change to version catalog including versions and update plugins

.gitignore

@@ -32,3 +32,4 @@
 /.nb-gradle/
 
 /working_directory/
+/gradle/*.versions.updates.toml

build.gradle

@@ -1,9 +1,11 @@
 import com.github.jk1.license.render.TextReportRenderer
+import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask
 
 plugins {
-    id "com.github.jk1.dependency-license-report" version "${licenseReportVersion}"
-    id("org.owasp.dependencycheck") version "${owaspDependencycheckVersion}" apply false
-    id("com.github.ben-manes.versions") version "${versionsPluginVersion}" apply false
+    alias(libs.plugins.nlLittlerobotsVersionCatalogUpdate)
+    alias(libs.plugins.comGithubJk1DependencyLicenseReport)
+    alias(libs.plugins.orgOwaspDependencycheck) apply false
+    alias(libs.plugins.comGithubBenManesVersions)
 }
 
 licenseReport {
@@ -21,7 +23,6 @@ allprojects {
     apply plugin: 'java'
     apply plugin: 'jacoco'
     apply plugin: 'org.owasp.dependencycheck'
-    apply plugin: 'com.github.ben-manes.versions'
 
     if (!project.hasProperty('buildVersion') || project.getProperty('buildVersion').empty) {
         ext.buildVersion = 'SNAPSHOT'
@@ -51,14 +52,69 @@ allprojects {
         }
     }
 
-    tasks.named("dependencyUpdates").configure {
-        revision = 'milestone'
-        gradleReleaseChannel = "current"
-        checkConstraints = true
-        checkBuildEnvironmentConstraints = true
-        outputFormatter = 'plain'
-        outputDir = 'build/reports'
-        reportfileName = 'dependencyUpdates'
+
+}
+
+versionCatalogUpdate {
+    // sort the catalog by key (default is true)
+    sortByKey = true
+    keep {
+        // keep versions without any library or plugin reference
+        keepUnusedVersions = true
+        // keep all libraries that aren't used in the project
+        keepUnusedLibraries = true
+        // keep all plugins that aren't used in the project
+        keepUnusedPlugins = true
+    }
+}
+
+tasks.withType(DependencyUpdatesTask).configureEach {
+    // default settings
+    revision = 'milestone'
+    gradleReleaseChannel = "current"
+    checkConstraints = true
+    checkBuildEnvironmentConstraints = true
+    outputFormatter = 'json,plain'
+    //outputDir = 'build/reports'
+    //reportfileName = 'dependencyUpdates'
+}
+
+def isNonStable = { String candidate ->
+    def stableKeyword = ['RELEASE', 'FINAL', 'GA', 'JRE'].any { it -> candidate.toUpperCase().contains(it) }
+    def versionRegex = /^[0-9,.v-]+(-r)?$/
+    return !stableKeyword && !(candidate ==~ versionRegex)
+}
+
+def isNotSameMajorMinor = { String current, String candidate, boolean matchMinor ->
+    if(current.equals(candidate)) return false
+
+    def firstDot = current.indexOf('.')
+    def secondDot = current.indexOf('.', firstDot + 1)
+    def major = current.substring(0, firstDot)
+    def minor = current.substring(firstDot + 1, secondDot)
+    def majorRegex = /^$major\..*/
+    def minorRegex = /^$major\.${minor}\..*/
+    return !((candidate ==~ majorRegex) && (!matchMinor || (candidate ==~ minorRegex)))
+}
+
+tasks.named("dependencyUpdates").configure {
+    rejectVersionIf {
+        // only patch updates
+        isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, true)
+    }
+}
+
+tasks.register('dependencyUpdatesMinor', DependencyUpdatesTask) {
+    rejectVersionIf {
+        // only minor updates
+        isNonStable(it.candidate.version) || isNotSameMajorMinor(it.currentVersion, it.candidate.version, false)
+    }
+}
+
+tasks.register('dependencyUpdatesMajor', DependencyUpdatesTask) {
+    rejectVersionIf {
+        // all updates including major updates
+        isNonStable(it.candidate.version)
     }
 }
 

components/inspectit-ocelot-configdocsgenerator/build.gradle

@@ -2,38 +2,45 @@ plugins {
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'
     // spring dependency manager
-    id 'org.springframework.boot' version "${springBootVersion}"
+    alias(libs.plugins.orgSpringframeworkBoot)
 }
 apply plugin: 'io.spring.dependency-management'
 
 dependencies {
     // Use JUnit Jupiter for testing.
     testImplementation(
-            'org.junit.jupiter:junit-jupiter',
-            "io.opencensus:opencensus-api:${openCensusVersion}",
-            "io.opentelemetry:opentelemetry-api:${openTelemetryVersion}",
+            libs.orgJunitJupiterJunitJupiter,
+            libs.ioOpencensusOpencensusApi,
+            libs.ioOpentelemetryOpentelemetryApi,
 
