[PR] Bump cxf.wiremock.version from 3.4.0 to 3.4.1 [cxf]
dependabot[bot] opened a new pull request, #1698: URL: https://github.com/apache/cxf/pull/1698 Bumps `cxf.wiremock.version` from 3.4.0 to 3.4.1. Updates `org.wiremock:wiremock` from 3.4.0 to 3.4.1 Release notes Sourced from https://github.com/wiremock/wiremock/releases;>org.wiremock:wiremock's releases. 3.4.1 Bug fixes Revert Fix json-body not escaped properly (https://redirect.github.com/wiremock/wiremock/issues/2613;>#2613) https://github.com/tomakehurst;>@tomakehurst Fixes https://redirect.github.com/wiremock/wiremock/issues/2606;>#2606 - avoid appending identical sub-events repeatedly (https://redirect.github.com/wiremock/wiremock/issues/2614;>#2614) https://github.com/tomakehurst;>@tomakehurst Add a custom number comparator to the Json Diff to trim trailing zeros (https://redirect.github.com/wiremock/wiremock/issues/2611;>#2611) https://github.com/leeturner;>@leeturner Refactor JsonNodeFactory(true) in favour of a JsonNodeFeature (https://redirect.github.com/wiremock/wiremock/issues/2612;>#2612) https://github.com/leeturner;>@leeturner Commits https://github.com/wiremock/wiremock/commit/d68e984a138d3608149229b92e763a2c21362846;>d68e984 Revert Fix json-body not escaped properly as this produces badly formed JSO... https://github.com/wiremock/wiremock/commit/da0d9c41abf5648dbc777804309b7cfffd80c26c;>da0d9c4 Bumped patch version https://github.com/wiremock/wiremock/commit/ec5ebeee31cd3697d86a7a973f2cdd792675b4a5;>ec5ebee Added more tests for sub-event deduplication and fixed a bug discovered as a ... https://github.com/wiremock/wiremock/commit/871b0abbb205128b8f8ceb4574f1ae521f068bda;>871b0ab Fixed formatting issues https://github.com/wiremock/wiremock/commit/be44c6b5083290bd1a52ed1e163eed37177ed039;>be44c6b Fixes https://redirect.github.com/wiremock/wiremock/issues/2606;>#2606 - avoid appending identical sub-events repeatedly to avoid resour... https://github.com/wiremock/wiremock/commit/2fe362be9b965d7680e41c97f182fbe02a1df18d;>2fe362b Added RELEASING.md https://github.com/wiremock/wiremock/commit/f7aad0a2cc8ca9bacbb7a3d92a9d77f955992aed;>f7aad0a [FIX] Add a custom number comparator to the Json Diff to trim trailing zeros ... https://github.com/wiremock/wiremock/commit/e649af3380d7b1c26550e5542f8466195f8f1501;>e649af3 Refactor JsonNodeFactory(true) in favour of a JsonNodeFeature (https://redirect.github.com/wiremock/wiremock/issues/2612;>#2612) https://github.com/wiremock/wiremock/commit/0c41803a69d017d67f8a2918356ad8bc3e0a5236;>0c41803 Added final release stages to Actions workflow https://github.com/wiremock/wiremock/commit/6c5c191ca28ccd95aafdd8a26d05767a29000aad;>6c5c191 Further attempt at fixing build task dependencies Additional commits viewable in https://github.com/wiremock/wiremock/compare/3.4.0...3.4.1;>compare view Updates `org.wiremock:wiremock-standalone` from 3.4.0 to 3.4.1 Release notes Sourced from https://github.com/wiremock/wiremock/releases;>org.wiremock:wiremock-standalone's releases. 3.4.1 Bug fixes Revert Fix json-body not escaped properly (https://redirect.github.com/wiremock/wiremock/issues/2613;>#2613) https://github.com/tomakehurst;>@tomakehurst Fixes https://redirect.github.com/wiremock/wiremock/issues/2606;>#2606 - avoid appending identical sub-events repeatedly (https://redirect.github.com/wiremock/wiremock/issues/2614;>#2614) https://github.com/tomakehurst;>@tomakehurst Add a custom number comparator to the Json Diff to trim trailing zeros (https://redirect.github.com/wiremock/wiremock/issues/2611;>#2611) https://github.com/leeturner;>@leeturner Refactor JsonNodeFactory(true) in favour of a JsonNodeFeature (https://redirect.github.com/wiremock/wiremock/issues/2612;>#2612) https://github.com/leeturner;>@leeturner Commits https://github.com/wiremock/wiremock/commit/d68e984a138d3608149229b92e763a2c21362846;>d68e984 Revert Fix json-body not escaped properly as this produces badly formed JSO... https://github.com/wiremock/wiremock/commit/da0d9c41abf5648dbc777804309b7cfffd80c26c;>da0d9c4 