Re: [PR] Bump commons-cli:commons-cli from 1.5.0 to 1.6.0 [directory-server]
coheigea merged PR #131: URL: https://github.com/apache/directory-server/pull/131 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump commons-cli:commons-cli from 1.5.0 to 1.6.0 [directory-server]
coheigea commented on PR #131: URL: https://github.com/apache/directory-server/pull/131#issuecomment-1840113770 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 [directory-server]
coheigea merged PR #128: URL: https://github.com/apache/directory-server/pull/128 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump maven.version from 3.9.1 to 3.9.6 [directory-server]
coheigea merged PR #130: URL: https://github.com/apache/directory-server/pull/130 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump actions/setup-java from 3.13.0 to 4.0.0 [directory-server]
coheigea merged PR #129: URL: https://github.com/apache/directory-server/pull/129 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 [directory-server]
coheigea merged PR #132: URL: https://github.com/apache/directory-server/pull/132 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump actions/setup-java from 3.13.0 to 4.0.0 [directory-kerby]
coheigea merged PR #289: URL: https://github.com/apache/directory-kerby/pull/289 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.2 [directory-kerby]
coheigea merged PR #290: URL: https://github.com/apache/directory-kerby/pull/290 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump actions/setup-java from 3.13.0 to 4.0.0 [directory-ldap-api]
coheigea merged PR #63: URL: https://github.com/apache/directory-ldap-api/pull/63 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 [directory-ldap-api]
coheigea merged PR #64: URL: https://github.com/apache/directory-ldap-api/pull/64 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 [directory-ldap-api]
coheigea merged PR #65: URL: https://github.com/apache/directory-ldap-api/pull/65 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Serialization of equality filters broken?
Hi!
long story short: we have added some more check that break your code...
More detailed answer:
* when you inject some filter in your request, we parse it and try as
much as possible to detect which AttributeType is to be associated with
each attribute.
* Those AttributeTypes contain information about the type of attribute
(is it Human Readable (HR) or not).
* To do that, we need a SchemaManager which needs to be initialized at
some point
* Then we need to inject a parsed filter into the DsmlSearchRequest.
The code then looks like that:
SearchRequestDsml searchRequest = new
SearchRequestDsml(LdapApiServiceFactory.getSingleton());
SchemaManager schemaManager = new DefaultSchemaManager();
ExprNode filter = FilterParser.parse( schemaManager,
"(uid=SomeArbitraryBenignString)" );
searchRequest.setFilter( filter );
and now, the filter knows that uid is HR...
Ultra complex :/
There is no silmple way to get that fixed, because it's not simple to
propagate the schemaManager into all the DSML classes. Ideally speaking,
we should expose some method like:
searchRequest.setFilter( schemaManager, `
"(uid=SomeArbitraryBenignString)" );
to make the LDAP API life easier.
On 04/12/2023 21:18, Patrick Peer wrote:
Hello!
I recently upgraded the version of org.apache.directory.api:api-all from
2.1.0 to 2.1.5 in the dependencies of our product, which resulted in
some test failures on my end. As it seems, values for equality filters
are not set in the request anymore. For your convenience, I cobbled
together a minimal test case to reproduce the condition [1]. It works
with Version 2.1.0 and does not work with 2.1.5.
Upon further investigation, I think I found some issues
in org.apache.directory.api.dsmlv2.request.SearchRequestDsml.toDsml(Element, ExprNode)@2.1.5:
+ On line 559 value.isHumanReadable() is queried to decide whether to
use the value as is, or to encode it in base64. => This seems broken,
since, as far as I can tell,
the org.apache.directory.api.ldap.model.entry.Value.isHR flag is always
false at this particular point in the code.
+ org.apache.directory.api.dsmlv2.ParserUtils.base64Encode(Object) only
yields base64 values for byte[] and String, however here a
org.apache.directory.api.ldap.model.entry.Value is passed, which will
always result in an empty String.
The corresponding commit should be [2].
Do you agree that this is a bug, and should I jump through the hoops to
open a Jira issue, or is there an alternative/intended way to work
around this?
Cheers,
Patrick Peer
[1]
@Test
public void testMinimalEqualityRequest() throws Exception {
SearchRequestDsml searchRequest = new
SearchRequestDsml(LdapApiServiceFactory.getSingleton());
searchRequest.setFilter("(uid=SomeArbitraryBenignString)");
BatchRequestDsml batchRequest = new BatchRequestDsml();
batchRequest.addRequest(searchRequest);
String dsmlString = batchRequest.toDsml();
assertThat(dsmlString).contains("SomeArbitraryBenignString");
}
[2]
https://github.com/apache/directory-ldap-api/commit/1dd1248d33ffed80cc225e76b2769e4558bbc859
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
elecha...@apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 [directory-ldap-api]
dependabot[bot] opened a new pull request, #65: URL: https://github.com/apache/directory-ldap-api/pull/65 Bumps org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 [directory-ldap-api]
dependabot[bot] opened a new pull request, #64: URL: https://github.com/apache/directory-ldap-api/pull/64 Bumps org.apache.commons:commons-text from 1.10.0 to 1.11.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.mockito:mockito-core from 5.7.0 to 5.8.0 [directory-scimple]
bdemers merged PR #429: URL: https://github.com/apache/directory-scimple/pull/429 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump version.quarkus from 3.5.3 to 3.6.0 [directory-scimple]
bdemers merged PR #430: URL: https://github.com/apache/directory-scimple/pull/430 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump actions/setup-java from 3 to 4 [directory-scimple]
bdemers merged PR #428: URL: https://github.com/apache/directory-scimple/pull/428 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.1.0 to 4.8.2.0 [directory-scimple]
bdemers merged PR #432: URL: https://github.com/apache/directory-scimple/pull/432 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.glassfish.jersey:jersey-bom from 3.1.3 to 3.1.4 [directory-scimple]
bdemers merged PR #434: URL: https://github.com/apache/directory-scimple/pull/434 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.mockito:mockito-junit-jupiter from 5.7.0 to 5.8.0 [directory-scimple]
bdemers merged PR #433: URL: https://github.com/apache/directory-scimple/pull/433 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 [directory-server]
