chore: update requirements.txt to address dependabot security alerts. (#1936) (#312)

gcf-owl-bot[bot] · web-flow · commit 87c2dc1deda0 · 2024-06-18T12:56:29.000-04:00
Created by running: pip-compile requirements.in --generate-hashes --upgrade within synthtool/gcp/templates/java_library/.kokoro and synthtool/docker/owlbot/java/src/ Source-Link: googleapis/synthtool@853dbcd Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:084ad4c60551b075846bcb2405ec1c14b0d00ec1eb5503d4dd0d2a92cdc2d3e2 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,4 +13,5 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
-  digest: sha256:5df8b62e8da534f7604daef347698f6701e34b3f61713712a3384ac88fc32088
+  digest: sha256:084ad4c60551b075846bcb2405ec1c14b0d00ec1eb5503d4dd0d2a92cdc2d3e2
+# created: 2024-03-15T14:33:32.257974519Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,10 +5,15 @@ updates:
     schedule:
       interval: "daily"
     # Disable version updates for Maven dependencies
-    open-pull-requests-limit: 0
+    # we use renovate-bot as well as shared-dependencies BOM to update maven dependencies.
+    ignore:
+      - dependency-name: "*"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
     # Disable version updates for pip dependencies
-    open-pull-requests-limit: 0
+    # If a security vulnerability comes in, we will be notified about 
+    # it via template in the synthtool repository.
+    ignore:
+      - dependency-name: "*"
diff --git a/.github/release-trigger.yml b/.github/release-trigger.yml
@@ -1 +1,2 @@
 enabled: true
+multiScmName: java-pubsub-group-kafka-connector
diff --git a/.github/workflows/renovate_config_check.yaml b/.github/workflows/renovate_config_check.yaml
@@ -0,0 +1,25 @@
+name: Renovate Bot Config Validation
+
+on:
+  pull_request:
+    paths:
+      - 'renovate.json'
+
+jobs:
+  renovate_bot_config_validation:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: '20'
+
+    - name: Install Renovate and Config Validator
+      run: |
+        npm install -g npm@latest
+        npm install --global renovate
+        renovate-config-validator
diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt
diff --git a/renovate.json b/renovate.json

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`enabled: true`
	`2`	`+multiScmName: java-pubsub-group-kafka-connector`