Bumped patch version https://github.com/wiremock/wiremock/commit/ec5ebeee31cd3697d86a7a973f2cdd792675b4a5;>ec5ebee Added more tests for sub-event deduplication and fixed a bug discovered as a ... https://github.com/wiremock/wiremock/commit/871b0abbb205128b8f8ceb4574f1ae521f068bda;>871b0ab Fixed formatting issues https://github.com/wiremock/wiremock/commit/be44c6b5083290bd1a52ed1e163eed37177ed039;>be44c6b Fixes https://redirect.github.com/wiremock/wiremock/issues/2606;>#2606 - avoid appending identical sub-events repeatedly to avoid resour... https://github.com/wiremock/wiremock/commit/2fe362be9b965d7680e41c97f182fbe02a1df18d;>2fe362b Added RELEASING.md https://github.com/wiremock/wiremock/commit/f7aad0a2cc8ca9bacbb7a3d92a9d77f955992aed;>f7aad0a
[PR] Bump org.apache.camel.springboot:camel-spring-boot-dependencies from 4.0.2 to 4.4.0 [cxf]
dependabot[bot] opened a new pull request, #1697: URL: https://github.com/apache/cxf/pull/1697 Bumps org.apache.camel.springboot:camel-spring-boot-dependencies from 4.0.2 to 4.4.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.camel.springboot:camel-spring-boot-dependencies=maven=4.0.2=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: Plans for release 4.0.4?
Thanks so much, Colm! Freeman On Mon, Feb 19, 2024 at 5:42 AM Colm O hEigeartaigh wrote: > I've called a vote on Santuario today, so I'll try to release and get > a WSS4J vote started by end of week. > > Colm. > > On Tue, Feb 13, 2024 at 11:09 PM Andriy Redko wrote: > > > > Hi Colm, > > > > I think it would be good to have a release soon-ish, but by and large, I > don't think > > we have hard deadline for it, please feel free to proceed as per your > judgement. > > Thank you. > > > > Best Regards, > > Andriy Redko > > > > > Sorry it turns out I'll need to get Santuario 3.0.4 out first. Do I > > > have time to do this and WSS4J before the next CXF release? > > > > > Colm. > > > > > On Tue, Feb 13, 2024 at 3:28 PM Freeman Fang > wrote: > > >> Thanks Colm! > > >> On Tue, Feb 13, 2024 at 10:18 AM Colm O hEigeartaigh < > cohei...@apache.org> wrote: > > >>> Yes, I'll call a vote today on WSS4J 3.0.3. > > >>> Colm. > > >>> On Tue, Feb 13, 2024 at 2:28 PM Freeman Fang > wrote: > > +1 to release Apache CXF 4.0.4 > > @Colm O hEigeartaigh Any chance we could have a WSS4J 3.0.3 release > soon? > > Thanks! > > Freeman > > On Tue, Feb 13, 2024 at 7:15 AM Jiri Ondrusek > wrote: > > > Hi, > > > just for your information, the PR ( > https://github.com/apache/cxf/pull/1660) > > > requires version of wss4f to be 3.0.3 (to contain > > > https://issues.apache.org/jira/browse/WSS-709) > > > Best regards, > > > Jiri > > > On Tue, Feb 13, 2024 at 10:53 AM Peter Palaga > wrote: > > >> Thanks, great to hear that, Andriy. > > > > >> It would be great if we could get > > >> https://github.com/apache/cxf/pull/1660 merged in some form > before the > > >> release. > > >> The main motivation is to be able to run CXF on FIPS-enabled > systems. If > > >> the customized algo suite, that the PR proposes, is questionable, > I'd be > > >> also fine with introducing a couple of new suites with fixed > > >> non-standard names, like already done in the past for fixing > CVEs. It > > >> would be nice to hear other community members' thoughts. > > >> Thanks again, > > >> -- Peter > > >> On 13/02/2024 02:35, Andriy Redko wrote: > > >>> Hi Peter, > > >>> Thanks a lot for reminding, I belive we are long overdue on > that, @Dan, > > >> @Colm > > >>> may need your help please preparing the next release train (or > any > > >> objection folks)? > > >>> Thank you! > > >>> Best Regards, > > >>> Andriy Redko > > Hi, > > we are preparing Quarkus CXF to release it for Quarkus 3.8 > which is > > >> going to be a LTS (Long Term Support) release. > > I wonder whether we could count on getting CXF 4.0.4 by > February 21st > > >> to be able to use it in that release? > > Thanks, > > -- Peter > > > -- > > > Jiri Ondrusek > > > Senior Software Engineer > > > Red Hat Fuse > > >
Re: Plans for release 4.0.4?
