Re: [PR] Link to CVE-2024-34365 notes [karaf-site]
jbonofre merged PR #73: URL: https://github.com/apache/karaf-site/pull/73 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Link to CVE-2024-34365 notes [karaf-site]
raboof opened a new pull request, #73: URL: https://github.com/apache/karaf-site/pull/73 Follow-up on #72, didn't notice these had to be linked -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Publish CVE-2024-34365 [karaf-site]
jbonofre commented on PR #72: URL: https://github.com/apache/karaf-site/pull/72#issuecomment-2095986025 I will publish the website. Thanks ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Publish CVE-2024-34365 [karaf-site]
jbonofre merged PR #72: URL: https://github.com/apache/karaf-site/pull/72 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Publish CVE-2024-34365 [karaf-site]
raboof opened a new pull request, #72: URL: https://github.com/apache/karaf-site/pull/72 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-winegrower] dependabot[bot] opened a new pull request, #32: Bump org.apache.commons:commons-text from 1.9 to 1.10.0 in /winegrower-extension/winegrower-build/winegrower-build-common
dependabot[bot] opened a new pull request, #32: URL: https://github.com/apache/karaf-winegrower/pull/32 Bumps org.apache.commons:commons-text from 1.9 to 1.10.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-winegrower/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-winegrower] dependabot[bot] opened a new pull request, #33: Bump org.apache.commons:commons-compress from 1.20 to 1.21 in /winegrower-extension/winegrower-build/winegrower-build-common
dependabot[bot] opened a new pull request, #33: URL: https://github.com/apache/karaf-winegrower/pull/33 Bumps org.apache.commons:commons-compress from 1.20 to 1.21. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-winegrower/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-minho] dependabot[bot] opened a new pull request, #47: Bump johnzon-mapper from 1.2.19 to 1.2.21 in /tooling/common
dependabot[bot] opened a new pull request, #47: URL: https://github.com/apache/karaf-minho/pull/47 Bumps johnzon-mapper from 1.2.19 to 1.2.21. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-minho/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-winegrower] dependabot[bot] opened a new pull request, #31: Bump guava from 29.0-jre to 32.0.0-jre
dependabot[bot] opened a new pull request, #31: URL: https://github.com/apache/karaf-winegrower/pull/31 Bumps [guava](https://github.com/google/guava) from 29.0-jre to 32.0.0-jre. Release notes Sourced from https://github.com/google/guava/releases";>guava's releases. 32.0.0 MavenJar files https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar";>32.0.0-jre.jar https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar";>32.0.0-android.jar Guava requires https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies";>one runtime dependency, which you can download here: https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar";>failureaccess-1.0.1.jar Javadoc http://guava.dev/releases/32.0.0-jre/api/docs/";>32.0.0-jre http://guava.dev/releases/32.0.0-android/api/docs/";>32.0.0-android JDiff http://guava.dev/releases/32.0.0-jre/api/diffs/";>32.0.0-jre vs. 31.1-jre http://guava.dev/releases/32.0.0-android/api/diffs/";>32.0.0-android vs. 31.1-android http://guava.dev/releases/32.0.0-android/api/androiddiffs/";>32.0.0-android vs. 32.0.0-jre Changelog Security fixes Reimplemented Files.createTempDir and FileBackedOutputStream to further address CVE-2020-8908 (https://redirect.github.com/google/guava/issues/4011";>#4011) and CVE-2023-2976 (https://redirect.github.com/google/guava/issues/2575";>#2575). (feb83a1c8f) While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in https://github.com/google/guava/releases/tag/v30.0";>Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to https://github.com/google/guava/releases/tag/v32.0.1";>32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while w e https://github.com/google/guava#important-warnings";>warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble. Incompatible changes Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact. One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations: The new implementations of Files.createTempDir and FileBackedOutputStream https://redirect.github.com/google/guava/issues/6535";>throw an exception under Windows. This is fixed in https://github.com/google/guava/releases/tag/v32.0.1";>32.0.1. Sorry for the trouble. This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435) This release adds two methods to the Android flavor of Guava: Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). Those methods do not work under an Android VM; we added them only to help our tests of the Android flavor (since we also run those tests under a JRE). Android VMs tolerate such methods as long as the app does not call them or perform reflection on them, and builds tolerate them because of our new Proguard configurations (discussed below). Thus, we expect no impact to most users. However, we could imagine build problems for users who have set up their own build system for the Android flavor of Guava. Please report any problems so that we can judge how safely we might be able to add other methods to the Android flavor in the future, such as APIs that use Java 8 classes like Stream. (b30e73cfa81ad15c1023c17cfd083255a3df0105) ... (truncated) Commits See full diff in https://github.com/google/guava/commits";>compare view [ from 11.0.12 to 11.0.14. Release notes Sourced from https://github.com/eclipse/jetty.project/releases";>jetty-server's releases. 