Copy link
Contributor

I'm going to start on this today, but given this is a short day for me, I don't anticipate finishing it. In fact, if we start bumping to major versions, I may not even come close to finishing it today.

To begin, my plan is to do a minor version bump. I'll then take a look at what major versions there are to consider and decide which if any to tackle with this update.

Hank

@HankHerr-NOAA HankHerr-NOAA self-assigned this Nov 27, 2024
@HankHerr-NOAA
Copy link
Contributor

I've pulled the latest and am running unit tests on owpal-d-ised01. Once that's done, I'll create the branch and start following the process described in the VLab Wiki, "COWRES Deployment Process Instructions (Github)".

Hank

@HankHerr-NOAA
Copy link
Contributor

I looked at the past dependency update to 6.27, #340, and searching a few libraries, it appears that, if a major version update is indicated by ./gradlew dependencyUpdates, then we just skip that update altogether when limiting ourselves to minor updates. But, again, I only looked at a few. Should I make an attempt to identify minor updates that may be between the current version and the major version upgrade? Again, my goal with this first pass is minor update only, noting #68 which prevents bumping Jersey.

The results of ./gradlew dependencyUpdates are provided below,

Hank

==========


> Configure project :
Set wres-writing version: 20241126-2da40a3
20241126-2da40a3-dev
Set wres-vis version: 20241126-2da40a3
20241126-2da40a3-dev
Path for java installation '/usr/lib/jvm/java-11-openjdk-11.0.16.0.8-1.el7_9.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-11-openjdk-11.0.14.1.1-1.el7_9.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.20-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.5-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-11-openjdk-11.0.21.0.9-2.el8.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.25-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.15-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.15-1jpp.3.el7.x86_64' (Common Linux Locations) does not contain a java executable
Path for java installation '/usr/lib/jvm/java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64' (Common Linux Locations) does not contain a java executable

> Task :dependencyUpdates

------------------------------------------------------------
: Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.adarshr.test-logger:com.adarshr.test-logger.gradle.plugin:4.0.0
 - com.atlassian.commonmark:commonmark:0.17.0
 - com.github.ben-manes.caffeine:caffeine:3.1.8
 - com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.51.0
 - com.github.marschall:jfr-jdbc:0.4.0
 - com.github.seanrl.jaxb:com.github.seanrl.jaxb.gradle.plugin:2.5.4
 - com.google.guava:guava:33.3.1-jre
 - com.google.guava:guava-testlib:33.3.1-jre
 - com.google.jimfs:jimfs:1.3.0
 - com.h2database:h2:2.3.232
 - com.netflix.nebula:gradle-aggregate-javadocs-plugin:3.0.1
 - com.opencsv:opencsv:5.9
 - com.sun.xml.fastinfoset:FastInfoset:2.1.1
 - commons-beanutils:commons-beanutils:1.9.4
 - commons-codec:commons-codec:1.17.1
 - de.undercouch.download:de.undercouch.download.gradle.plugin:5.6.0
 - io.swagger.core.v3:swagger-jaxrs2:2.2.25
 - jakarta.jms:jakarta.jms-api:3.1.0
 - javax.measure:unit-api:2.2
 - javax.servlet:javax.servlet-api:3.1.0
 - javax.ws.rs:javax.ws.rs-api:2.1
 - junit:junit:4.13.2
 - org.ajoberstar.grgit:org.ajoberstar.grgit.gradle.plugin:5.3.0
 - org.apache.activemq:artemis-amqp-protocol:2.38.0
 - org.apache.activemq:artemis-server:2.38.0
 - org.apache.commons:commons-compress:1.27.1
 - org.apache.commons:commons-configuration2:2.11.0
 - org.apache.commons:commons-lang3:3.17.0
 - org.apache.commons:commons-math3:3.6.1
 - org.apache.qpid:qpid-broker-core:9.2.0
 - org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol:9.2.0
 - org.apache.qpid:qpid-broker-plugins-memory-store:9.2.0
 - org.apache.qpid:qpid-jms-client:2.6.1
 - org.eclipse.jetty:jetty-webapp:11.0.24
 - org.eclipse.jetty.http2:http2-server:11.0.24
 - org.glassfish:javax.json:1.1.4
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.jfree:jfreechart:1.5.5
 - org.jvnet.jaxb2_commons:jaxb2-basics-annotate:1.1.0
 - org.kordamp.gradle.markdown:org.kordamp.gradle.markdown.gradle.plugin:2.2.0
 - org.locationtech.jts:jts-core:1.20.0
 - org.locationtech.jts:jts-io:1.20.0
 - org.mock-server:mockserver-netty:5.15.0
 - org.mockito:mockito-core:5.14.2
 - org.mockito:mockito-inline:5.2.0
 - org.postgresql:postgresql:42.7.4
 - org.slf4j:jcl-over-slf4j:2.1.0-alpha1
 - org.slf4j:jul-to-slf4j:2.1.0-alpha1
 - org.slf4j:log4j-over-slf4j:2.1.0-alpha1
 - si.uom:si-units:2.1
 - systems.uom:systems-quantity:2.1
 - systems.uom:systems-ucum:2.1