Thanks a lot, Colm! > I've called a vote on Santuario today, so I'll try to release and get > a WSS4J vote started by end of week. > Colm. > On Tue, Feb 13, 2024 at 11:09 PM Andriy Redko wrote: >> Hi Colm, >> I think it would be good to have a release soon-ish, but by and large, I >> don't think >> we have hard deadline for it, please feel free to proceed as per your >> judgement. >> Thank you. >> Best Regards, >> Andriy Redko >>> Sorry it turns out I'll need to get Santuario 3.0.4 out first. Do I >>> have time to do this and WSS4J before the next CXF release? >>> Colm. >>> On Tue, Feb 13, 2024 at 3:28 PM Freeman Fang wrote: Thanks Colm! On Tue, Feb 13, 2024 at 10:18 AM Colm O hEigeartaigh wrote: > Yes, I'll call a vote today on WSS4J 3.0.3. > Colm. > On Tue, Feb 13, 2024 at 2:28 PM Freeman Fang > wrote: >> +1 to release Apache CXF 4.0.4 >> @Colm O hEigeartaigh Any chance we could have a WSS4J 3.0.3 release soon? >> Thanks! >> Freeman >> On Tue, Feb 13, 2024 at 7:15 AM Jiri Ondrusek >> wrote: >>> Hi, >>> just for your information, the PR >>> (https://github.com/apache/cxf/pull/1660) >>> requires version of wss4f to be 3.0.3 (to contain >>> https://issues.apache.org/jira/browse/WSS-709) >>> Best regards, >>> Jiri >>> On Tue, Feb 13, 2024 at 10:53 AM Peter Palaga >>> wrote: Thanks, great to hear that, Andriy. It would be great if we could get https://github.com/apache/cxf/pull/1660 merged in some form before the release. The main motivation is to be able to run CXF on FIPS-enabled systems. If the customized algo suite, that the PR proposes, is questionable, I'd be also fine with introducing a couple of new suites with fixed non-standard names, like already done in the past for fixing CVEs. It would be nice to hear other community members' thoughts. Thanks again, -- Peter On 13/02/2024 02:35, Andriy Redko wrote: > Hi Peter, > Thanks a lot for reminding, I belive we are long overdue on that, > @Dan, @Colm > may need your help please preparing the next release train (or any objection folks)? > Thank you! > Best Regards, > Andriy Redko >> Hi, >> we are preparing Quarkus CXF to release it for Quarkus 3.8 which is going to be a LTS (Long Term Support) release. >> I wonder whether we could count on getting CXF 4.0.4 by February 21st to be able to use it in that release? >> Thanks, >> -- Peter >>> -- >>> Jiri Ondrusek >>> Senior Software Engineer >>> Red Hat Fuse
Re: [PR] Bump cxf.spring.security.version from 6.0.8 to 6.2.2 [cxf]
dependabot[bot] commented on PR #1695: URL: https://github.com/apache/cxf/pull/1695#issuecomment-1952385065 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump cxf.spring.security.version from 6.0.8 to 6.2.2 [cxf]
reta closed pull request #1695: Bump cxf.spring.security.version from 6.0.8 to 6.2.2 URL: https://github.com/apache/cxf/pull/1695 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump tomcat.version from 9.0.85 to 9.0.86 [cxf-fediz]
dependabot[bot] opened a new pull request, #250: URL: https://github.com/apache/cxf-fediz/pull/250 Bumps `tomcat.version` from 9.0.85 to 9.0.86. Updates `org.apache.tomcat:tomcat-catalina` from 9.0.85 to 9.0.86 Updates `org.apache.tomcat.embed:tomcat-embed-core` from 9.0.85 to 9.0.86 Updates `org.apache.tomcat.embed:tomcat-embed-jasper` from 9.0.85 to 9.0.86 Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 10.a, < 11] | | org.apache.tomcat.embed:tomcat-embed-jasper | [>= 10.a, < 11] | | org.apache.tomcat:tomcat-catalina | [>= 10.a, < 11] | Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: Plans for release 4.0.4?