11.0.14 Special Thanks to the following Eclipse Jetty community members https://github.com/pzygielo";>@pzygielo (Piotrek Żygieło) https://github.com/jluehe";>@jluehe (jluehe) https://github.com/dzoech";>@dzoech (Dominik Zöchbauer) Changelog https://redirect.github.com/eclipse/jetty.project/issues/9344";>#9344 - Cleanup Multipart handling for CVE-2023-26048 https://redirect.github.com/eclipse/jetty.project/issues/9343";>#9343 - URI Host Mismatch with optional Compliance modes https://redirect.github.com/eclipse/jetty.project/issues/9339";>#9339 - Cleanup Cookie Cutter handling for CVE-2023-26049 https://redirect.github.com/eclipse/jetty.project/issues/9337";>#9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (https://github.com/jluehe";>@jluehe) https://redirect.github.com/eclipse/jetty.project/issues/9334";>#9334 - Better support for Cookie RFC 2965 compliance https://redirect.github.com/eclipse/jetty.project/issues/9285";>#9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain https://redirect.github.com/eclipse/jetty.project/issues/9283";>#9283 - Configurable Unsafe Host Header Behaviors https://redirect.github.com/eclipse/jetty.project/issues/9188";>#9188 - Log as info exceptions from server after sending stop with StopMojo. https://redirect.github.com/eclipse/jetty.project/issues/9183";>#9183 - ConnectHandler may close the connection instead of sending 200 OK https://redirect.github.com/eclipse/jetty.project/issues/9181";>#9181 java.lang.NullPointerException in SessionHandler.checkRequestedSessionId() https://redirect.github.com/eclipse/jetty.project/issues/9128";>#9128 - Do not execute any phase for maven plugin :start (https://github.com/pzygielo";>@pzygielo) https://redirect.github.com/eclipse/jetty.project/issues/9119";>#9119 - Wrong value of javax.servlet.forward.context_path attribute https://redirect.github.com/eclipse/jetty.project/issues/9092";>#9092 - Use ASM Bom https://redirect.github.com/eclipse/jetty.project/issues/9059";>#9059 - IteratingCallback not serializing close() and failed() https://redirect.github.com/eclipse/jetty.project/issues/9055";>#9055 - PathMappings optimizations https://redirect.github.com/eclipse/jetty.project/issues/7650";>#7650 - QueuedThreadPool: Stopped without executing or closing null (https://github.com/dzoech";>@dzoech) Dependencies https://redirect.github.com/eclipse/jetty.project/issues/9271";>#9271 - Bump infinispan-bom to 11.0.17.Final https://redirect.github.com/eclipse/jetty.project/issues/9359";>#9359 - Bump maven.version to 3.9.0 https://redirect.github.com/eclipse/jetty.project/issues/9375";>#9375 - Bump jakarta.servlet.jsp-api to 3.1.1 https://redirect.github.com/eclipse/jetty.project/issues/9102";>#9102 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.6 https://redirect.github.com/eclipse/jetty.project/issues/9098";>#9098 - Bump org.eclipse.osgi to 3.18.200 https://redirect.github.com/eclipse/jetty.project/issues/9106";>#9106 - Bump org.eclipse.osgi.services to 3.11.100 https://redirect.github.com/eclipse/jetty.project/issues/9097";>#9097 - Bump protostream to 4.6.0.Final https://redirect.github.com/eclipse/jetty.project/issues/9367";>#9367 - Bump tycho-p2-repository-plugin to 3.0.2 11.0.13 Special Thanks to the following Eclipse Jetty community members https://github.com/janvojt";>@janvojt (Jan Vojt) https://github.com/joschi";>@joschi (Jochen Schalanda) https://github.com/leonchen83";>@leonchen83 (Baoyi Chen) https://github.com/cowwoc";>@cowwoc (Gili Tzabari) https://github.com/Vlatombe";>@Vlatombe (Vincent Latombe) Changelog https://redirect.github.com/eclipse/jetty.project/issues/9006";>#9006 - WebSocket Message InputStream read() returns signed byte ... (truncated) Commits https://github.com/eclipse/jetty.project/commit/4601fe8dd805ce75b69c64466c115a162586641b";>4601fe8 Updating to version 11.0.14 https://github.com/eclipse/jetty.project/commit/5e1f579f723b9b52e4837e3ee5e0b01f0f515110";>5e1f579 revert upgrade from 3aaa65c45a1e783cbc76fca04dd7a545cfa5597b https://github.com/eclipse/jetty.project/commit/135f14f0d06cd52664499013785bf657465139d4";>135f14f Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x https://github.com/eclipse/jetty.project/commit/b7075161d015ddce23fbf3db873d5f6b539f6a6b";>b707516 Fix osgi dependencies for update to org.eclipse.osgi.services. https://
[GitHub] [karaf-site] jbonofre merged pull request #71: Move Karaf Cave subproject to Attic
jbonofre merged PR #71: URL: https://github.com/apache/karaf-site/pull/71 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-boot] dependabot[bot] opened a new pull request, #2: Bump junit from 4.12 to 4.13.1 in /tools/karaf-boot-maven-plugin
dependabot[bot] opened a new pull request, #2: URL: https://github.com/apache/karaf-boot/pull/2 Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases";>junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md";>release notes for details. JUnit 4.13 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.md";>release notes for details. JUnit 4.13 RC 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 RC 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 3 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66";>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2";>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24";>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567";>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9";>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944";>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae";>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec";>b6cfd1e Explicitly wrap float parameter for consistency (https://redirect.github.com/junit-team/junit4/issues/1671";>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646";>a5d205c Fix GitHub link in FAQ (https://redirect.github.com/junit-team/junit4/issues/1672";>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8";>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://redirect.github.com/junit-team/junit4/issues/1660";>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.12...r4.13.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-boot/network/aler
