Promote using the Google Auth Bom #1552

lqiu96 · 2024-10-23T20:44:08Z

Add a section to the README promoting the BOM instead of just the oauth module. Dependency versions should be managed by the BOM to reduce issues with version mismatches between auth modules.

Fixes #1552

…1620) Fixes #1552

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `26.0.1` -> `26.0.2` | | [io.grpc:grpc-stub](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-protobuf](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-netty](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:protoc-gen-grpc-java](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-api](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [com.google.api-client:google-api-client](https://github.com/googleapis/google-api-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.7.1` -> `2.7.2` | | [com.squareup.wire:wire-schema](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-runtime](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-reflector](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-moshi-adapter](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-grpc-client](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-gradle-plugin](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-bom](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | --- ### Release Notes <details> <summary>JetBrains/java-annotations (org.jetbrains:annotations)</summary> ### [`v26.0.2`](https://github.com/JetBrains/java-annotations/blob/HEAD/CHANGELOG.md#Version-2602) [Compare Source](JetBrains/java-annotations@26.0.1...26.0.2) - Fixed missing klibs for apple artifacts. </details> <details> <summary>googleapis/google-api-java-client (com.google.api-client:google-api-client)</summary> ### [`v2.7.2`](https://github.com/googleapis/google-api-java-client/blob/HEAD/CHANGELOG.md#272-2025-01-22) ##### Bug Fixes - Add warnings to users about using credentials from external sources ([#2551](googleapis/google-api-java-client#2551)) ([3bb2879](googleapis/google-api-java-client@3bb2879)) </details> <details> <summary>square/wire (com.squareup.wire:wire-schema)</summary> ### [`v5.2.1`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-521) [Compare Source](square/wire@5.2.0...5.2.1) *2025-01-07* ##### JVM generation - Fix support for mutable messages in Wire's Kotlin Generator. ([#3233](square/wire#3233) by \[Rahul Ravikumar]\[tikurahul]) ### [`v5.2.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-520) [Compare Source](square/wire@5.1.0...5.2.0) *2025-01-06* ##### Common - Enforce recursion limit when parsing nested groups. ([#3119](square/wire#3119)) ##### CLI `wire-compiler` - It is now possible to set multiple targets. ([#3106](square/wire#3106) & [#3107](square/wire#3107)) - The option `opaque_types` introduced in `4.9.2` for the Wire Gradle plugin is now available on CLI. ([#3147](square/wire#3147)) ##### JVM generation - [KotlinPoet has been updated to `2.0.0`](https://square.github.io/kotlinpoet/changelog/#version-200) which dramatically changes how generated Kotlin files are wrapped. This is neither a source nor a binary breaking changes. - A new `@WireEnclosingType` annotation is now applied to generated types so R8 doesn't prune too much. ([#3123](square/wire#3123)) - Split the redact method into chunks when a type has more than 100 fields to avoid compilation error. ([#3214](square/wire#3214) by \[Damian Wieczorek]\[damianw]) - Add support for mutable messages in Wire's Kotlin Generator. ([#3217](square/wire#3217) by \[Rahul Ravikumar]\[tikurahul]) - You can opt-in by adding `mutableTypes = true` on your Kotlin target. This is unsafe and we do not recommend that you use it unless you have a sound use-case for it. - Wire is now using Palantir's JavaPoet instead of Square's JavaPoet. ##### Swift - Fix buffer overflow and data corruption when a type has more than 5 layers of nesting ([#3203](square/wire#3203) by \[Eric Amorde]\[amorde]) ### [`v5.1.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-510) [Compare Source](square/wire@5.0.0...5.1.0) *2024-09-11* ##### Common - Support for Kotlin `2.0.20`. ([#3093](square/wire#3093)) - `srcDir(String)` has been undeprecated. ([#3039](square/wire#3039)) - Some loggings now happen at the debug level, instead of info. ([#3041](square/wire#3041)) - Remove some unactionable warnings on Kotlin/JS ([#3047](square/wire#3047)) - Propagate the deprecated flag on EnumType after pruning by wire-gradle-plugin ([#3076](square/wire#3076) by \[Aaron Edwards]\[aaron-edwards]) - Introduce `ProtoReader32`, a specialization for Kotlin/JS ([#3077](square/wire#3077)) This is an alternative to `ProtoReader`, which uses `Long` as a cursor. It originates as an optimization for Kotlin/JS, where `Long` cursors are prohibitively expensive. - Fix Gradle project isolation issue when reading a property ([#3078](square/wire#3078) by \[Aurimas]\[liutikas]) - Change the recursion limit to match grpc's default ([#3091](square/wire#3091)) ##### Kotlin - New enum option `enum_mode` to take precedence over the `enumMode` option added in `5.0.0-alpha02`. Use this if you want to migrate your enums granularly. ([#2993](square/wire#2993)) - Don't throw if reading trailers fail ([#3087](square/wire#3087)) ##### Swift - Avoid crash when parsing an empty repeated `[packed=true]` for fixed-length types. ([#3044](square/wire#3044) by \[Sasha Weiss]\[sashaweiss-signal]) </details> <details> <summary>googleapis/google-auth-library-java (com.google.auth:google-auth-library-oauth2-http)</summary> ### [`v1.31.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1310-2025-01-22) ##### Features - ImpersonatedCredentials to support universe domain for idtoken and signblob ([#1566](googleapis/google-auth-library-java#1566)) ([adc2ff3](googleapis/google-auth-library-java@adc2ff3)) - Support transport and binding-enforcement MDS parameters. ([#1558](googleapis/google-auth-library-java#1558)) ([9828a8e](googleapis/google-auth-library-java@9828a8e)) ##### Documentation - Promote use of bill of materials in quickstart documentation ([#1620](googleapis/google-auth-library-java#1620)) ([fc20d9c](googleapis/google-auth-library-java@fc20d9c)), closes [#1552](googleapis/google-auth-library-java#1552) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.45.2`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.45.2): 1.45.2 ##### Components ##### Application Security Management (WAF) - 🐛 🍒 8258 - Prevents a NPE when there is no subscriber for user events ([#8260](DataDog/dd-trace-java#8260) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 12db0f59db2e6ebf55203c87fccab042d495106a

lqiu96 added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p3 Desirable enhancement or fix. May not be included in next release. labels Oct 23, 2024

diegomarquezp self-assigned this Jan 16, 2025

diegomarquezp added a commit that referenced this issue Jan 16, 2025

docs: promote use of bill of materials in quickstart documentation

3db0e34

Fixes #1552

diegomarquezp mentioned this issue Jan 16, 2025

docs: promote use of bill of materials in quickstart documentation #1620

Merged

gcf-merge-on-green bot closed this as completed in #1620 Jan 20, 2025

gcf-merge-on-green bot pushed a commit that referenced this issue Jan 20, 2025

docs: promote use of bill of materials in quickstart documentation (#…

fc20d9c

…1620) Fixes #1552

release-please bot mentioned this issue Jan 17, 2025

chore(main): release 1.31.0 #1608

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Promote using the Google Auth Bom #1552

Promote using the Google Auth Bom #1552

lqiu96 commented Oct 23, 2024

Promote using the Google Auth Bom #1552

Promote using the Google Auth Bom #1552

Comments

lqiu96 commented Oct 23, 2024