dependabot[bot] opened a new pull request, #132: URL: https://github.com/apache/directory-server/pull/132 Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.0. Release notes Sourced from https://github.com/codehaus-plexus/plexus-utils/releases;>org.codehaus.plexus:plexus-utils's releases. 4.0.0 Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate https://github.com/codehaus-plexus/plexus-xml/;>plexus-xml 4: if you need them, just use this new artifact as outlined in https://codehaus-plexus.github.io/plexus-xml/dependency-info.html;>https://codehaus-plexus.github.io/plexus-xml/dependency-info.html. Fix false difference detected with CachingOutputStream/CachingWriter when streams are flushed (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/252;>#252) https://github.com/gnodet;>@gnodet Dependency updates Switch to junit 5 (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/245;>#245) https://github.com/gnodet;>@gnodet Maintenance Switch to junit 5 (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/245;>#245) https://github.com/gnodet;>@gnodet Remove unused/unmaintained jira export (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/247;>#247) https://github.com/gnodet;>@gnodet Switch build ci workflow to master branch (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/250;>#250) https://github.com/slachiewicz;>@slachiewicz Bump maven-resources-plugin from 2.7 to 3.3.1 (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/209;>#209) https://github.com/dependabot;>@dependabot Fix SCM information (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/254;>#254) https://github.com/gnodet;>@gnodet Fix non contiguous imports (https://redirect.github.com/codehaus-plexus/plexus-utils/pull/255;>#255) https://github.com/gnodet;>@gnodet Commits https://github.com/codehaus-plexus/plexus-utils/commit/0803079106d268c234271ef6ddfce7e35f6def5a;>0803079 [maven-release-plugin] prepare release plexus-utils-4.0.0 https://github.com/codehaus-plexus/plexus-utils/commit/b342c7c93733074360fdfd31b0dd7246df8c7a83;>b342c7c Switch to released version of plexus-xml 4.0.0 https://github.com/codehaus-plexus/plexus-utils/commit/968a069aeb3fae38f55e8ec5e420dc4daea99ea9;>968a069 Reformat using spotless:apply https://github.com/codehaus-plexus/plexus-utils/commit/43153089d0a5f879f43e9161114cba6a5508af18;>4315308 Update to parent 13 https://github.com/codehaus-plexus/plexus-utils/commit/0a84396e95bba615544d7ee5e9e12a240f21dc9b;>0a84396 Fix SCM information (https://redirect.github.com/codehaus-plexus/plexus-utils/issues/254;>#254) https://github.com/codehaus-plexus/plexus-utils/commit/14ac2e1dbfaadbc4579a80b16e83aed0ac474cbc;>14ac2e1 Fix non contiguous imports (https://redirect.github.com/codehaus-plexus/plexus-utils/issues/255;>#255) https://github.com/codehaus-plexus/plexus-utils/commit/3bd741ddc1cc870969633b825b3b40559c75d418;>3bd741d Fix false difference detected with CachingOutputStream/CachingWriter when str... https://github.com/codehaus-plexus/plexus-utils/commit/b4ee91f9ff621fbf037a0ef169cacda54eb8c4cb;>b4ee91f Switch to junit 5 (https://redirect.github.com/codehaus-plexus/plexus-utils/issues/245;>#245) https://github.com/codehaus-plexus/plexus-utils/commit/60b1b79e42c81a00ca2507622e0b73370cdb67f5;>60b1b79 Remove unused/unmaintained jira export (https://redirect.github.com/codehaus-plexus/plexus-utils/issues/247;>#247) https://github.com/codehaus-plexus/plexus-utils/commit/cbca15afd728b8653ed651f16e01c6873fc603af;>cbca15a Switch build ci workflow to master branch (https://redirect.github.com/codehaus-plexus/plexus-utils/issues/250;>#250) Additional commits viewable in https://github.com/codehaus-plexus/plexus-utils/compare/plexus-utils-3.5.1...plexus-utils-4.0.0;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will
[PR] Bump commons-cli:commons-cli from 1.5.0 to 1.6.0 [directory-server]
dependabot[bot] opened a new pull request, #131: URL: https://github.com/apache/directory-server/pull/131 Bumps commons-cli:commons-cli from 1.5.0 to 1.6.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump actions/setup-java from 3.13.0 to 4.0.0 [directory-server]
dependabot[bot] opened a new pull request, #129: URL: https://github.com/apache/directory-server/pull/129 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3.13.0 to 4.0.0. Release notes Sourced from https://github.com/actions/setup-java/releases;>actions/setup-java's releases. v4.0.0 What's Changed In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16. Breaking changes Update Node.js runtime to version 20 by https://github.com/aparnajyothi-y;>@aparnajyothi-y in https://redirect.github.com/actions/setup-java/pull/558;>actions/setup-java#558 Non-breaking changes Adding support for microsoft openjdk 21.0.0 by https://github.com/ralfstuckert;>@ralfstuckert in https://redirect.github.com/actions/setup-java/pull/546;>actions/setup-java#546 Update @actions/cache dependency and documentation by https://github.com/IvanZosimov;>@IvanZosimov in https://redirect.github.com/actions/setup-java/pull/549;>actions/setup-java#549 Implementation of the cache-dependency-path option to control caching dependency by https://github.com/itchyny;>@itchyny in https://redirect.github.com/actions/setup-java/pull/499;>actions/setup-java#499 New Contributors https://github.com/ralfstuckert;>@ralfstuckert made their first contribution in https://redirect.github.com/actions/setup-java/pull/546;>actions/setup-java#546 https://github.com/itchyny;>@itchyny made their first contribution in https://redirect.github.com/actions/setup-java/pull/499;>actions/setup-java#499 Full Changelog: https://github.com/actions/setup-java/compare/v3...v4.0.0;>https://github.com/actions/setup-java/compare/v3...v4.0.0 Commits https://github.com/actions/setup-java/commit/387ac29b308b003ca37ba93a6cab5eb57c8f5f93;>387ac29 Upgrade Node to v20 (https://redirect.github.com/actions/setup-java/issues/558;>#558) https://github.com/actions/setup-java/commit/9eda6b51cc4f6ee99be3dd5537b85e389e47bda9;>9eda6b5 feat: implement cache-dependency-path option to control caching dependency (#... https://github.com/actions/setup-java/commit/78078da0cd035d0d177cc2cb696e05d96fba7d11;>78078da Update @actions/cache dependency and documentation (https://redirect.github.com/actions/setup-java/issues/549;>#549) https://github.com/actions/setup-java/commit/5caaba646e214abb5c4c808eb8fe13db519ab757;>5caaba6 add support for microsoft openjdk 21.0.0 (https://redirect.github.com/actions/setup-java/issues/546;>#546) See full diff in https://github.com/actions/setup-java/compare/0ab4596768b603586c0de567f2430c30f5b0d2b0...387ac29b308b003ca37ba93a6cab5eb57c8f5f93;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific
[PR] Bump maven.version from 3.9.1 to 3.9.6 [directory-server]
dependabot[bot] opened a new pull request, #130:
URL: https://github.com/apache/directory-server/pull/130
Bumps `maven.version` from 3.9.1 to 3.9.6.
