build(deps): Bump com.google.guava:guava from 33.0.0-jre to 33.1.0-jre in /projects/control-service/projects/pipelines_control_service (#3212)

dependabot[bot] · web-flow · commit f6e6fcc2a8a4 · 2024-03-15T07:35:14.000Z
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.0.0-jre to 33.1.0-jre. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/guava/releases">com.google.guava:guava's releases</a>.</em></p> <blockquote> <h2>33.1.0</h2> <h3>Request for Android users</h3> <p>If you know of Guava Android users who have not yet upgraded to at least the previous release <a href="https://github.com/google/guava/releases/tag/v33.0.0">33.0.0</a>, please encourage them to do so. Starting with that version, we are experimenting with including Java 8+ APIs in <code>guava-android</code>. Before we commit to adding such APIs, we want as much testing as we can get: If we later expose a set of Java 8+ APIs and then discover that they break users, we won't want to remove them, as the removal would break users, too.</p> <h3>Maven</h3> <pre lang="xml"><code>&lt;dependency&gt; &lt;groupId&gt;com.google.guava&lt;/groupId&gt; &lt;artifactId&gt;guava&lt;/artifactId&gt; &lt;version&gt;33.1.0-jre&lt;/version&gt; &lt;!-- or, for Android: --&gt; &lt;version&gt;33.1.0-android&lt;/version&gt; &lt;/dependency&gt; </code></pre> <h3>Jar files</h3> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.1.0-jre/guava-33.1.0-jre.jar">33.1.0-jre.jar</a></li> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.1.0-android/guava-33.1.0-android.jar">33.1.0-android.jar</a></li> </ul> <p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar">failureaccess-1.0.1.jar</a></li> </ul> <h3>Javadoc</h3> <ul> <li><a href="http://guava.dev/releases/33.1.0-jre/api/docs/">33.1.0-jre</a></li> <li><a href="http://guava.dev/releases/33.1.0-android/api/docs/">33.1.0-android</a></li> </ul> <h3>JDiff</h3> <ul> <li><a href="http://guava.dev/releases/33.1.0-jre/api/diffs/">33.1.0-jre vs. 33.0.0-jre</a></li> <li><a href="http://guava.dev/releases/33.1.0-android/api/diffs/">33.1.0-android vs. 33.0.0-android</a></li> <li><a href="http://guava.dev/releases/33.1.0-android/api/androiddiffs/">33.1.0-android vs. 33.1.0-jre</a></li> </ul> <h3>Changelog</h3> <ul> <li>Updated our Error Prone dependency to 2.26.1, which includes a JPMS-ready jar of annotations. If you use the Error Prone annotations in a modular build of your own code, you may need to <a href="https://github.com/google/error-prone/releases/tag/v2.26.1">add a <code>requires</code> line for them</a>. (d48c6dfbb8, c6e91c498ced26631029d1bdfdb9154d4a217368)</li> <li><code>base</code>: Added a <code>Duration</code> overload for <code>Suppliers.memoizeWithExpiration</code>. (76e46ec35b)</li> <li><code>base</code>: Deprecated the remaining two overloads of <code>Throwables.propagateIfPossible</code>. They won't be deleted, but we recommend migrating off them. (cf86414a87)</li> <li><code>cache</code>: Fixed a bug that could cause <a href="https://redirect.github.com/google/guava/pull/6851#issuecomment-1931276822">false &quot;recursive load&quot; reports during refresh</a>. (0e1aebf73e)</li> <li><code>graph</code>: Changed the return types of <code>transitiveClosure()</code> and <code>reachableNodes()</code> to <code>Immutable*</code> types. <code>reachableNodes()</code> already returned an immutable object (even though that was not reflected in the declared return type); <code>transitiveClosure()</code> used to return a mutable object. The old signatures remain available, so this change does not break binary compatibility. (09e655f6c1)</li> <li><code>graph</code>: Changed the behavior of views returned by graph accessor methods that take a graph element as input: They now throw <code>IllegalStateException</code> when that element is removed from the graph. (8dca776341)</li> <li><code>hash</code>: Optimized <code>Checksum</code>-based hash functions for Java 9+. (afb35a5d1b)</li> <li><code>testing</code>: Exposed <code>FakeTicker</code> <code>Duration</code> methods to Android users. (f346bbb6a7)</li> <li><code>util.concurrent</code>: Deprecated the constructors of <code>UncheckedExecutionException</code> and <code>ExecutionError</code> that don't accept a cause. We won't remove these constructors, but we recommend migrating off them, as users of those classes often assume that instances will contain a cause. (1bb3c4386b)</li> <li><code>util.concurrent</code>: Improved the correctness of racy accesses for J2ObjC users. (d3232b71ce)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.guava:guava&package-manager=gradle&previous-version=33.0.0-jre&new-version=33.1.0-jre)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/projects/control-service/projects/versions-of-external-dependencies.gradle b/projects/control-service/projects/versions-of-external-dependencies.gradle
@@ -1,7 +1,7 @@
 project.ext {
     versions = [
             // include only libraries which are NOT in the Spring Boot BOM: org.springframework:spring-boot-dependencies
-            'com.google.guava:guava'                                             : 'com.google.guava:guava:33.0.0-jre',
+            'com.google.guava:guava'                                             : 'com.google.guava:guava:33.1.0-jre',
             'com.nimbusds:nimbus-jose-jwt'                                       : 'com.nimbusds:nimbus-jose-jwt:9.37',
             // Update the ph-client to latest.
             'io.micrometer:micrometer-registry-prometheus'                       : 'io.micrometer:micrometer-registry-prometheus:1.12.0',