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - com.fasterxml.jackson:jackson-bom [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-bom
 - com.fasterxml.jackson.core:jackson-annotations [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.fasterxml.jackson.core:jackson-core [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-core
 - com.fasterxml.jackson.core:jackson-databind [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.fasterxml.jackson.dataformat:jackson-dataformat-yaml [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-dataformats-text
 - com.fasterxml.jackson.datatype:jackson-datatype-jsr310 [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-modules-java8
 - com.github.sabomichal:immutable-xjc-plugin [1.7.1 -> 2.0.3]
     https://github.com/sabomichal/immutable-xjc
 - com.google.protobuf:com.google.protobuf.gradle.plugin [0.9.1 -> 0.9.4]
 - com.google.protobuf:protobuf-java [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.google.protobuf:protobuf-java-util [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.google.protobuf:protoc [3.25.5 -> 21.0-rc-1]
     https://developers.google.com/protocol-buffers/
 - com.hubspot.jackson:jackson-datatype-protobuf [0.9.15 -> 0.9.17]
 - com.mattbertolini:liquibase-slf4j [5.0.0 -> 5.1.0]
     https://github.com/mattbertolini/liquibase-slf4j
 - com.networknt:json-schema-validator [1.5.2 -> 1.5.4]
     https://github.com/networknt/json-schema-validator
 - com.rabbitmq:amqp-client [5.22.0 -> 5.23.0]
     https://www.rabbitmq.com
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - com.zaxxer:HikariCP [5.1.0 -> 6.2.1]
     https://github.com/brettwooldridge/HikariCP
 - commons-io:commons-io [2.17.0 -> 2.18.0]
     https://commons.apache.org/proper/commons-io/
 - edu.ucar:cdm-core [5.4.2 -> 6.0.0-beta1]
 - io.netty:netty-all [4.1.111.Final -> 5.0.0.Alpha2]
     http://netty.io/
 - io.soabase.record-builder:record-builder-core [41 -> 43]
     https://github.com/randgalt/record-builder
 - io.soabase.record-builder:record-builder-processor [41 -> 43]
     https://github.com/randgalt/record-builder
 - io.swagger.core.v3:swagger-jaxrs2-jakarta [2.2.25 -> 2.2.26]
     https://github.com/swagger-api/swagger-core
 - io.swagger.core.v3.swagger-gradle-plugin:io.swagger.core.v3.swagger-gradle-plugin.gradle.plugin [2.2.25 -> 2.2.26]
 - jakarta.activation:jakarta.activation-api [1.2.2 -> 2.1.3]
     https://github.com/jakartaee/jaf-api
 - jakarta.annotation:jakarta.annotation-api [2.1.1 -> 3.0.0]
     https://projects.eclipse.org/projects/ee4j.ca
 - jakarta.ws.rs:jakarta.ws.rs-api [3.1.0 -> 4.0.0]
     https://github.com/jakartaee/rest
 - jakarta.xml.bind:jakarta.xml.bind-api [2.3.3 -> 4.0.2]
     https://github.com/jakartaee/jaxb-api
 - jakarta.xml.bind:jakarta.xml.bind-api [3.0.1 -> 4.0.2]
     https://github.com/jakartaee/jaxb-api
 - org.apache.commons:commons-collections4 [4.4 -> 4.5.0-M2]