-            'org.mockito:mockito-junit-jupiter',
-            "org.assertj:assertj-core",
-            "com.google.guava:guava:${guavaVersionConfigServer}"
+            libs.orgMockitoMockitoJunitJupiter,
+            libs.orgAssertjAssertjCore,
+            libs.comGoogleGuava
     )
 
     // This dependency is used by the application.
     implementation(
             project(':inspectit-ocelot-config'),
-            "ch.qos.logback:logback-classic",
-            "org.apache.commons:commons-lang3",
-            "commons-beanutils:commons-beanutils:${commonsBeanUtilsVersion}",
+            libs.chQosLogbackLogbackClassic,
+            libs.orgApacheCommonsCommonsLang3,
+            libs.commonsBeanutils,
             // Update dependency, due to Out-of-Support
-            "org.apache.commons:commons-collections4:${commonsCollectionsVersion}",
+            libs.orgApacheCommonsCommonsCollections4,
 
-            "org.springframework.boot:spring-boot-starter-web",
-            // override snakeyaml due to vulnerabilities in v1.29 used by the SpringBoot version used in this module
-            "org.yaml:snakeyaml:${snakeYamlVersion}"
+            libs.orgSpringframeworkBootSpringBootStarterWeb,
+            libs.orgYamlSnakeyaml
     )
 
-    compileOnly "org.projectlombok:lombok"
-    annotationProcessor "org.projectlombok:lombok"
+    constraints {
+        implementation(libs.orgYamlSnakeyaml) {
+            because 'vulnerabilities in v1.29 used by the SpringBoot version used in this module'
+        }
+        testImplementation(libs.comGoogleGuava) {
+            because 'security issues'
+        }
+    }
+    compileOnly libs.orgProjectlombokLombok
+    annotationProcessor libs.orgProjectlombokLombok
 }
 
 application {

components/inspectit-ocelot-configurationserver-ui/build.gradle

@@ -1,7 +1,7 @@
 import org.gradle.internal.os.OperatingSystem
 
 plugins {
-    id 'com.github.node-gradle.node' version "${nodeGradleVersion}"
+    alias(libs.plugins.comGithubNodeGradleNode)
 }
 
 apply plugin: 'idea'
@@ -70,3 +70,19 @@ tasks.register('buildFrontend', YarnTask) {
     args = ['export']
     environment = [NODE_OPTIONS: "--openssl-legacy-provider"]
 }
+
+tasks.register('outdated', YarnTask) {
+    args = ['outdated']
+}
+
+//tasks.register('npmCheckUpdates', NpxTask) {
+//    command = 'npm-check-updates'
+//}
+
+tasks.register('upgradeInteractive', YarnTask) {
+    args = ['upgradeInteractive']
+}
+
+tasks.register('upgradeInteractiveLatest', YarnTask) {
+    args = ['upgradeInteractive', '--latest']
+}

components/inspectit-ocelot-configurationserver/build.gradle

@@ -1,10 +1,10 @@
 import org.springframework.boot.gradle.tasks.bundling.BootJar
 
 plugins {
-    id 'com.palantir.docker' version "${palantirDockerVersion}"
-    id 'org.springframework.boot' version "${springBootVersion}"
-    id 'org.cyclonedx.bom' version "${cyclonedxBomVersion}"
-    id 'io.spring.dependency-management' version "${springDependencyManangementVersion}"
+    alias(libs.plugins.comPalantirDocker)
+    alias(libs.plugins.orgSpringframeworkBoot)
+    alias(libs.plugins.orgCyclonedxBom)
+    alias(libs.plugins.ioSpringDependencyManagement)
 }
 
 apply plugin: 'idea'
@@ -60,59 +60,63 @@ test {
 }
 
 dependencies {
-    compileOnly "org.projectlombok:lombok"
-    annotationProcessor "org.projectlombok:lombok"
+    compileOnly libs.orgProjectlombokLombok
+    annotationProcessor libs.orgProjectlombokLombok
 }
 
 dependencies {
     implementation(
             project(':inspectit-ocelot-config'),
             // this is necessary as inspectit-ocelot-config needs it, but can
             // only use a compile-only (see details over there)
-            "io.opentelemetry:opentelemetry-sdk-metrics:${openTelemetryVersion}",
+            libs.ioOpentelemetryOpentelemetrySdkMetrics,
             project(':inspectit-ocelot-configdocsgenerator'),
 
