Update to v1.1.0

.github/dependabot.yml

@@ -11,6 +11,12 @@ updates:
         update-types:
           - minor
           - patch
+      dev-dependencies:
+        applies-to: version-updates
+        dependency-type: development
+        update-types:
+          - minor
+          - patch
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master" ]
+    branches: [ "master", "v2" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches: [ "master", "v2" ]
   schedule:
     - cron: '17 12 * * 1'
 
@@ -36,11 +36,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -67,4 +67,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/maven.yml

@@ -5,24 +5,32 @@ name: Java CI with Maven
 
 on:
   push:
-    branches: [ "master" ]
+    branches: ["master", "v2"]
   pull_request:
-    branches: [ "master" ]
+    branches: ["master", "v2"]
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up JDK 11
-      uses: actions/setup-java@v3
-      with:
-        java-version: '11'
-        distribution: 'temurin'
-        cache: maven
-    - name: Build with Maven
-      run: mvn -B package --file pom.xml
-    - name: Codecov
-      uses: codecov/codecov-action@v3.1.0
+      - uses: actions/checkout@v5
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: "21"
+          distribution: "corretto"
+          cache: maven
+      - name: Maven version
+        run: mvn --version
+      - name: Build with Maven
+        run: mvn clean package
+      - name: Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          fail_ci_if_error: true
+          use_oidc: true

pom.xml

@@ -3,7 +3,7 @@
 
     <groupId>com.amazonaws.secretsmanager</groupId>
     <artifactId>aws-secretsmanager-caching-java</artifactId>
-    <version>1.0.2</version>
+    <version>1.1.0</version>
     <packaging>jar</packaging>
 
 
@@ -35,41 +35,43 @@
     </scm>
 
     <properties>
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <checkstyle.plugin.version>3.1.2</checkstyle.plugin.version>
-        <findbugs.plugin.version>3.0.5</findbugs.plugin.version>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-secretsmanager</artifactId>
-            <version>1.12.264</version>
+            <version>1.12.793</version>
         </dependency>
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
-            <version>7.7.0</version>
+            <version>7.11.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
-            <artifactId>mockito-all</artifactId>
-            <version>1.10.19</version>
+            <artifactId>mockito-core</artifactId>
+            <version>5.20.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>4.9.8</version>
+            <scope>compile</scope>
+        </dependency>
+
     </dependencies>
     <build>
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.13.0</version>
                 <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
+                    <release>8</release>
                     <compilerArgument>-Xlint:all</compilerArgument>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>true</showDeprecation>
@@ -78,7 +80,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.3.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -91,7 +93,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.4.0</version>
+                <version>3.12.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>
@@ -103,10 +105,9 @@
             </plugin>
             <plugin>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-                <version>${checkstyle.plugin.version}</version>
+                <version>3.6.0</version>
                 <configuration>
                     <configLocation>${basedir}/config/checkstyle/checkstyle.xml</configLocation>
-                    <encoding>${project.build.sourceEncoding}</encoding>
                     <consoleOutput>true</consoleOutput>
                     <failsOnError>true</failsOnError>
                     <linkXRef>false</linkXRef>
@@ -124,9 +125,9 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>${findbugs.plugin.version}</version>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>4.9.8.1</version>
                 <configuration>
                     <effort>Max</effort>
                     <threshold>Low</threshold>
@@ -146,7 +147,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.8</version>
+                <version>0.8.14</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -174,7 +175,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.0.1</version>
+                        <version>3.2.8</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -186,14 +187,12 @@
                         </executions>
                     </plugin>
                     <plugin>
-                        <groupId>org.sonatype.plugins</groupId>
-                        <artifactId>nexus-staging-maven-plugin</artifactId>
-                        <version>1.6.13</version>
+                        <groupId>org.sonatype.central</groupId>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
+                        <version>0.9.0</version>
                         <extensions>true</extensions>
                         <configuration>
-                            <serverId>sonatype-nexus-staging</serverId>
-                            <nexusUrl>https://aws.oss.sonatype.org</nexusUrl>
-                            <autoReleaseAfterClose>true</autoReleaseAfterClose>
+                            <publishingServerId>central</publishingServerId>
                         </configuration>
                     </plugin>
                 </plugins>

src/main/java/com/amazonaws/secretsmanager/caching/SecretCacheConfiguration.java

@@ -14,6 +14,7 @@
 package com.amazonaws.secretsmanager.caching;
 
 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
 import java.util.concurrent.TimeUnit;
 