     https://commons.apache.org/proper/commons-collections/
 - org.apache.commons:commons-lang3 [3.12.0 -> 3.17.0]
     https://commons.apache.org/proper/commons-lang/
 - org.apache.tika:tika-core [2.9.2 -> 3.0.0]
     https://tika.apache.org/
 - org.beryx.jlink:org.beryx.jlink.gradle.plugin [2.26.0 -> 3.1.1]
 - org.bouncycastle:bcpkix-jdk18on [1.78.1 -> 1.79]
     https://www.bouncycastle.org/java.html
 - org.bouncycastle:bcprov-jdk18on [1.78.1 -> 1.79]
     https://www.bouncycastle.org/java.html
 - org.eclipse.collections:eclipse-collections [11.1.0 -> 12.0.0.M3]
     https://github.com/eclipse/eclipse-collections
 - org.eclipse.jetty:jetty-alpn-java-server [11.0.24 -> 12.1.0.alpha0]
     https://jetty.org
 - org.eclipse.jetty:jetty-server [11.0.24 -> 12.1.0.alpha0]
     https://jetty.org
 - org.eclipse.persistence:org.eclipse.persistence.moxy [2.7.12 -> 5.0.0-B04]
     http://www.eclipse.org/eclipselink
 - org.glassfish.jaxb:jaxb-core [2.3.0.1 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.glassfish.jaxb:jaxb-runtime [2.3.8 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.glassfish.jaxb:jaxb-xjc [2.3.8 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.glassfish.jersey.containers:jersey-container-jetty-http [3.1.3 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.containers:jersey-container-servlet [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.containers:jersey-container-servlet-core [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.core:jersey-server [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.inject:jersey-hk2 [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.media:jersey-media-multipart [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.jetbrains.kotlin:kotlin-stdlib [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk7 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jfree:org.jfree.svg [4.1 -> 5.0.6]
     http://www.jfree.org/jfreesvg
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-params [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.jvnet.jaxb2_commons:jaxb2-basics [0.13.1 -> 1.11.1]
     https://github.com/highsource/jaxb2-basics
 - org.jvnet.jaxb2_commons:jaxb2-basics-ant [0.13.1 -> 1.11.1]
     https://github.com/highsource/jaxb2-basics
 - org.jvnet.jaxb2_commons:jaxb2-basics-runtime [0.13.1 -> 2.0.12]
     https://github.com/highsource/jaxb-tools
 - org.liquibase:liquibase-core [4.29.2 -> 4.30.0]
     http://www.liquibase.com
 - org.owasp.dependencycheck:org.owasp.dependencycheck.gradle.plugin [10.0.2 -> 11.1.0]
 - org.projectlombok:lombok [1.18.34 -> 1.18.36]
     https://projectlombok.org
 - org.redisson:redisson [3.18.0 -> 3.39.0]
     https://redisson.pro
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org
 - org.sonarqube:org.sonarqube.gradle.plugin [5.1.0.4882 -> 6.0.0.5145]
 - tech.units:indriya [2.2 -> 2.2.1]
     http://units.tech