Updates `org.apache.maven:maven-plugin-api` from 3.9.1 to 3.9.6
Release notes
Sourced from https://github.com/apache/maven/releases;>org.apache.maven:maven-plugin-api's
releases.
3.9.6
https://maven.apache.org/docs/3.9.6/release-notes.html;>Release
Notes - Maven - Version 3.9.6
Improvement
[https://issues.apache.org/jira/browse/MNG-7939;>MNG-7939]
- Allow to exclude plugins from validation
Dependency upgrade
[https://issues.apache.org/jira/browse/MNG-7913;>MNG-7913]
- Upgrade Sisu version to 0.9.0.M2
[https://issues.apache.org/jira/browse/MNG-7934;>MNG-7934]
- Upgrade Resolver version to 1.9.18
[https://issues.apache.org/jira/browse/MNG-7942;>MNG-7942]
- Upgrade to parent POM 41
[https://issues.apache.org/jira/browse/MNG-7943;>MNG-7943]
- Upgrade default plugin bindings
3.9.5
https://maven.apache.org/docs/3.9.5/release-notes.html;>Release
Notes - Maven - Version 3.9.5
Bug
[https://issues.apache.org/jira/browse/MNG-7851;>MNG-7851]
- Error message when modelVersion is 4.0 is confusing
Improvement
[https://issues.apache.org/jira/browse/MNG-7875;>MNG-7875]
- colorize transfer messages
[https://issues.apache.org/jira/browse/MNG-7895;>MNG-7895]
- Support ${project.basedir} in file profile activation
Task
[https://issues.apache.org/jira/browse/MNG-7856;>MNG-7856]
- Maven Resolver Provider classes ctor change
[https://issues.apache.org/jira/browse/MNG-7870;>MNG-7870]
- Undeprecate wrongly deprecated repository metadata
[https://issues.apache.org/jira/browse/MNG-7872;>MNG-7872]
- Deprecate org.apache.maven.repository.internal.MavenResolverModule
[https://issues.apache.org/jira/browse/MNG-7874;>MNG-7874]
- maven-resolver-provider: introduce NAME constants.
Dependency upgrade
[https://issues.apache.org/jira/browse/MNG-7859;>MNG-7859]
- Update to Resolver 1.9.16
3.9.4
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922version=12353369;>Release
Notes - Maven - Version 3.9.4
... (truncated)
Commits
https://github.com/apache/maven/commit/bc0240f3c744dd6b6ec2920b3cd08dcc295161ae;>bc0240f
[maven-release-plugin] prepare release maven-3.9.6
https://github.com/apache/maven/commit/e6cc6c53cb979f46e7cf97fc9bab686343500a94;>e6cc6c5
[MNG-7943] Upgrade default plugin bindings
https://github.com/apache/maven/commit/48adee3711705c65918b2c736e88093a052f30f8;>48adee3
[MNG-7934] Update to Resolver 1.9.18 (https://redirect.github.com/apache/maven/issues/1326;>#1326)
https://github.com/apache/maven/commit/da6c7e4bcac34677ad9e7d93f345d9c896866e1b;>da6c7e4
[MNG-7942] Upgrade maven-parent to 41
https://github.com/apache/maven/commit/95fa548e1db672ac7b102ff27585c82ed5ae9ed2;>95fa548
[MNG-7934] Update to Resolver 1.9.17 (https://redirect.github.com/apache/maven/issues/1321;>#1321)
https://github.com/apache/maven/commit/c54baa64b38c09c440a11285d560e47d894b2414;>c54baa6
[MNG-7939] Allow to exclude plugins from validation
https://github.com/apache/maven/commit/ecd59b7158e048a6298b8b52d44fccaba26065ad;>ecd59b7
[MNG-7913] Upgrade Sisu version (https://redirect.github.com/apache/maven/issues/1286;>#1286)
https://github.com/apache/maven/commit/53edd71c989d8f2f2b92ee0b281976772c78b927;>53edd71
Use the same branch name for ITs on Jenkins (https://redirect.github.com/apache/maven/issues/1263;>#1263)
https://github.com/apache/maven/commit/2bc44491af62fef51e17d6ad0172baff82c8d022;>2bc4449
The maven-3.9.x branch should fallback to maven-3.9.x branch of ITs
https://github.com/apache/maven/commit/6e532cd249c0413fb6885ca6dfcc67dce25f703d;>6e532cd
[maven-release-plugin] prepare for next development iteration
Additional commits viewable in https://github.com/apache/maven/compare/maven-3.9.1...maven-3.9.6;>compare
view
Updates `org.apache.maven:maven-core` from 3.9.1 to 3.9.6
Release notes
Sourced from https://github.com/apache/maven/releases;>org.apache.maven:maven-core's
releases.
3.9.6
https://maven.apache.org/docs/3.9.6/release-notes.html;>Release
Notes - Maven - Version 3.9.6
Improvement
[https://issues.apache.org/jira/browse/MNG-7939;>MNG-7939]
- Allow to exclude plugins from validation
Dependency upgrade
[https://issues.apache.org/jira/browse/MNG-7913;>MNG-7913]
- Upgrade Sisu version to 0.9.0.M2
[https://issues.apache.org/jira/browse/MNG-7934;>MNG-7934]
- Upgrade Resolver version to 1.9.18
[https://issues.apache.org/jira/browse/MNG-7942;>MNG-7942]
- Upgrade to parent POM 41
[https://issues.apache.org/jira/browse/MNG-7943;>MNG-7943]
- Upgrade default plugin bindings
3.9.5
https://maven.apache.org/docs/3.9.5/release-notes.html;>Release
Notes - Maven - Version 3.9.5
Serialization of equality filters broken?
