deps: upgrade beam to 2.43.0 (#3857)

* deps: update veneer to 2.15.1

* deps: update veneer to 2.16.0

* fix deps, beam integration, and integration migration builds

* deps: upgrade beam.version to 2.42.0

* fix dependency build

* update storage version

* beam 2.43.0

Author: kolea2

bigtable-dataflow-parent/bigtable-beam-import/pom.xml

@@ -90,10 +90,15 @@ limitations under the License.
           <groupId>org.hamcrest</groupId>
           <artifactId>hamcrest</artifactId>
         </exclusion>
-          <exclusion>
-            <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest</artifactId>
-          </exclusion>
+        <exclusion>
+          <groupId>org.hamcrest</groupId>
+          <artifactId>hamcrest</artifactId>
+        </exclusion>
+        <exclusion>
+          <!-- transitively brought in by bigquery dependency, use the bigtable version of autovalue instead-->
+          <groupId>com.google.auto.value</groupId>
+          <artifactId>auto-value</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -204,7 +209,7 @@ limitations under the License.
     <dependency>
       <groupId>com.google.apis</groupId>
       <artifactId>google-api-services-storage</artifactId>
-      <version>v1-rev20210127-1.31.0</version>
+      <version>v1-rev20220705-2.0.0</version>
     </dependency>
     <dependency>
       <groupId>com.google.code.findbugs</groupId>
@@ -235,12 +240,6 @@ limitations under the License.
 
 
     <!-- CVE Group: force update transitive deps to exclude CVEs -->
-    <dependency>
-      <groupId>commons-codec</groupId>
-      <artifactId>commons-codec</artifactId>
-      <version>1.15</version>
-      <scope>runtime</scope>
-    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-compress</artifactId>
@@ -466,6 +465,23 @@ limitations under the License.
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <configuration>
+          <ignoredUnusedDeclaredDependencies>
+            <ignoredUnusedDeclaredDependency>com.google.cloud.bigdataoss:gcs-connector:*:*</ignoredUnusedDeclaredDependency>
+            <!-- seems to be a bug in the dependency analyzer, removing this dep reports the reverse problem
+            See: https://issues.apache.org/jira/browse/MDEP-679 -->
+            <ignoredUnusedDeclaredDependency> commons-logging:commons-logging:*:*</ignoredUnusedDeclaredDependency>
+          </ignoredUnusedDeclaredDependencies>
+          <ignoredUsedUndeclaredDependencies>
+            <!-- seems to be a bug in the dependency analyzer, adding this dep reports the reverse problem
+            See: https://issues.apache.org/jira/browse/MDEP-679 -->
+            <ignoredUsedUndeclaredDependency>org.springframework:spring-jcl:*:*</ignoredUsedUndeclaredDependency>
+          </ignoredUsedUndeclaredDependencies>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 

bigtable-dataflow-parent/bigtable-hbase-beam/pom.xml

@@ -33,7 +33,7 @@ limitations under the License.
       <dependency>
         <groupId>com.google.errorprone</groupId>
         <artifactId>error_prone_annotations</artifactId>
-        <version>2.13.1</version>
+        <version>2.14.0</version>
       </dependency>
     </dependencies>
   </dependencyManagement>

pom.xml

@@ -79,8 +79,7 @@ limitations under the License.
     <junit-vintage-engine.version>5.9.1</junit-vintage-engine.version>
     <hamcrest.version>1.3</hamcrest.version>
     <mockito.version>4.9.0</mockito.version>
-    <!-- TODO: check if commons-codec was transitively updated to 1.13 and okhttp was updated to 2.7.5 when upgrading-->
-    <beam.version>2.35.0</beam.version>
+    <beam.version>2.43.0</beam.version>
     <!-- referred from bigtable-beam-import and bigtable-emulator -->
     <guava.version>31.1-jre</guava.version>
     <gcs-guava.version>29.0-jre</gcs-guava.version>

renovate.json5

@@ -90,6 +90,11 @@
       "packagePatterns": ["^grpc-conscrypt.version"],
       "enabled": false
     },
+    {
+      // pinned to avoid internal deps conflict between beam-sdks-java-core & beam-model-pipeline
+      "packagePatterns": ["^error_prone_annotations"],
+      "enabled": false
+    },
     {
       "packagePatterns": [
         "^org.apache.maven.plugins:maven-shade-plugin"