@@ -71,6 +72,7 @@ public SecretCacheConfiguration() {
      *
      * @return The AWS Secrets Manager client.
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP")
     public AWSSecretsManager getClient() {
         return client;
     }
@@ -83,6 +85,7 @@ public AWSSecretsManager getClient() {
      * @param client
      *            The AWS Secrets Manager client.
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP2")
     public void setClient(AWSSecretsManager client) {
         this.client = client;
     }
@@ -106,6 +109,7 @@ public SecretCacheConfiguration withClient(AWSSecretsManager client) {
      *
      * @return The object used to hook in-memory cache updates.
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP")
     public SecretCacheHook getCacheHook() {
         return cacheHook;
     }
@@ -117,6 +121,7 @@ public SecretCacheHook getCacheHook() {
      * @param cacheHook
      *            The interface used to hook the in-memory cache.
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP2")
     public void setCacheHook(SecretCacheHook cacheHook) {
         this.cacheHook = cacheHook;
     }

src/main/java/com/amazonaws/secretsmanager/caching/cache/SecretCacheObject.java

@@ -16,13 +16,15 @@
 import com.amazonaws.AmazonWebServiceRequest;
 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
 import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import com.amazonaws.secretsmanager.caching.cache.internal.VersionInfo;
 import com.amazonaws.secretsmanager.caching.SecretCacheConfiguration;
 
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ThreadLocalRandom;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
  * Basic secret caching object.
@@ -61,7 +63,7 @@ public abstract class SecretCacheObject<T> {
     protected final SecretCacheConfiguration config;
 
     /** A flag to indicate a refresh is needed. */
-    private boolean refreshNeeded = true;
+    private AtomicBoolean refreshNeeded = new AtomicBoolean(true);
 
     /** The result of the last AWS Secrets Manager request for this item. */
     private Object data = null;
@@ -96,6 +98,7 @@ public abstract class SecretCacheObject<T> {
      * @param config
      *            The secret cache configuration.
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP2")
     public SecretCacheObject(final String secretId,
                              final AWSSecretsManager client,
                              final SecretCacheConfiguration config) {
@@ -160,7 +163,7 @@ private void setResult(T result) {
      * @return True if the secret item should be refreshed.
      */
     protected boolean isRefreshNeeded() {
-        if (this.refreshNeeded) { return true; }
+        if (this.refreshNeeded.get()) { return true; }
         if (null != this.exception) {
             // If we encountered an exception on the last attempt
             // we do not want to keep retrying without a pause between
@@ -183,7 +186,7 @@ protected boolean isRefreshNeeded() {
      */
     private void refresh() {
         if (!this.isRefreshNeeded()) { return; }
-        this.refreshNeeded = false;
+        this.refreshNeeded.set(false);
         try {
             this.setResult(this.executeRefresh());
             this.exception = null;
@@ -255,7 +258,7 @@ private ByteBuffer clone(ByteBuffer b) {
      *             If the thread is interrupted while waiting for the refresh.
      */
     public boolean refreshNow() throws InterruptedException {
-        this.refreshNeeded = true;
+        this.refreshNeeded.set(true);
         // When forcing a refresh, always sleep with a random jitter
         // to prevent coding errors that could be calling refreshNow
         // in a loop.
@@ -285,6 +288,7 @@ public boolean refreshNow() throws InterruptedException {
      *
      * @return The cached GetSecretValue result.
      */
+    @SuppressFBWarnings("THROWS_METHOD_THROWS_RUNTIMEEXCEPTION")
     public GetSecretValueResult getSecretValue() {
         synchronized (lock) {
             refresh();

src/main/java/com/amazonaws/secretsmanager/caching/cache/internal/VersionInfo.java

@@ -14,22 +14,20 @@
 package com.amazonaws.secretsmanager.caching.cache.internal;
 
 /**
- * This class specifies the versioning system for the AWS SecretsManager caching client.
+ * This class specifies the versioning system for the AWS SecretsManager caching
+ * client.
  */
 public class VersionInfo {
-    // incremented for design changes that break backward compatibility.
-    public static final String VERSION_NUM = "1";
-    // incremented for major changes to the implementation
-    public static final String MAJOR_REVISION_NUM = "1";
-    // incremented for minor changes to the implementation
-    public static final String MINOR_REVISION_NUM = "0";
-    // incremented for releases containing an immediate bug fix.
-    public static final String BUGFIX_REVISION_NUM = "0";
-
-    public static final String RELEASE_VERSION = VERSION_NUM + "." + MAJOR_REVISION_NUM + "." + MINOR_REVISION_NUM
-            + "." + BUGFIX_REVISION_NUM;
+    /**
+     * Library version number
+     */
+    public static final String RELEASE_VERSION = "1.1.0";
 
+    /**
+     * User agent for AWS Secrets Manager API calls.
+     */
     public static final String USER_AGENT = "AwsSecretCache/" + RELEASE_VERSION;
 
-    private VersionInfo(){}
-}
+    private VersionInfo() {
+    }
+}