I've called a vote on Santuario today, so I'll try to release and get a WSS4J vote started by end of week. Colm. On Tue, Feb 13, 2024 at 11:09 PM Andriy Redko wrote: > > Hi Colm, > > I think it would be good to have a release soon-ish, but by and large, I > don't think > we have hard deadline for it, please feel free to proceed as per your > judgement. > Thank you. > > Best Regards, > Andriy Redko > > > Sorry it turns out I'll need to get Santuario 3.0.4 out first. Do I > > have time to do this and WSS4J before the next CXF release? > > > Colm. > > > On Tue, Feb 13, 2024 at 3:28 PM Freeman Fang wrote: > >> Thanks Colm! > >> On Tue, Feb 13, 2024 at 10:18 AM Colm O hEigeartaigh > >> wrote: > >>> Yes, I'll call a vote today on WSS4J 3.0.3. > >>> Colm. > >>> On Tue, Feb 13, 2024 at 2:28 PM Freeman Fang > >>> wrote: > +1 to release Apache CXF 4.0.4 > @Colm O hEigeartaigh Any chance we could have a WSS4J 3.0.3 release soon? > Thanks! > Freeman > On Tue, Feb 13, 2024 at 7:15 AM Jiri Ondrusek > wrote: > > Hi, > > just for your information, the PR > > (https://github.com/apache/cxf/pull/1660) > > requires version of wss4f to be 3.0.3 (to contain > > https://issues.apache.org/jira/browse/WSS-709) > > Best regards, > > Jiri > > On Tue, Feb 13, 2024 at 10:53 AM Peter Palaga > > wrote: > >> Thanks, great to hear that, Andriy. > > >> It would be great if we could get > >> https://github.com/apache/cxf/pull/1660 merged in some form before the > >> release. > >> The main motivation is to be able to run CXF on FIPS-enabled systems. > >> If > >> the customized algo suite, that the PR proposes, is questionable, I'd > >> be > >> also fine with introducing a couple of new suites with fixed > >> non-standard names, like already done in the past for fixing CVEs. It > >> would be nice to hear other community members' thoughts. > >> Thanks again, > >> -- Peter > >> On 13/02/2024 02:35, Andriy Redko wrote: > >>> Hi Peter, > >>> Thanks a lot for reminding, I belive we are long overdue on that, > >>> @Dan, > >> @Colm > >>> may need your help please preparing the next release train (or any > >> objection folks)? > >>> Thank you! > >>> Best Regards, > >>> Andriy Redko > Hi, > we are preparing Quarkus CXF to release it for Quarkus 3.8 which is > >> going to be a LTS (Long Term Support) release. > I wonder whether we could count on getting CXF 4.0.4 by February 21st > >> to be able to use it in that release? > Thanks, > -- Peter > > -- > > Jiri Ondrusek > > Senior Software Engineer > > Red Hat Fuse >
Re: [PR] Bump spring.version from 5.3.31 to 5.3.32 [cxf-fediz]
coheigea merged PR #249: URL: https://github.com/apache/cxf-fediz/pull/249 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org