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-config:dependencyUpdates

------------------------------------------------------------
:wres-config Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.google.guava:guava:33.3.1-jre
 - com.google.jimfs:jimfs:1.3.0
 - com.opencsv:opencsv:5.9
 - commons-beanutils:commons-beanutils:1.9.4
 - org.apache.commons:commons-lang3:3.17.0
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.jvnet.jaxb2_commons:jaxb2-basics-annotate:1.1.0
 - org.locationtech.jts:jts-core:1.20.0
 - org.locationtech.jts:jts-io:1.20.0
 - org.mockito:mockito-core:5.14.2

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - com.fasterxml.jackson:jackson-bom [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-bom
 - com.fasterxml.jackson.core:jackson-annotations [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.fasterxml.jackson.core:jackson-core [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-core
 - com.fasterxml.jackson.core:jackson-databind [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.fasterxml.jackson.dataformat:jackson-dataformat-yaml [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-dataformats-text
 - com.fasterxml.jackson.datatype:jackson-datatype-jsr310 [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-modules-java8
 - com.github.sabomichal:immutable-xjc-plugin [1.7.1 -> 2.0.3]
     https://github.com/sabomichal/immutable-xjc
 - com.google.protobuf:protobuf-java [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.google.protobuf:protobuf-java-util [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.hubspot.jackson:jackson-datatype-protobuf [0.9.15 -> 0.9.17]
 - com.networknt:json-schema-validator [1.5.2 -> 1.5.4]
     https://github.com/networknt/json-schema-validator
 - commons-io:commons-io [2.17.0 -> 2.18.0]
     https://commons.apache.org/proper/commons-io/
 - io.soabase.record-builder:record-builder-core [41 -> 43]
     https://github.com/randgalt/record-builder
 - io.soabase.record-builder:record-builder-processor [41 -> 43]
     https://github.com/randgalt/record-builder
 - jakarta.activation:jakarta.activation-api [1.2.2 -> 2.1.3]
     https://github.com/jakartaee/jaf-api
 - jakarta.xml.bind:jakarta.xml.bind-api [2.3.3 -> 4.0.2]
     https://github.com/jakartaee/jaxb-api
 - org.apache.tika:tika-core [2.9.2 -> 3.0.0]
     https://tika.apache.org/
 - org.eclipse.persistence:org.eclipse.persistence.moxy [2.7.12 -> 5.0.0-B04]
     http://www.eclipse.org/eclipselink
 - org.glassfish.jaxb:jaxb-core [2.3.0.1 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.glassfish.jaxb:jaxb-runtime [2.3.8 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.glassfish.jaxb:jaxb-xjc [2.3.8 -> 4.0.5]
     https://eclipse-ee4j.github.io/jaxb-ri/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-params [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.jvnet.jaxb2_commons:jaxb2-basics [0.13.1 -> 1.11.1]
     https://github.com/highsource/jaxb2-basics
 - org.jvnet.jaxb2_commons:jaxb2-basics-ant [0.13.1 -> 1.11.1]
     https://github.com/highsource/jaxb2-basics
 - org.jvnet.jaxb2_commons:jaxb2-basics-runtime [0.13.1 -> 2.0.12]
     https://github.com/highsource/jaxb-tools
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-datamodel:dependencyUpdates

------------------------------------------------------------
:wres-datamodel Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.github.ben-manes.caffeine:caffeine:3.1.8
 - javax.measure:unit-api:2.2
 - junit:junit:4.13.2
 - org.apache.commons:commons-lang3:3.17.0
 - org.apache.commons:commons-math3:3.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.locationtech.jts:jts-core:1.20.0
 - org.mockito:mockito-core:5.14.2
 - si.uom:si-units:2.1
 - systems.uom:systems-quantity:2.1
 - systems.uom:systems-ucum:2.1

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org
 - tech.units:indriya [2.2 -> 2.2.1]
     http://units.tech

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-events:dependencyUpdates

------------------------------------------------------------
:wres-events Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.github.ben-manes.caffeine:caffeine:3.1.8
 - jakarta.jms:jakarta.jms-api:3.1.0
 - org.apache.commons:commons-lang3:3.17.0
 - org.apache.qpid:qpid-jms-client:2.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.mockito:mockito-core:5.14.2
 - org.mockito:mockito-inline:5.2.0

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - io.netty:netty-all [4.1.111.Final -> 5.0.0.Alpha2]
     http://netty.io/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-eventsbroker:dependencyUpdates

------------------------------------------------------------
:wres-eventsbroker Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.google.guava:guava:33.3.1-jre
 - jakarta.jms:jakarta.jms-api:3.1.0
 - org.apache.activemq:artemis-amqp-protocol:2.38.0
 - org.apache.activemq:artemis-server:2.38.0
 - org.apache.commons:commons-configuration2:2.11.0
 - org.apache.commons:commons-lang3:3.17.0
 - org.apache.qpid:qpid-jms-client:2.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.slf4j:jcl-over-slf4j:2.1.0-alpha1

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - org.bouncycastle:bcprov-jdk18on [1.78.1 -> 1.79]
     https://www.bouncycastle.org/java.html
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-external-services-tests:dependencyUpdates

------------------------------------------------------------
:wres-external-services-tests Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-http:dependencyUpdates

------------------------------------------------------------
:wres-http Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - org.apache.commons:commons-lang3:3.17.0
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.mockito:mockito-inline:5.2.0

The following dependencies have later milestone versions:
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - org.jetbrains.kotlin:kotlin-stdlib [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk7 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-io:dependencyUpdates