-            "org.springframework.boot:spring-boot-starter-web",
-            "org.springframework.boot:spring-boot-starter-data-jpa",
-            "org.springframework.boot:spring-boot-starter-validation",
-            "org.springframework.security:spring-security-web",
-            "org.springframework.security:spring-security-config",
-            "org.springframework.ldap:spring-ldap-core",
-            "org.springframework.security:spring-security-ldap",
-            'org.springframework.boot:spring-boot-starter-actuator',
-
-            // spring related
-            "org.yaml:snakeyaml:${snakeYamlVersion}",
-
-            'org.apache.httpcomponents:httpclient', //Required for PATCH-Requests
-
-            "org.xerial:sqlite-jdbc:${sqliteVersion}",
-            "com.github.gwenn:sqlite-dialect:${sqliteDialect}",
-            "io.jsonwebtoken:jjwt-api:${jsonWebTokenVersion}",
-            "io.jsonwebtoken:jjwt-impl:${jsonWebTokenVersion}",
-            "io.jsonwebtoken:jjwt-jackson:${jsonWebTokenVersion}",
-            "commons-io:commons-io:${commonsIoVersion}",
-            "org.apache.commons:commons-lang3",
-            "org.flywaydb:flyway-core",
-            "org.eclipse.jgit:org.eclipse.jgit:${eclipseJgitVersion}",
-            "org.eclipse.jgit:org.eclipse.jgit.ssh.jsch:${eclipseJgitVersion}",
-            "com.google.code.gson:gson",
-            "com.google.guava:guava:${guavaVersionConfigServer}",
+            libs.orgSpringframeworkBootSpringBootStarterWeb,
+            libs.orgSpringframeworkBootSpringBootStarterDataJpa,
+            libs.orgSpringframeworkBootSpringBootStartervalidation,
+            libs.orgSpringframeworkSecuritySpringSecurityWeb,
+            libs.orgSpringframeworksecuritySpringSecurityConfig,
+            libs.orgSpringframeworkLdapSpringLdapCore,
+            libs.orgSpringframeworkSecuritySpringSecurityLdap,
+            libs.orgSpringframeworkBootSpringBootStarterActuator,
+
+            libs.orgYamlSnakeyaml,
+
+            libs.orgApacheHttpcomponentsHttpclient, //Required for PATCH-Requests
+
+            libs.orgXerialSqliteJdbc,
+            libs.comGithubGwennSqliteDialect,
+            libs.bundles.jsonwebtoken,
+            libs.commonsIo,
+            libs.orgApacheCommonsCommonsLang3,
+            libs.orgFlywaydbFlywayCore,
+            libs.bundles.jgit,
+            libs.comGoogleCodeGson,
 
             // swagger
-            "org.springdoc:springdoc-openapi-ui:${springdocOopenapiUiVersion}",
+            libs.orgSpringdocSpringdocOpenapiUi,
+
+            libs.comGoogleGuavaConfigServer
     )
     testImplementation(
-            'org.springframework.boot:spring-boot-starter-test',
-            'org.springframework.security:spring-security-test',
-            'org.junit.jupiter:junit-jupiter-api',
-            'org.mockito:mockito-junit-jupiter',
-            // That version is important. If we stick to the version provided by Spring Boot Bom
-            // database initialization scripts will fail.
-            "com.h2database:h2:${h2Version}",
-            'org.awaitility:awaitility'
+            libs.orgSpringframeworkBootSpringBootStarterTest,
+            libs.orgSpringframeworkSecuritySpringSecurityTest,
+            libs.orgJunitJupiterJunitJupiterApi,
+            libs.orgMockitoMockitoJunitJupiter,
+            libs.comH2databaseH2,
+            libs.orgAwaitility
     )
-    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
+    testRuntimeOnly libs.orgJunitJupiterJunitJupiterEngine
+
+    constraints {
+        implementation(libs.orgYamlSnakeyaml) {
+            because 'spring related'
+        }
+        testImplementation(libs.comH2databaseH2) {
+            because 'If we stick to the version provided by Spring Boot Bom database initialization scripts will fail'
+        }
+    }
 }
 
 tasks.register('copyServerJar', Copy) {