Hello!
I recently upgraded the version of org.apache.directory.api:api-all from
2.1.0 to 2.1.5 in the dependencies of our product, which resulted in some
test failures on my end. As it seems, values for equality filters are not
set in the request anymore. For your convenience, I cobbled together a
minimal test case to reproduce the condition [1]. It works with Version
2.1.0 and does not work with 2.1.5.
Upon further investigation, I think I found some issues
in org.apache.directory.api.dsmlv2.request.SearchRequestDsml.toDsml(Element,
ExprNode)@2.1.5:
+ On line 559 value.isHumanReadable() is queried to decide whether to use
the value as is, or to encode it in base64. => This seems broken, since, as
far as I can tell, the org.apache.directory.api.ldap.model.entry.Value.isHR
flag is always false at this particular point in the code.
+ org.apache.directory.api.dsmlv2.ParserUtils.base64Encode(Object) only
yields base64 values for byte[] and String, however here a
org.apache.directory.api.ldap.model.entry.Value is passed, which will
always result in an empty String.
The corresponding commit should be [2].
Do you agree that this is a bug, and should I jump through the hoops to
open a Jira issue, or is there an alternative/intended way to work around
this?
Cheers,
Patrick Peer
[1]
@Test
public void testMinimalEqualityRequest() throws Exception {
SearchRequestDsml searchRequest = new
SearchRequestDsml(LdapApiServiceFactory.getSingleton());
searchRequest.setFilter("(uid=SomeArbitraryBenignString)");
BatchRequestDsml batchRequest = new BatchRequestDsml();
batchRequest.addRequest(searchRequest);
String dsmlString = batchRequest.toDsml();
assertThat(dsmlString).contains("SomeArbitraryBenignString");
}
[2]
https://github.com/apache/directory-ldap-api/commit/1dd1248d33ffed80cc225e76b2769e4558bbc859
[PR] Bump org.mockito:mockito-junit-jupiter from 5.7.0 to 5.8.0 [directory-scimple]
dependabot[bot] opened a new pull request, #433: URL: https://github.com/apache/directory-scimple/pull/433 Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.7.0 to 5.8.0. Release notes Sourced from https://github.com/mockito/mockito/releases;>org.mockito:mockito-junit-jupiter's releases. v5.8.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 5.8.0 2023-12-01 - https://github.com/mockito/mockito/compare/v5.7.0...v5.8.0;>15 commit(s) by Andreas Turban, Mikaël Francoeur, dependabot[bot], jfrantzius https://redirect.github.com/mockito/mockito/issues/3000;>#3000: fix ArrayIndexOutOfBoundsException [(https://redirect.github.com/mockito/mockito/issues/3190;>#3190)](https://redirect.github.com/mockito/mockito/pull/3190;>mockito/mockito#3190) Bump com.diffplug.spotless from 6.23.1 to 6.23.2 [(https://redirect.github.com/mockito/mockito/issues/3188;>#3188)](https://redirect.github.com/mockito/mockito/pull/3188;>mockito/mockito#3188) Bump com.diffplug.spotless from 6.23.0 to 6.23.1 [(https://redirect.github.com/mockito/mockito/issues/3186;>#3186)](https://redirect.github.com/mockito/mockito/pull/3186;>mockito/mockito#3186) Bump actions/setup-java from 3 to 4 [(https://redirect.github.com/mockito/mockito/issues/3185;>#3185)](https://redirect.github.com/mockito/mockito/pull/3185;>mockito/mockito#3185) Apply spotless to all java projects [(https://redirect.github.com/mockito/mockito/issues/3184;>#3184)](https://redirect.github.com/mockito/mockito/pull/3184;>mockito/mockito#3184) Bump com.diffplug.spotless from 6.22.0 to 6.23.0 [(https://redirect.github.com/mockito/mockito/issues/3182;>#3182)](https://redirect.github.com/mockito/mockito/pull/3182;>mockito/mockito#3182) Fixes https://redirect.github.com/mockito/mockito/issues/3179;>#3179 : Add module for Java 21 tests. [(https://redirect.github.com/mockito/mockito/issues/3180;>#3180)](https://redirect.github.com/mockito/mockito/pull/3180;>mockito/mockito#3180) Need separate module for java 21 tests [(https://redirect.github.com/mockito/mockito/issues/3179;>#3179)](https://redirect.github.com/mockito/mockito/issues/3179;>mockito/mockito#3179) Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 [(https://redirect.github.com/mockito/mockito/issues/3176;>#3176)](https://redirect.github.com/mockito/mockito/pull/3176;>mockito/mockito#3176) Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.20 to 1.9.21 [(https://redirect.github.com/mockito/mockito/issues/3175;>#3175)](https://redirect.github.com/mockito/mockito/pull/3175;>mockito/mockito#3175) Bump versions.bytebuddy from 1.14.9 to 1.14.10 [(https://redirect.github.com/mockito/mockito/issues/3174;>#3174)](https://redirect.github.com/mockito/mockito/pull/3174;>mockito/mockito#3174) Fixes https://redirect.github.com/mockito/mockito/issues/3160;>#3160 : Fix interference between spies when spying on records. [(https://redirect.github.com/mockito/mockito/issues/3173;>#3173)](https://redirect.github.com/mockito/mockito/pull/3173;>mockito/mockito#3173) Bump com.github.ben-manes.versions from 0.49.0 to 0.50.0 [(https://redirect.github.com/mockito/mockito/issues/3172;>#3172)](https://redirect.github.com/mockito/mockito/pull/3172;>mockito/mockito#3172) Bump versions.junitJupiter from 5.10.0 to 5.10.1 [(https://redirect.github.com/mockito/mockito/issues/3169;>#3169)](https://redirect.github.com/mockito/mockito/pull/3169;>mockito/mockito#3169) Bump org.junit.platform:junit-platform-launcher from 1.10.0 to 1.10.1 [(https://redirect.github.com/mockito/mockito/issues/3168;>#3168)](https://redirect.github.com/mockito/mockito/pull/3168;>mockito/mockito#3168) Deep Stubs Incompatible With Mocking Enum [(https://redirect.github.com/mockito/mockito/issues/3167;>#3167)](https://redirect.github.com/mockito/mockito/pull/3167;>mockito/mockito#3167) Annotation-based spying on a generic class breaks existing final/inline Spies [(https://redirect.github.com/mockito/mockito/issues/3160;>#3160)](https://redirect.github.com/mockito/mockito/issues/3160;>mockito/mockito#3160) ArrayIndexOutOfBoundsException with Version 5.3.1 [(https://redirect.github.com/mockito/mockito/issues/3000;>#3000)](https://redirect.github.com/mockito/mockito/issues/3000;>mockito/mockito#3000) Deep Stubs Incompatible With Mocking Enum [(https://redirect.github.com/mockito/mockito/issues/2984;>#2984)](https://redirect.github.com/mockito/mockito/issues/2984;>mockito/mockito#2984) Commits https://github.com/mockito/mockito/commit/aecf6b5399451690f42d5db1a0c50796d4c5c67e;>aecf6b5 Handle mismatch of number of type arguments (https://redirect.github.com/mockito/mockito/issues/3190;>#3190) https://github.com/mockito/mockito/commit/d742cc880938850619008b9de4627bc7fb3d605b;>d742cc8 Bump com.diffplug.spotless from 6.23.1 to 6.23.2