------------------------------------------------------------
:wres-io Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.github.ben-manes.caffeine:caffeine:3.1.8
 - com.github.marschall:jfr-jdbc:0.4.0
 - com.google.guava:guava:33.3.1-jre
 - com.google.guava:guava-testlib:33.3.1-jre
 - com.google.jimfs:jimfs:1.3.0
 - com.h2database:h2:2.3.232
 - junit:junit:4.13.2
 - org.glassfish:javax.json:1.1.4
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.locationtech.jts:jts-core:1.20.0
 - org.locationtech.jts:jts-io:1.20.0
 - org.mockito:mockito-inline:5.2.0
 - org.postgresql:postgresql:42.7.4
 - org.slf4j:jcl-over-slf4j:2.1.0-alpha1
 - org.slf4j:jul-to-slf4j:2.1.0-alpha1

The following dependencies have later milestone versions:
 - com.mattbertolini:liquibase-slf4j [5.0.0 -> 5.1.0]
     https://github.com/mattbertolini/liquibase-slf4j
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - com.zaxxer:HikariCP [5.1.0 -> 6.2.1]
     https://github.com/brettwooldridge/HikariCP
 - edu.ucar:cdm-core [5.4.2 -> 6.0.0-beta1]
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.liquibase:liquibase-core [4.29.2 -> 4.30.0]
     http://www.liquibase.com

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-messages:dependencyUpdates

------------------------------------------------------------
:wres-messages Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - junit:junit:4.13.2
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8

The following dependencies have later milestone versions:
 - com.google.protobuf:protobuf-java [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.google.protobuf:protoc [3.25.5 -> 21.0-rc-1]
     https://developers.google.com/protocol-buffers/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-metrics:dependencyUpdates

------------------------------------------------------------
:wres-metrics Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - junit:junit:4.13.2
 - org.apache.commons:commons-math3:3.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.mockito:mockito-core:5.14.2

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - org.eclipse.collections:eclipse-collections [11.1.0 -> 12.0.0.M3]
     https://github.com/eclipse/eclipse-collections
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-reading:dependencyUpdates

------------------------------------------------------------
:wres-reading Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.google.guava:guava:33.3.1-jre
 - com.google.guava:guava-testlib:33.3.1-jre
 - com.google.jimfs:jimfs:1.3.0
 - com.sun.xml.fastinfoset:FastInfoset:2.1.1
 - junit:junit:4.13.2
 - org.apache.commons:commons-compress:1.27.1
 - org.apache.commons:commons-math3:3.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.locationtech.jts:jts-core:1.20.0
 - org.locationtech.jts:jts-io:1.20.0
 - org.mock-server:mockserver-netty:5.15.0
 - org.mockito:mockito-inline:5.2.0

The following dependencies have later milestone versions:
 - com.fasterxml.jackson.datatype:jackson-datatype-jsr310 [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-modules-java8
 - com.mattbertolini:liquibase-slf4j [5.0.0 -> 5.1.0]
     https://github.com/mattbertolini/liquibase-slf4j
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - edu.ucar:cdm-core [5.4.2 -> 6.0.0-beta1]
 - org.apache.commons:commons-collections4 [4.4 -> 4.5.0-M2]
     https://commons.apache.org/proper/commons-collections/
 - org.apache.tika:tika-core [2.9.2 -> 3.0.0]
     https://tika.apache.org/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.liquibase:liquibase-core [4.29.2 -> 4.30.0]
     http://www.liquibase.com
 - org.projectlombok:lombok [1.18.34 -> 1.18.36]
     https://projectlombok.org

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-statistics:dependencyUpdates

------------------------------------------------------------
:wres-statistics Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - com.google.protobuf:protobuf-java [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.google.protobuf:protoc [3.25.5 -> 21.0-rc-1]
     https://developers.google.com/protocol-buffers/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-system:dependencyUpdates

------------------------------------------------------------
:wres-system Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.github.marschall:jfr-jdbc:0.4.0
 - com.h2database:h2:2.3.232
 - com.sun.xml.fastinfoset:FastInfoset:2.1.1
 - junit:junit:4.13.2
 - org.apache.commons:commons-lang3:3.17.0
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.mock-server:mockserver-netty:5.15.0
 - org.postgresql:postgresql:42.7.4
 - org.slf4j:jul-to-slf4j:2.1.0-alpha1