[GitHub] [karaf-boot] dependabot[bot] opened a new pull request, #1: Bump junit from 4.12 to 4.13.1 in /starters/karaf-boot-starter-jpa
dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/karaf-boot/pull/1 Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases";>junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md";>release notes for details. JUnit 4.13 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.md";>release notes for details. JUnit 4.13 RC 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 RC 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 3 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66";>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2";>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24";>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567";>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9";>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944";>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae";>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec";>b6cfd1e Explicitly wrap float parameter for consistency (https://redirect.github.com/junit-team/junit4/issues/1671";>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646";>a5d205c Fix GitHub link in FAQ (https://redirect.github.com/junit-team/junit4/issues/1672";>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8";>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://redirect.github.com/junit-team/junit4/issues/1660";>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.12...r4.13.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-boot/network/aler
[GitHub] [karaf-site] jbonofre commented on pull request #71: Move Karaf Cave subproject to Attic
jbonofre commented on PR #71: URL: https://github.com/apache/karaf-site/pull/71#issuecomment-1510051269 Doing a new local pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] fpapon opened a new pull request, #71: Move Karaf Cave subproject to Attic
fpapon opened a new pull request, #71: URL: https://github.com/apache/karaf-site/pull/71 As discuss on the mailing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-webconsole] dependabot[bot] opened a new pull request, #4: Bump junit from 4.8.2 to 4.13.1
dependabot[bot] opened a new pull request, #4: URL: https://github.com/apache/karaf-webconsole/pull/4 Bumps [junit](https://github.com/junit-team/junit4) from 4.8.2 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases";>junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md";>release notes for details. JUnit 4.13 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.md";>release notes for details. JUnit 4.13 RC 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 RC 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 3 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 2 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.13 Beta 1 Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes";>release notes for details. JUnit 4.12 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.12.md";>release notes for details. JUnit 4.12 Beta 3 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.12.md";>release notes for details. JUnit 4.12 Beta 2 No release notes provided. JUnit 4.12 Beta 1 No release notes provided. JUnit 4.11 No release notes provided. Changelog Sourced from https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md";>junit's changelog. Summary of changes in version 4.13.1 Rules Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp";>security advisory for details. Test Runners [Pull request https://redirect.github.com/junit-team/junit4/issues/1669";>#1669:](https://redirect.github.com/junit-team/junit/pull/1669";>junit-team/junit#1669) Make FrameworkField constructor public Prior to this change, custom runners could make FrameworkMethod instances, but not FrameworkField instances. This small change allows for both now, because FrameworkField's constructor has been promoted from package-private to public. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66";>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2";>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24";>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567";>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9";>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944";>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae";>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec";>b6cfd1e Explicitly wrap float parameter for consistency (https://redirect.github.com/junit-team/junit4/issues/1671";>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646";>a5d205c Fix GitHub link in FAQ (https://redirect.github.com/junit-team/junit4/issues/1672";>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8";>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://redirect.github.com/junit-team/junit4/issues/1660";>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.8.2...r4.13.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
[GitHub] [karaf-webconsole] dependabot[bot] opened a new pull request, #3: Bump scala-compiler from 2.9.1 to 2.10.7
dependabot[bot] opened a new pull request, #3:
URL: https://github.com/apache/karaf-webconsole/pull/3
Bumps [scala-compiler](https://github.com/scala/scala) from 2.9.1 to 2.10.7.