[PR] Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.1.0 to 4.8.2.0 [directory-scimple]
dependabot[bot] opened a new pull request, #432: URL: https://github.com/apache/directory-scimple/pull/432 Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.1.0 to 4.8.2.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>com.github.spotbugs:spotbugs-maven-plugin's releases. Spotbugs Maven Plugin 4.8.2.0 Supports spotbugs 4.8.2 Fix loading of onlyAnalyze classes/packages from file on multi module projects per https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/674;>#674 Force spotbugs log4j2 usage to pipe to slfj4 that we use Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/4737e86ed9903233fff2b94fbf291247d7d6e549;>4737e86 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.8.2.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/6052ca1203dec1ac2e7081c8d68711ed2279f66f;>6052ca1 [pom] Sort order of maven reporting api/impl https://github.com/spotbugs/spotbugs-maven-plugin/commit/4ed4adc650e36b523a7fea0f0ae736efa82ea340;>4ed4adc Merge pull request https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/687;>#687 from hazendaz/master https://github.com/spotbugs/spotbugs-maven-plugin/commit/8b483fc230ca0cb0748845b418371300780bcc61;>8b483fc [pom] Remove clean goal from invoker as its never existed https://github.com/spotbugs/spotbugs-maven-plugin/commit/7ef8b3a63c601c339421df4d9c113140d5f98ea5;>7ef8b3a Merge pull request https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/686;>#686 from hazendaz/master https://github.com/spotbugs/spotbugs-maven-plugin/commit/2f28d9c8582a1e0fe6811451d78c8910c8742683;>2f28d9c [GHA] For maven wrapper downloads, just use maven there to do that instead of... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c0b13b8bc210f2346607a6c5346d394897514d62;>c0b13b8 Merge pull request https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/684;>#684 from spotbugs/renovate/maven-3.x https://github.com/spotbugs/spotbugs-maven-plugin/commit/1df4aadae58a74ce8c8b9d4ebc480cbac7dd37fb;>1df4aad Merge pull request https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/685;>#685 from spotbugs/renovate/mavenversion https://github.com/spotbugs/spotbugs-maven-plugin/commit/db1181d74dbb05da721d6781a781fa84dc5af482;>db1181d Update mavenVersion to v3.9.6 https://github.com/spotbugs/spotbugs-maven-plugin/commit/22ff278bb21ca2ae91af8a76b7f0507447ed2ac1;>22ff278 Update dependency maven to v3.9.6 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.1.0...spotbugs-maven-plugin-4.8.2.0;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:
Re: [PR] Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.1 [directory-scimple]
dependabot[bot] closed pull request #424: Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.1 URL: https://github.com/apache/directory-scimple/pull/424 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.2 [directory-scimple]
dependabot[bot] opened a new pull request, #431: URL: https://github.com/apache/directory-scimple/pull/431 Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 8.4.3 to 9.0.2. Release notes Sourced from https://github.com/jeremylong/DependencyCheck/releases;>org.owasp:dependency-check-maven's releases. v9.0.2 fix: remove virtual match string on NVD API Request (https://redirect.github.com/jeremylong/DependencyCheck/issues/6177;>#6177) fix: correct meta data in report after switching the NVD API (https://redirect.github.com/jeremylong/DependencyCheck/issues/6154;>#6154) fix: retry HTTP connections to NVD on 502 and 504 errors (https://redirect.github.com/jeremylong/DependencyCheck/issues/6151;>#6151) fix: Gitlab report format needs severity capitalized (https://redirect.github.com/jeremylong/DependencyCheck/issues/6182;>#6182) fix: improve JDK update version parsing (https://redirect.github.com/jeremylong/DependencyCheck/issues/6163;>#6163) fix: mute JCS logging (again) (https://redirect.github.com/jeremylong/DependencyCheck/issues/6153;>#6153) See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/72?closed=1;>changes. Version 9.0.1 fix: check java 8 update version; minimum JRE is 8 update 251 (https://redirect.github.com/jeremylong/DependencyCheck/issues/6118;>#6118) fix: add retry for failed NVD API requests (https://redirect.github.com/jeremylong/DependencyCheck/issues/6136;>#6136) docs: add default values to documentation for the NVD API Delay (https://redirect.github.com/jeremylong/DependencyCheck/issues/6135;>#6135) chore: Revert build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224 (https://redirect.github.com/jeremylong/DependencyCheck/issues/6131;>#6131) this is a breaking change for anyone that successfully created the H2 database with 9.0.0. fix: mute jcs logging (https://redirect.github.com/jeremylong/DependencyCheck/issues/6130;>#6130) docs: update NVD notice (https://redirect.github.com/jeremylong/DependencyCheck/issues/6110;>#6110) fix: Use the correct key for NVD API-Key from Maven Settings serverId (https://redirect.github.com/jeremylong/DependencyCheck/issues/6109;>#6109) See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/71?closed=1;>changes. Version 9.0.0 breaking changes: See the https://github.com/jeremylong/DependencyCheck#900-upgrade-notice;>upgrade notice feat: Utilize NVD API (https://redirect.github.com/jeremylong/DependencyCheck/issues/5978;>#5978) feat: gitlab dependency scanner report format