The following dependencies have later milestone versions:
 - com.zaxxer:HikariCP [5.1.0 -> 6.2.1]
     https://github.com/brettwooldridge/HikariCP
 - jakarta.xml.bind:jakarta.xml.bind-api [2.3.3 -> 4.0.2]
     https://github.com/jakartaee/jaxb-api
 - org.jvnet.jaxb2_commons:jaxb2-basics-runtime [0.13.1 -> 2.0.12]
     https://github.com/highsource/jaxb-tools
 - org.projectlombok:lombok [1.18.34 -> 1.18.36]
     https://projectlombok.org
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-tasker:dependencyUpdates

------------------------------------------------------------
:wres-tasker Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.github.ben-manes.caffeine:caffeine:3.1.8
 - com.google.jimfs:jimfs:1.3.0
 - commons-codec:commons-codec:1.17.1
 - io.swagger.core.v3:swagger-jaxrs2:2.2.25
 - javax.servlet:javax.servlet-api:3.1.0
 - javax.ws.rs:javax.ws.rs-api:2.1
 - junit:junit:4.13.2
 - org.apache.commons:commons-lang3:3.17.0
 - org.apache.qpid:qpid-broker-core:9.2.0
 - org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol:9.2.0
 - org.apache.qpid:qpid-broker-plugins-memory-store:9.2.0
 - org.eclipse.jetty:jetty-webapp:11.0.24
 - org.eclipse.jetty.http2:http2-server:11.0.24
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - com.fasterxml.jackson:jackson-bom [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-bom
 - com.fasterxml.jackson.core:jackson-annotations [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.fasterxml.jackson.core:jackson-core [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson-core
 - com.fasterxml.jackson.core:jackson-databind [2.18.0 -> 2.18.1]
     https://github.com/FasterXML/jackson
 - com.google.protobuf:protobuf-java [3.25.5 -> 4.29.0-RC3]
     https://developers.google.com/protocol-buffers/
 - com.rabbitmq:amqp-client [5.22.0 -> 5.23.0]
     https://www.rabbitmq.com
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - io.netty:netty-all [4.1.111.Final -> 5.0.0.Alpha2]
     http://netty.io/
 - io.swagger.core.v3:swagger-jaxrs2-jakarta [2.2.25 -> 2.2.26]
     https://github.com/swagger-api/swagger-core
 - jakarta.annotation:jakarta.annotation-api [2.1.1 -> 3.0.0]
     https://projects.eclipse.org/projects/ee4j.ca
 - jakarta.ws.rs:jakarta.ws.rs-api [3.1.0 -> 4.0.0]
     https://github.com/jakartaee/rest
 - org.apache.commons:commons-lang3 [3.12.0 -> 3.17.0]
     https://commons.apache.org/proper/commons-lang/
 - org.apache.tika:tika-core [2.9.2 -> 3.0.0]
     https://tika.apache.org/
 - org.bouncycastle:bcpkix-jdk18on [1.78.1 -> 1.79]
     https://www.bouncycastle.org/java.html
 - org.bouncycastle:bcprov-jdk18on [1.78.1 -> 1.79]
     https://www.bouncycastle.org/java.html
 - org.eclipse.jetty:jetty-alpn-java-server [11.0.24 -> 12.1.0.alpha0]
     https://jetty.org
 - org.eclipse.jetty:jetty-server [11.0.24 -> 12.1.0.alpha0]
     https://jetty.org
 - org.glassfish.jersey.containers:jersey-container-servlet-core [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.core:jersey-server [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.inject:jersey-hk2 [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.glassfish.jersey.media:jersey-media-multipart [3.1.8 -> 4.0.0-M1]
     https://projects.eclipse.org/projects/ee4j.jersey
 - org.jetbrains.kotlin:kotlin-stdlib [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk7 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.redisson:redisson [3.18.0 -> 3.39.0]
     https://redisson.pro
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-vis:dependencyUpdates

------------------------------------------------------------
:wres-vis Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.google.jimfs:jimfs:1.3.0
 - com.sun.xml.fastinfoset:FastInfoset:2.1.1
 - junit:junit:4.13.2
 - org.apache.commons:commons-lang3:3.17.0
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.jfree:jfreechart:1.5.5
 - org.mockito:mockito-core:5.14.2
 - org.slf4j:log4j-over-slf4j:2.1.0-alpha1