Release notes
Sourced from https://github.com/scala/scala/releases";>scala-compiler's
releases.
Scala 2.10.7 is a maintenance release to bring (partial) Java 9 support
to the sbt 0.13 series. A total of https://github.com/scala/scala/pulls?q=milestone%3A2.10.7+is%3Amerged";>three
pending backports were merged.
This release addresses (https://redirect.github.com/scala/scala/issues/6128";>#6128) a http://scala-lang.org/news/security-update-nov17.html";>privilege
escalation vulnerability that was identified in the Scala
compilation daemon CVE-2017-15288.
We strongly encourage you to upgrade to the latest stable version of
Scala 2.12.x, as the 2.10.x series is no longer actively maintained.
There is a https://redirect.github.com/scala/bug/issues/10603";>known bug on Java 9
involving the repl: the workaround is to launch it as scala
-nobootcp.
More information about the Scala 2.10 series is available in the https://github.com/scala/scala/releases/v2.10.4";>release notes for Scala
2.10.4. A few more bugs were fixed since then in https://github.com/scala/bug/milestone/80?closed=1";>2.10.5.
Scala 2.10.6 https://redirect.github.com/scala/scala/pull/4557";>resolves a license
incompatibility in scala.util.Sorting, but is otherwise identical to Scala
2.10.5. A total of https://github.com/scala/scala/pulls?q=milestone%3A2.10.6+is%3Aclosed";>three
pending backports were merged.
We strongly encourage you to upgrade to the latest stable version of
Scala 2.11.x, as the 2.10.x series is no longer actively maintained.
Scala IDE
The current release of Scala IDE supports any 2.10.x release, and is
available on the http://scala-ide.org/download/sdk.html";>download
site.
Release Notes for the Scala 2.10 Series
The release notes for the Scala 2.10 series, which also apply to the
current minor release, are available in the http://scala-lang.org/news/2.10.4";>release notes for Scala 2.10.4.
They contain important information such as:
The specification of binary compatibility between minor releases.
Details on new features, important changes and deprecations in Scala
2.10.
Scala 2.10.4
The release is available for download from http://scala-lang.org/download/2.10.4.html";>scala-lang.org or from http://search.maven.org/#search%7Cga%7C1%7Cg%3Aorg.scala-lang%20AND%20v%3A2.10.4";>Maven
Central.
Scala IDE for Eclipse
The Scala IDE with this release built right in is available through the
following update-site for Eclipse 4.2/4.3 (Juno/Kepler):
Development version (Scala IDE 3.0.3-rc3 on Scala 2.10.4)
Stable version (will have 2.10.4 as soon as Scala IDE 3.0.3-vfinal is
released)
Have a look at the http://scala-ide.org/docs/user/gettingstarted.html";>getting started
guide for more info.
