Merge branch 'main' into dependabot/pip/dot-github/setuptools-75.8.0

Author: berndgassmann

.github/workflows/build_test.yml

@@ -45,7 +45,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 

.github/workflows/check_documentation.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 
@@ -46,7 +46,7 @@ jobs:
         bash .github/workflows/code_coverage.sh
 
     - name: Upload coverage as artifact
-      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
       with:
         name: coverage_report
         path: ./coverage

.github/workflows/code_format_check.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 

.github/workflows/codeql.yml

@@ -26,7 +26,7 @@ permissions:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       actions: read
       contents: read
@@ -39,6 +39,9 @@ jobs:
         # CodeQL supports [ $supported-codeql-languages ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
+    env:
+      PYTHON_BINDING_VERSION: "3.10"
+
     steps:
       - name: Free Disk Space (Ubuntu)
         uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # main
@@ -57,7 +60,7 @@ jobs:
           swap-storage: true
 
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -69,7 +72,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -94,7 +97,7 @@ jobs:
           colcon build --event-handlers console_direct+ --executor sequential --packages-up-to ad_rss ad_rss_map_integration --cmake-args -DBUILD_HARDENING=ON -DBUILD_TESTING=ON -DBUILD_PYTHON_BINDING=ON
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           upload: false # disable the upload here - we will upload in a different action
           category: "/language:${{matrix.language}}"
@@ -110,7 +113,7 @@ jobs:
           output: sarif-results/${{ matrix.language }}.sarif
 
       - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: sarif-results/${{ matrix.language }}.sarif
 

.github/workflows/dependency-review.yml

@@ -14,10 +14,10 @@ permissions:
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/install_dependencies.sh

@@ -50,12 +50,12 @@ if [[ "${BUILD_DOCU}x" != "x" ]]; then
 fi
 
 if (( IS_UBUNTU_20_04 && IS_PYTHON_3_10 )); then
-  echo "!!!!!!! Ubunut 20.04 and python 3.10: compile boost 1.80 !!!!!!!"
+  echo "!!!!!!! Ubunut 20.04 and python 3.10: compile boost 1.78 !!!!!!!"
   pushd dependencies
 
   BOOST_VERSION=1.78.0
   BOOST_PACKAGE_BASENAME=boost_${BOOST_VERSION//./_}
-  wget "https://boostorg.jfrog.io/artifactory/main/release/${BOOST_VERSION}/source/${BOOST_PACKAGE_BASENAME}.tar.gz"
+  wget "https://archives.boost.io/release/${BOOST_VERSION}/source/${BOOST_PACKAGE_BASENAME}.tar.gz"
 
   tar -xzf ${BOOST_PACKAGE_BASENAME}.tar.gz
   pushd ${BOOST_PACKAGE_BASENAME}
@@ -85,4 +85,4 @@ if (( IS_UBUNTU_20_04 && IS_PYTHON_3_10 )); then
 fi
 
 sudo apt remove python3-pygments
-sudo pip${PYTHON_BINDING_VERSION} install -r .github/workflows/requirements.txt
+sudo python${PYTHON_BINDING_VERSION} -m pip install -r .github/workflows/requirements.txt

.github/workflows/requirements.txt

@@ -5,7 +5,7 @@ mdx_truly_sane_lists==1.3
 mkdocs==1.6.1
 pygccxml==2.6.1
 Pygments==2.18.0
-pymdown-extensions==10.13
+pymdown-extensions==10.14.3
 pyplusplus==1.8.5
 setuptools==75.8.0
 six==1.17.0

.github/workflows/scorecards.yml

@@ -20,7 +20,7 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecard analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -63,14 +63,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif

.github/workflows/wheels.yml

@@ -26,7 +26,7 @@ jobs:
       PYTHON_BINDING_VERSION: ${{ matrix.PYTHON_BINDING_VERSION }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -60,7 +60,7 @@ jobs:
           done
 
       - name: Publish wheels to PyPI
-        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # release/v1
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1
         if: ${{ github.event_name == 'release'}}
         with:
           user: __token__

ad_rss/CMakeLists.txt

@@ -5,7 +5,7 @@
 # SPDX-License-Identifier: LGPL-2.1-only
 #
 # ----------------- END LICENSE BLOCK -----------------------------------
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.10)
 
 include(../cmake/ad-rss-lib-version.cmake)
 project(ad_rss VERSION ${AD-RSS-LIB_VERSION})
@@ -26,7 +26,7 @@ include(CMakePackageConfigHelpers)
 set(ad_rss_TARGET_INCLUDE_DIRECTORIES)
 set(ad_rss_TARGET_LINK_LIBRARIES)
 
-find_package(Boost REQUIRED)
+find_package(Boost CONFIG REQUIRED)
 list(APPEND ad_rss_TARGET_INCLUDE_DIRECTORIES ${Boost_INCLUDE_DIRS})
 list(APPEND ad_rss_TARGET_LINK_LIBRARIES ${Boost_LIBRARIES})
 

ad_rss/cmake/Config.cmake.in

@@ -17,7 +17,7 @@
 
 include(CMakeFindDependencyMacro)
 
-find_package(Boost REQUIRED)
+find_package(Boost CONFIG REQUIRED)
 list(APPEND INCLUDE_DIRS ${Boost_INCLUDE_DIRS})
 list(APPEND LIBRARIES ${Boost_LIBRARIES})
 

ad_rss/python/CMakeLists.txt

@@ -16,7 +16,7 @@ get_target_property(AD_PHYSICS_INCLUDES ad_physics INTERFACE_INCLUDE_DIRECTORIES
 find_package(spdlog REQUIRED CONFIG)
 get_target_property(SPDLOG_INCLUDES spdlog::spdlog INTERFACE_INCLUDE_DIRECTORIES)
 
-find_package(Boost REQUIRED)
+find_package(Boost CONFIG REQUIRED)
 
 list(APPEND INCLUDE_DIRS ${Boost_INCLUDE_DIRS} ${AD_PHYSICS_INCLUDES} ${SPDLOG_INCLUDES})
 

ad_rss_map_integration/CMakeLists.txt

@@ -6,7 +6,7 @@
 #
 # ----------------- END LICENSE BLOCK -----------------------------------
 
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.10)
 
 include(../cmake/ad-rss-lib-version.cmake)
 project(ad_rss_map_integration VERSION ${AD-RSS-LIB_VERSION})

cmake/python-binding.cmake

@@ -43,13 +43,13 @@ function(find_python_binding_packages)
     find_package(PythonLibs EXACT "${PYTHON_BINDING_VERSION}" REQUIRED)
   endif()
 
-  find_package(Boost REQUIRED)
+  find_package(Boost CONFIG REQUIRED)
   if(${Boost_MAJOR_VERSION}.${Boost_MINOR_VERSION} VERSION_GREATER 1.66)
     set(BOOST_PYTHON_COMPONENT python${PYTHON_VERSION_MAJOR}${PYTHON_VERSION_MINOR})
   else()
     set(BOOST_PYTHON_COMPONENT python-py${PYTHON_VERSION_MAJOR}${PYTHON_VERSION_MINOR})
   endif()
-  find_package(Boost COMPONENTS REQUIRED ${BOOST_PYTHON_COMPONENT})
+  find_package(Boost CONFIG COMPONENTS REQUIRED ${BOOST_PYTHON_COMPONENT})
 
   set(PYTHON_BINDING_NAME
     "python${PYTHON_VERSION_MAJOR}${PYTHON_VERSION_MINOR}"