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - org.jfree:org.jfree.svg [4.1 -> 5.0.6]
     http://www.jfree.org/jfreesvg
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.vintage:junit-vintage-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-worker:dependencyUpdates

------------------------------------------------------------
:wres-worker Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - junit:junit:4.13.2
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.mock-server:mockserver-netty:5.15.0
 - org.mockito:mockito-inline:5.2.0

The following dependencies have later milestone versions:
 - ch.qos.logback:logback-classic [1.5.11 -> 1.5.12]
     http://logback.qos.ch
 - com.rabbitmq:amqp-client [5.22.0 -> 5.23.0]
     https://www.rabbitmq.com
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - jakarta.ws.rs:jakarta.ws.rs-api [3.1.0 -> 4.0.0]
     https://github.com/jakartaee/rest
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.slf4j:slf4j-api [2.0.13 -> 2.1.0-alpha1]
     http://www.slf4j.org

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

> Task :wres-writing:dependencyUpdates

------------------------------------------------------------
:wres-writing Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
 - com.google.guava:guava:33.3.1-jre
 - com.google.jimfs:jimfs:1.3.0
 - junit:junit:4.13.2
 - org.apache.commons:commons-math3:3.6.1
 - org.jacoco:org.jacoco.agent:0.8.8
 - org.jacoco:org.jacoco.ant:0.8.8
 - org.locationtech.jts:jts-core:1.20.0
 - org.locationtech.jts:jts-io:1.20.0
 - org.mockito:mockito-inline:5.2.0

The following dependencies have later milestone versions:
 - com.squareup.okhttp3:okhttp [4.12.0 -> 5.0.0-alpha.14]
     https://square.github.io/okhttp/
 - edu.ucar:cdm-core [5.4.2 -> 6.0.0-beta1]
 - org.apache.tika:tika-core [2.9.2 -> 3.0.0]
     https://tika.apache.org/
 - org.jetbrains.kotlin:kotlin-stdlib [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk7 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.9.23 -> 2.1.0]
     https://kotlinlang.org/
 - org.junit.jupiter:junit-jupiter-api [5.11.2 -> 5.11.3]
     https://junit.org/junit5/
 - org.junit.jupiter:junit-jupiter-engine [5.11.2 -> 5.11.3]
     https://junit.org/junit5/

Failed to determine the latest version for the following dependencies (use --info for details):
 - net.jcip:jcip-annotations

Gradle release-candidate updates:
 - Gradle: [7.6.4 -> 8.11.1]

Generated report file build/dependencyUpdates/report.txt

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.6.4/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 46s
17 actionable tasks: 17 executed

@james-d-brown
Copy link
Collaborator Author

Yeah, that is unfortunately a weakness of our dependency checker, it doesn't provide both the minor and major version options, so you do need to check for minor updates that are hidden by major ones, unfortunately.

@james-d-brown
Copy link
Collaborator Author

Or just do the major update, but I would take major updates carefully, one at a time. Our automated tests are probably good enough to catch most issues, once it is compiling (and major upgrades mean it may not compile, of course), but there is an extra risk, especially when working in the cowres components, tasker/worker/broker, as these are generally not very well covered by unit/integration tests.

@HankHerr-NOAA
Copy link
Contributor

Adding #100 to the notable tickets in the description.

Hank

@HankHerr-NOAA
Copy link
Contributor

Thanks, James. I'll look into minor updates that are between the reported current and major.

Hank

@HankHerr-NOAA
Copy link
Contributor

I completed the (what I hope are) low hanging fruit minors upgrades. I'm unit testing now. If that completes successfully, I'll attempt to deploy to the -dev COWRES. I just need to see what the current process is deploy from the development area.