https://redirect.github.com/jeremylong/DependencyCheck/issues/5919;>#5919 (https://redirect.github.com/jeremylong/DependencyCheck/issues/5920;>#5920) fix: Use ASCII apostrophe for console message (https://redirect.github.com/jeremylong/DependencyCheck/issues/6076;>#6076) See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/68?closed=1;>changes. Changelog Sourced from https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md;>org.owasp:dependency-check-maven's changelog. https://github.com/jereong/DependencyCheck/releases/tag/v9.0.2;>Version 9.0.2 (2023-12-01) fix: remove virtual match string on NVD API Request (https://redirect.github.com/jeremylong/DependencyCheck/issues/6177;>#6177) fix: correct meta data in report after switching the NVD API (https://redirect.github.com/jeremylong/DependencyCheck/issues/6154;>#6154) fix: retry HTTP connections to NVD on 502 and 504 errors (https://redirect.github.com/jeremylong/DependencyCheck/issues/6151;>#6151) fix: Gitlab report format needs severity capitalized (https://redirect.github.com/jeremylong/DependencyCheck/issues/6182;>#6182) fix: improve JDK update version parsing (https://redirect.github.com/jeremylong/DependencyCheck/issues/6163;>#6163) fix: mute JCS logging (again) (https://redirect.github.com/jeremylong/DependencyCheck/issues/6153;>#6153) See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/72?closed=1;>changes. https://github.com/jereong/DependencyCheck/releases/tag/v9.0.1;>Version 9.0.1 (2023-11-26) breaking changes: See the https://github.com/jeremylong/DependencyCheck#900-upgrade-notice;>upgrade notice fix: check java 8 update version; minimum JRE is 8 update 251 (https://redirect.github.com/jeremylong/DependencyCheck/issues/6118;>#6118) fix: add retry for failed NVD API requests (https://redirect.github.com/jeremylong/DependencyCheck/issues/6136;>#6136) docs: add default values to documentation for the NVD API Delay (https://redirect.github.com/jeremylong/DependencyCheck/issues/6135;>#6135) chore: Revert build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224 (https://redirect.github.com/jeremylong/DependencyCheck/issues/6131;>#6131) this is a
[PR] Bump org.glassfish.jersey:jersey-bom from 3.1.3 to 3.1.4 [directory-scimple]
dependabot[bot] opened a new pull request, #434: URL: https://github.com/apache/directory-scimple/pull/434 Bumps org.glassfish.jersey:jersey-bom from 3.1.3 to 3.1.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.1 [directory-scimple]
dependabot[bot] commented on PR #424: URL: https://github.com/apache/directory-scimple/pull/424#issuecomment-1839084575 Superseded by #431. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump version.quarkus from 3.5.3 to 3.6.0 [directory-scimple]
dependabot[bot] opened a new pull request, #430: URL: https://github.com/apache/directory-scimple/pull/430 Bumps `version.quarkus` from 3.5.3 to 3.6.0. Updates `io.quarkus.platform:quarkus-bom` from 3.5.3 to 3.6.0 Commits https://github.com/quarkusio/quarkus-platform/commit/1a2a38b6bde0124231ffe7f102a246f6e61ddd54;>1a2a38b [maven-release-plugin] prepare release 3.6.0 https://github.com/quarkusio/quarkus-platform/commit/94877d41b66d0dd2f2c2555bc3c054cc3660b12a;>94877d4 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1052;>#1052 from quarkusio/ia3andy-patch-1 https://github.com/quarkusio/quarkus-platform/commit/b5622b9a968f8163224f33ce218e2a3b4f319201;>b5622b9 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1050;>#1050 from jamesnetherton/camel-quarkus-3.6.0 https://github.com/quarkusio/quarkus-platform/commit/f381ac8221d4fbdc0c22dd23abb508577913697e;>f381ac8 Upgrade Camel Quarkus to 3.6.0 https://github.com/quarkusio/quarkus-platform/commit/1fbdf4cda8c574a7c2c4c09865799d65a19a70c9;>1fbdf4c Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1051;>#1051 from gsmet/reenable-dbz-tests https://github.com/quarkusio/quarkus-platform/commit/0ce60174b469984f6520f589ee561399be331d1d;>0ce6017 Unlist quarkus-resteasy-qute and quarkus-resteasy-reactive-qute https://github.com/quarkusio/quarkus-platform/commit/eb1c9a813a9e1c9a23728cb6006f3af9bf5523b1;>eb1c9a8 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1049;>#1049 from mkouba/add-qute-web https://github.com/quarkusio/quarkus-platform/commit/c9147a8f1588cd01cc3207b0e5b54367fff775a1;>c9147a8 Reenable Debezium tests now that SmallRye OpenTracing has been published https://github.com/quarkusio/quarkus-platform/commit/40da5f571b6834bbf853f029d655839e1cc54851;>40da5f5 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1048;>#1048 from scrocquesel/update-amz https://github.com/quarkusio/quarkus-platform/commit/9bd5bf2e5b64c37247140bbb556d11ff9e5b1093;>9bd5bf2 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1045;>#1045 from gemmellr/quarkus-qpid-jms-2.5.0 Additional commits viewable in https://github.com/quarkusio/quarkus-platform/compare/3.5.3...3.6.0;>compare view Updates `io.quarkus.platform:quarkus-maven-plugin` from 3.5.3 to 3.6.0 Commits https://github.com/quarkusio/quarkus-platform/commit/1a2a38b6bde0124231ffe7f102a246f6e61ddd54;>1a2a38b [maven-release-plugin] prepare release 3.6.0 https://github.com/quarkusio/quarkus-platform/commit/94877d41b66d0dd2f2c2555bc3c054cc3660b12a;>94877d4 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1052;>#1052 from quarkusio/ia3andy-patch-1 https://github.com/quarkusio/quarkus-platform/commit/b5622b9a968f8163224f33ce218e2a3b4f319201;>b5622b9 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1050;>#1050 from jamesnetherton/camel-quarkus-3.6.0 https://github.com/quarkusio/quarkus-platform/commit/f381ac8221d4fbdc0c22dd23abb508577913697e;>f381ac8 Upgrade Camel Quarkus to 3.6.0 https://github.com/quarkusio/quarkus-platform/commit/1fbdf4cda8c574a7c2c4c09865799d65a19a70c9;>1fbdf4c Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1051;>#1051 from gsmet/reenable-dbz-tests https://github.com/quarkusio/quarkus-platform/commit/0ce60174b469984f6520f589ee561399be331d1d;>0ce6017 Unlist quarkus-resteasy-qute and quarkus-resteasy-reactive-qute