New features in the 2.10 series
Since 2.10.4 is strictly a bug-fix release, here's an overview of the
most prominent new features and improvements as introduced in 2.10.0:
Value Classes
A class may now extend AnyVal to make it behave like a
struct type (restrictions apply).
http://docs.scala-lang.org/overviews/core/value-classes.html";>http://docs.scala-lang.org/overviews/core/value-classes.html
Implicit Classes
The implicit modifier now also applies to class definitions to reduce
the boilerplate of implicit wrappers.
http://docs.scala-lang.org/sips/pending/implicit-classes.html";>http://docs.scala-lang.org/sips/pending/implicit-classes.html
String Interpolation
val what = "awesome"; println(s"string
interpolation is ${what.toUpperCase}!")
http://docs.scala-lang.org/overviews/core/string-interpolation.html";>http://docs.scala-lang.org/overviews/core/string-interpolation.html
Futures and Promises
Asynchronously get some JSON: for (req <-
WS.url(restApiUrl).get()) yield (req.json \
"users").as[List[User]] (uses play!)
http://docs.scala-lang.org/overviews/core/futures.html";>http://docs.scala-lang.org/overviews/core/futures.html
Dynamic and applyDynamic
... (truncated)
Commits
https://github.com/scala/scala/commit/89e57bc7ad4a1809864b637617456736fd7b8101";>89e57bc
Merge pull request https://redirect.github.com/scala/scala/issues/6113";>#6113 from
retronym/backport/reflection
https://github.com/scala/scala/commit/4b848761c3791b161c43ee80feb4c0c03d7a5dd7";>4b84876
Move ASM sources back to the original location
https://github.com/scala/scala/commit/2ae75e97db0857f0babbfc7cfee0dbd32baec2f0";>2ae75e9
Fixup cherrypick of test case
https://github.com/scala/scala/commit/7e1a4b94ad5a7fc251424a1caed7bf9009e39599";>7e1a4b9
Add MiMa whitelist entries
https://github.com/scala/scala/commit/efbd9d582fdf6a31dd1f6c02ec1c997213057ca1";
[GitHub] [karaf-webconsole] dependabot[bot] commented on pull request #1: Bump camel-core from 2.6.0 to 2.24.0
dependabot[bot] commented on PR #1: URL: https://github.com/apache/karaf-webconsole/pull/1#issuecomment-1509238828 Superseded by #2. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-webconsole] dependabot[bot] closed pull request #1: Bump camel-core from 2.6.0 to 2.24.0
dependabot[bot] closed pull request #1: Bump camel-core from 2.6.0 to 2.24.0 URL: https://github.com/apache/karaf-webconsole/pull/1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-webconsole] dependabot[bot] opened a new pull request, #2: Bump camel-core from 2.6.0 to 3.2.0
dependabot[bot] opened a new pull request, #2: URL: https://github.com/apache/karaf-webconsole/pull/2 Bumps camel-core from 2.6.0 to 3.2.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-webconsole/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-reactive-components] dependabot[bot] opened a new pull request, #3: Bump camel-core from 2.19.2 to 3.2.0 in /rcomp-camel
dependabot[bot] opened a new pull request, #3: URL: https://github.com/apache/karaf-reactive-components/pull/3 Bumps camel-core from 2.19.2 to 3.2.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/karaf-reactive-components/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-minho] jbonofre commented on issue #45: Add `minho-telemetry` service
jbonofre commented on issue #45: URL: https://github.com/apache/karaf-minho/issues/45#issuecomment-1485069762 I'm thinking about new Minho annotations. These ones would allow to create span implicitely. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-minho] fpapon commented on issue #45: Add `minho-telemetry` service
fpapon commented on issue #45: URL: https://github.com/apache/karaf-minho/issues/45#issuecomment-1485064505 @jbonofre can you explain more detail about this issue? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] jbonofre merged pull request #70: Fix Deploy header in README.md
jbonofre merged PR #70: URL: https://github.com/apache/karaf-site/pull/70 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] jbonofre merged pull request #69: Use HTTPS download links
jbonofre merged PR #69: URL: https://github.com/apache/karaf-site/pull/69 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] jbonofre commented on pull request #69: Use HTTPS download links
jbonofre commented on PR #69: URL: https://github.com/apache/karaf-site/pull/69#issuecomment-1435904177 @wborn yes, it's a good idea. Thanks ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] wborn commented on pull request #69: Use HTTPS download links
wborn commented on PR #69: URL: https://github.com/apache/karaf-site/pull/69#issuecomment-1435715282 WDYT @jbonofre? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