Hank

@HankHerr-NOAA
Copy link
Contributor

I've tackled all of the low-hanging fruit, minor version upgrades. That is, those identified by the dependency check. All pass unit tests except for this one:

com.google.protobuf:com.google.protobuf.gradle.plugin [0.9.1 -> 0.9.4]

I took the above to mean that I need to update the line,

    // To generate de/serialization classes for message bodies
    id 'com.google.protobuf' version '0.9.1'

to reference 0.9.4. I made that change. When I did so, the build failed:

> Task :wres-statistics:compileJava
/home/hank.herr/wres_repos/wres/wres-statistics/src/main/java/module-info.java:4: error: module not found: com.google.protobuf
    requires com.google.protobuf;
                       ^
/home/hank.herr/wres_repos/wres/wres-statistics/src/main/java/module-info.java:5: error: module not found: org.slf4j
    requires org.slf4j;
                ^
2 errors

When I backed that one up to 0.9.1, I was able to build the code and the unit tests passed.

So, referring to the dependency check shared in my previous comment, I've handled all of the minor updates directly reported by dependency check, except for com.google.protobuf:com.google.protobuf.gradle.plugin [0.9.1 -> 0.9.4]. I'm going to deploy what I have to -dev to see if the COWRES comes up successfully.

Hank

P.S. Note to self so I don't lose it by the time I return to this ticket next week... When deploying the locally build .zips, the following command should work:

./scripts/dockerize.sh 20241126-b735d54-dev 20241113-6f1b17d-dev 20241113-6f1b17d-dev 20241126-b735d54-dev 20241126-b735d54-dev 20241126-b735d54-dev 20241126-2da40a3-dev 20241126-2da40a3-dev

@james-d-brown
Copy link
Collaborator Author

See #103. I had thought Evan addressed this recently, but I guess that was the protobuf dependencies themselves, not the gradle plugin.

@HankHerr-NOAA
Copy link
Contributor

Thanks, James. I'll take a look.

I was able to deploy what I have to -dev COWRES and get a smoke test to pass. Step 1 of many steps. :)

Hank

@HankHerr-NOAA
Copy link
Contributor

I read through #103. I also note #70. They appear to be related.

I think what I'm seeing is that to update @com.google.protobuf@ to 0.9.4, we need the general protobuf dependencies to go to 4.26.1 or later. Is that right?

If so, I can try that as my first major update when I get started on them.

Thanks,

Hank

@HankHerr-NOAA
Copy link
Contributor

With the build.gradle updated, the next step in the minor version updates is the Dockerfile changes, I think. I need to check to be sure, but I believe the process there is to try to build each image with the revisions removed so that Docker pulls the latest, and with it not in quiet mode so that we can see what it pulls. Let me check the wiki and see what I've done in the past.

I do this so rarely that every time I update dependencies, I spend a lot of time reminding myself of the process.

Hank

@epag
Copy link
Collaborator

epag commented Nov 27, 2024

I believe #70 was resolved in #341

@james-d-brown
Copy link
Collaborator Author

I read through #103. I also note #70. They appear to be related.

I think what I'm seeing is that to update @com.google.protobuf@ to 0.9.4, we need the general protobuf dependencies to go to 4.26.1 or later. Is that right?

If so, I can try that as my first major update when I get started on them.

Thanks,

Hank

Probably, but we'll see. According to the ticket by the people that maintain the gradle dep, it is fixed, so I would browse that ticket w/r to versions. I do recall that they hadn't backported the fix.

@HankHerr-NOAA
Copy link
Contributor

Final update for today...

I've updated the Dockerfiles; the Redhat UBI version changed to registry.access.redhat.com/ubi8/ubi:8.10-1132 and Redis changed to redis:7.4.1-alpine3.20. Otherwise, no changes were needed. Specifically, the JDK and related libraries included in the Dockerfile are unchanged (based on removing the version and letting docker build find the one to use). On Tuesday, I'll look at the CVEs.

Once the minor changes are made, the next step will be to step through the major version updates one at a time and identify the ones that will cause problems for us. We'll then determine whether to work on each change soon/now, or push them off until later and find an interim minor version update (that is hidden by the major one pointed to by the dependency check).

After a discussion with Josh Walston during "office hours", we decided that we should deploy next week. He's waiting on a couple of features that we will be deploying in 6.28. We'll have to decide if any of these dependency updates should go out in that deployment. If so, then I'll have to push what I can on Tuesday when I return to work.

My day is done. Happy Thanksgiving!

Hank

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HankHerr-NOAA HankHerr-NOAA

Labels
dependencies Dependency updates or issues
Projects
None yet
Milestone
v6.28
Development

No branches or pull requests
3 participants
@epag @HankHerr-NOAA @james-d-brown