https://github.com/quarkusio/quarkus-platform/commit/eb1c9a813a9e1c9a23728cb6006f3af9bf5523b1;>eb1c9a8 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1049;>#1049 from mkouba/add-qute-web https://github.com/quarkusio/quarkus-platform/commit/c9147a8f1588cd01cc3207b0e5b54367fff775a1;>c9147a8 Reenable Debezium tests now that SmallRye OpenTracing has been published https://github.com/quarkusio/quarkus-platform/commit/40da5f571b6834bbf853f029d655839e1cc54851;>40da5f5 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1048;>#1048 from scrocquesel/update-amz https://github.com/quarkusio/quarkus-platform/commit/9bd5bf2e5b64c37247140bbb556d11ff9e5b1093;>9bd5bf2 Merge pull request https://redirect.github.com/quarkusio/quarkus-platform/issues/1045;>#1045 from gemmellr/quarkus-qpid-jms-2.5.0 Additional commits viewable in https://github.com/quarkusio/quarkus-platform/compare/3.5.3...3.6.0;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options
[PR] Bump org.mockito:mockito-core from 5.7.0 to 5.8.0 [directory-scimple]
dependabot[bot] opened a new pull request, #429: URL: https://github.com/apache/directory-scimple/pull/429 Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.7.0 to 5.8.0. Release notes Sourced from https://github.com/mockito/mockito/releases;>org.mockito:mockito-core's releases. v5.8.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 5.8.0 2023-12-01 - https://github.com/mockito/mockito/compare/v5.7.0...v5.8.0;>15 commit(s) by Andreas Turban, Mikaël Francoeur, dependabot[bot], jfrantzius https://redirect.github.com/mockito/mockito/issues/3000;>#3000: fix ArrayIndexOutOfBoundsException [(https://redirect.github.com/mockito/mockito/issues/3190;>#3190)](https://redirect.github.com/mockito/mockito/pull/3190;>mockito/mockito#3190) Bump com.diffplug.spotless from 6.23.1 to 6.23.2 [(https://redirect.github.com/mockito/mockito/issues/3188;>#3188)](https://redirect.github.com/mockito/mockito/pull/3188;>mockito/mockito#3188) Bump com.diffplug.spotless from 6.23.0 to 6.23.1 [(https://redirect.github.com/mockito/mockito/issues/3186;>#3186)](https://redirect.github.com/mockito/mockito/pull/3186;>mockito/mockito#3186) Bump actions/setup-java from 3 to 4 [(https://redirect.github.com/mockito/mockito/issues/3185;>#3185)](https://redirect.github.com/mockito/mockito/pull/3185;>mockito/mockito#3185) Apply spotless to all java projects [(https://redirect.github.com/mockito/mockito/issues/3184;>#3184)](https://redirect.github.com/mockito/mockito/pull/3184;>mockito/mockito#3184) Bump com.diffplug.spotless from 6.22.0 to 6.23.0 [(https://redirect.github.com/mockito/mockito/issues/3182;>#3182)](https://redirect.github.com/mockito/mockito/pull/3182;>mockito/mockito#3182) Fixes https://redirect.github.com/mockito/mockito/issues/3179;>#3179 : Add module for Java 21 tests. [(https://redirect.github.com/mockito/mockito/issues/3180;>#3180)](https://redirect.github.com/mockito/mockito/pull/3180;>mockito/mockito#3180) Need separate module for java 21 tests [(https://redirect.github.com/mockito/mockito/issues/3179;>#3179)](https://redirect.github.com/mockito/mockito/issues/3179;>mockito/mockito#3179) Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 [(https://redirect.github.com/mockito/mockito/issues/3176;>#3176)](https://redirect.github.com/mockito/mockito/pull/3176;>mockito/mockito#3176) Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.20 to 1.9.21 [(https://redirect.github.com/mockito/mockito/issues/3175;>#3175)](https://redirect.github.com/mockito/mockito/pull/3175;>mockito/mockito#3175) Bump versions.bytebuddy from 1.14.9 to 1.14.10 [(https://redirect.github.com/mockito/mockito/issues/3174;>#3174)](https://redirect.github.com/mockito/mockito/pull/3174;>mockito/mockito#3174) Fixes https://redirect.github.com/mockito/mockito/issues/3160;>#3160 : Fix interference between spies when spying on records. [(https://redirect.github.com/mockito/mockito/issues/3173;>#3173)](https://redirect.github.com/mockito/mockito/pull/3173;>mockito/mockito#3173) Bump com.github.ben-manes.versions from 0.49.0 to 0.50.0 [(https://redirect.github.com/mockito/mockito/issues/3172;>#3172)](https://redirect.github.com/mockito/mockito/pull/3172;>mockito/mockito#3172) Bump versions.junitJupiter from 5.10.0 to 5.10.1 [(https://redirect.github.com/mockito/mockito/issues/3169;>#3169)](https://redirect.github.com/mockito/mockito/pull/3169;>mockito/mockito#3169) Bump org.junit.platform:junit-platform-launcher from 1.10.0 to 1.10.1 [(https://redirect.github.com/mockito/mockito/issues/3168;>#3168)](https://redirect.github.com/mockito/mockito/pull/3168;>mockito/mockito#3168) Deep Stubs Incompatible With Mocking Enum [(https://redirect.github.com/mockito/mockito/issues/3167;>#3167)](https://redirect.github.com/mockito/mockito/pull/3167;>mockito/mockito#3167) Annotation-based spying on a generic class breaks existing final/inline Spies [(https://redirect.github.com/mockito/mockito/issues/3160;>#3160)](https://redirect.github.com/mockito/mockito/issues/3160;>mockito/mockito#3160) ArrayIndexOutOfBoundsException with Version 5.3.1 [(https://redirect.github.com/mockito/mockito/issues/3000;>#3000)](https://redirect.github.com/mockito/mockito/issues/3000;>mockito/mockito#3000) Deep Stubs Incompatible With Mocking Enum [(https://redirect.github.com/mockito/mockito/issues/2984;>#2984)](https://redirect.github.com/mockito/mockito/issues/2984;>mockito/mockito#2984) Commits https://github.com/mockito/mockito/commit/aecf6b5399451690f42d5db1a0c50796d4c5c67e;>aecf6b5 Handle mismatch of number of type arguments (https://redirect.github.com/mockito/mockito/issues/3190;>#3190) https://github.com/mockito/mockito/commit/d742cc880938850619008b9de4627bc7fb3d605b;>d742cc8 Bump com.diffplug.spotless from 6.23.1 to 6.23.2
[PR] Bump com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.2 [directory-kerby]
dependabot[bot] opened a new pull request, #290:
URL: https://github.com/apache/directory-kerby/pull/290
Bumps
[com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt)
from 9.37.1 to 9.37.2.
Changelog
Sourced from https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt;>com.nimbusds:nimbus-jose-jwt's
changelog.
version 1.0 (2012-03-01)
First version based on the OpenInfoCard JWT, JWS and JWE code base.
version 1.1 (2012-03-06)
Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
Refactors the JWT class.
version 1.2 (2012-03-08)
Moves JWS and JWE code into separate classes.
version 1.3 (2012-03-09)
Switches to Apache Commons Codec for Base64URL encoding and decoding
Consolidates the crypto utilities within the package.
Introduces a JWT content serialiser class.
version 1.4 (2012-03-09)
Refactoring of JWT class and JUnit tests.
version 1.5 (2012-03-18)
Switches to JSON Smart for JSON serialisation and parsing.
Introduces claims set class with JSON objects, string, Base64URL and
byte array views.
version 1.6 (2012-03-20)
Creates class for representing, serialising and parsing JSON Web Keys
(JWK).
Introduces separate class for representing JWT headers.
version 1.7 (2012-04-01)
Introduces separate classes for plain, JWS and JWE headers.
Introduces separate classes for plain, signed and encrypted JWTs.
Removes the JWTContent class.
Removes password-based (PE820) encryption support.
version 1.8 (2012-04-03)
Adds support for the ZIP JWE header parameter.
Removes unsupported algorithms from the JWA enumeration.
version 1.9 (2012-04-03)
Renames JWEHeader.{get|set}EncryptionAlgorithm() to
JWEHeader.{get|set}EncryptionMethod().
version 1.9.1 (2012-04-03)
Upgrades JSON Smart JAR to 1.1.1.
version 1.10 (2012-04-14)
Introduces serialize() method to base abstract JWT class.
version 1.11 (2012-05-13)
JWT.serialize() throws checked JWTException instead of
... (truncated)
Commits
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/8c8135890907c9b1c0a6ae1633598e91c1a9c726;>8c81358
[maven-release-plugin] prepare for next development iteration
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77ec5ec4b16c3fe12d4977c683db845ffde3;>3b3b77e
The PasswordBasedDecrypter (PBKDF2) must enforce a limit on the maximum
allow...
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/e283ea02909e00645a622f16977659f8a7ba5b00;>e283ea0
[maven-release-plugin] prepare release 9.37.2
See full diff in https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.2..9.37.1;>compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To
[PR] Bump actions/setup-java from 3.13.0 to 4.0.0 [directory-kerby]
dependabot[bot] opened a new pull request, #289: URL: https://github.com/apache/directory-kerby/pull/289 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3.13.0 to 4.0.0. Release notes Sourced from https://github.com/actions/setup-java/releases;>actions/setup-java's releases. v4.0.0 What's Changed In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16. Breaking changes Update Node.js runtime to version 20 by https://github.com/aparnajyothi-y;>@aparnajyothi-y in https://redirect.github.com/actions/setup-java/pull/558;>actions/setup-java#558 Non-breaking changes Adding support for microsoft openjdk 21.0.0 by https://github.com/ralfstuckert;>@ralfstuckert in https://redirect.github.com/actions/setup-java/pull/546;>actions/setup-java#546 Update @actions/cache dependency and documentation by https://github.com/IvanZosimov;>@IvanZosimov in https://redirect.github.com/actions/setup-java/pull/549;>actions/setup-java#549 Implementation of the cache-dependency-path option to control caching dependency by https://github.com/itchyny;>@itchyny in https://redirect.github.com/actions/setup-java/pull/499;>actions/setup-java#499 New Contributors https://github.com/ralfstuckert;>@ralfstuckert made their first contribution in https://redirect.github.com/actions/setup-java/pull/546;>actions/setup-java#546 https://github.com/itchyny;>@itchyny made their first contribution in https://redirect.github.com/actions/setup-java/pull/499;>actions/setup-java#499 Full Changelog: https://github.com/actions/setup-java/compare/v3...v4.0.0;>https://github.com/actions/setup-java/compare/v3...v4.0.0 Commits https://github.com/actions/setup-java/commit/387ac29b308b003ca37ba93a6cab5eb57c8f5f93;>387ac29 Upgrade Node to v20 (https://redirect.github.com/actions/setup-java/issues/558;>#558) https://github.com/actions/setup-java/commit/9eda6b51cc4f6ee99be3dd5537b85e389e47bda9;>9eda6b5 feat: implement cache-dependency-path option to control caching dependency (#... https://github.com/actions/setup-java/commit/78078da0cd035d0d177cc2cb696e05d96fba7d11;>78078da Update @actions/cache dependency and documentation (https://redirect.github.com/actions/setup-java/issues/549;>#549) https://github.com/actions/setup-java/commit/5caaba646e214abb5c4c808eb8fe13db519ab757;>5caaba6 add support for microsoft openjdk 21.0.0 (https://redirect.github.com/actions/setup-java/issues/546;>#546) See full diff in https://github.com/actions/setup-java/compare/0ab4596768b603586c0de567f2430c30f5b0d2b0...387ac29b308b003ca37ba93a6cab5eb57c8f5f93;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific
