[VOTE] Release Apache Sling Content-Package to Feature Model Converter 1.1.16
Hi, we solved 8 issues in this release https://issues.apache.org/jira/projects/SLING/versions/12351486 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2638/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2638 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
[GitHub] [sling-org-apache-sling-adapter-annotations] sonarcloud[bot] commented on pull request #3: Bump groovy from 3.0.6 to 3.0.7
sonarcloud[bot] commented on PR #3: URL: https://github.com/apache/sling-org-apache-sling-adapter-annotations/pull/3#issuecomment-1128256576 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-adapter-annotations=3) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-adapter-annotations=3=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-adapter-annotations=3=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-adapter-annotations=3=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-adapter-annotations=3=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-adapter-annotations=3) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-adapter-annotations=3=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-adapter-annotations=3=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-adapter-annotations] dependabot[bot] opened a new pull request, #3: Bump groovy from 3.0.6 to 3.0.7
dependabot[bot] opened a new pull request, #3: URL: https://github.com/apache/sling-org-apache-sling-adapter-annotations/pull/3 Bumps [groovy](https://github.com/apache/groovy) from 3.0.6 to 3.0.7. Commits See full diff in https://github.com/apache/groovy/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-adapter-annotations/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-scripting-bundle-tracker-it] dependabot[bot] opened a new pull request, #6: build(deps-dev): bump jsoup from 1.7.3 to 1.14.2 in /it
dependabot[bot] opened a new pull request, #6: URL: https://github.com/apache/sling-org-apache-sling-scripting-bundle-tracker-it/pull/6 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.7.3 to 1.14.2. Release notes Sourced from https://github.com/jhy/jsoup/releases;>jsoup's releases. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements. See the https://jsoup.org/news/release-1.14.2;>release announcement for the full changelog. jsoup 1.14.1 jsoup 1.14.1 is out now, with simple request session management, increased parse robustness, and a ton of other improvements, speed-ups, and bug fixes. See the full https://jsoup.org/news/release-1.14.1;>announcement for all the details on what's changed. jsoup 1.13.1 See the https://jsoup.org/news/release-1.13.1;>release notes. dependency !-- jsoup HTML parser library @ https://jsoup.org/ -- groupIdorg.jsoup/groupId artifactIdjsoup/artifactId version1.13.1/version /dependency jsoup-1.12.2 No release notes provided. Changelog Sourced from https://github.com/jhy/jsoup/blob/master/CHANGES;>jsoup's changelog. jsoup changelog *** Release 1.15.1 [2022-May-15] Change: removed previously deprecated methods and classes (including org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist instead). Improvement: when converting jsoup Documents to W3C Documents in W3CDom, preserve HTML valid attribute names if the input document is using the HTML syntax. (Previously, would always coerce using the more restrictive XML syntax.) https://github-redirect.dependabot.com/jhy/jsoup/pull/1648;>jhy/jsoup#1648 Improvement: added the :containsWholeText(text) selector, to match against non-normalized Element text. That can be useful when elements can only be distinguished by e.g. specific case, or leading whitespace, etc. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: added Element#wholeOwnText() to retrieve the original (non-normalized) ownText of an Element. Also added the :containsWholeOwnText(text) selector, to match against that. BR elements are now treated as newlines in the wholeText methods. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: added the :matchesWholeText(regex) and :matchesWholeOwnText(regex) selectors, to match against whole (non-normalized, case sensitive) element text and own text, respectively. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: when evaluating an XPath query against a context element, the complete document is now visible to the query, vs only the context element's sub-tree. This enables support for queries outside (parent or sibling) the element, e.g. ancestor-or-self::*. https://github-redirect.dependabot.com/jhy/jsoup/issues/1652;>jhy/jsoup#1652 Improvement: allow a maxPaddingWidth on the indent level in OutputSettings when pretty printing. This defaults to 30 to limit the indent level for very deeply nested elements, and may be disabled by setting to -1. https://github-redirect.dependabot.com/jhy/jsoup/pull/1655;>jhy/jsoup#1655 Improvement: when cloning a Node or an Element, the clone gets a cloned OwnerDocument containing only that clone, so as to preserve applicable settings, such as the Pretty Print settings. https://github-redirect.dependabot.com/jhy/jsoup/issues/763;>jhy/jsoup#763 Improvement: added a convenience method Jsoup.parse(File). https://github-redirect.dependabot.com/jhy/jsoup/issues/1693;>jhy/jsoup#1693 Improvement: in the NodeTraversor, added default implementations for NodeVisitor.tail() and NodeFilter.tail(), so that code using only head() methods can be written as lambdas. Improvement: in NodeTraversor, added support for removing nodes via Node.remove() during NodeVisitor.head(). https://github-redirect.dependabot.com/jhy/jsoup/issues/1699;>jhy/jsoup#1699 Improvement: added Node.forEachNode(Consumer) and Element.forEach(ConsumerElement) methods, to efficiently traverse the DOM with a functional interface. https://github-redirect.dependabot.com/jhy/jsoup/issues/1700;>jhy/jsoup#1700 Bugfix: boolean attribute names should be case-insensitive, but were not when the parser was configured to preserve ... (truncated) Commits https://github.com/jhy/jsoup/commit/19c77325c9abb6f8b8b65034470e15faad6ce822;>19c7732 [maven-release-plugin] prepare release jsoup-1.14.2 https://github.com/jhy/jsoup/commit/acde180f094e2749d22034916cb35914289e521a;>acde180
[GitHub] [sling-org-apache-sling-commons-log] sonarcloud[bot] commented on pull request #10: Bump commons-io from 2.4 to 2.7
sonarcloud[bot] commented on PR #10: URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/10#issuecomment-1128013296 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-commons-log=10) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-commons-log=10=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-commons-log=10=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-commons-log=10=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-commons-log=10=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-commons-log=10=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-commons-log=10=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-commons-log=10=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-servlets-post] sonarcloud[bot] commented on pull request #18: Bump commons-io from 2.4 to 2.7
sonarcloud[bot] commented on PR #18: URL: https://github.com/apache/sling-org-apache-sling-servlets-post/pull/18#issuecomment-1128011646 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-servlets-post=18) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-post=18=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-post=18=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-post=18=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-post=18=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-post=18=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-post=18=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-post=18=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] commented on pull request #18: Bump commons-io from 2.4 to 2.7
sonarcloud[bot] commented on PR #18: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/18#issuecomment-1128008300 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-repoinit-parser=18) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser=18=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser=18=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser=18=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser=18=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser=18=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser=18=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser=18=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-slingstart-maven-plugin] sonarcloud[bot] commented on pull request #7: Bump commons-io from 2.6 to 2.7
sonarcloud[bot] commented on PR #7: URL: https://github.com/apache/sling-slingstart-maven-plugin/pull/7#issuecomment-1128008249 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-slingstart-maven-plugin=7) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-slingstart-maven-plugin=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-slingstart-maven-plugin=7=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-slingstart-maven-plugin=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-slingstart-maven-plugin=7=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-slingstart-maven-plugin=7=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-slingstart-maven-plugin=7=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-slingstart-maven-plugin=7=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-app-cms] dependabot[bot] opened a new pull request, #19: Bump async from 3.2.0 to 3.2.3 in /it
dependabot[bot] opened a new pull request, #19: URL: https://github.com/apache/sling-org-apache-sling-app-cms/pull/19 Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3. Changelog Sourced from https://github.com/caolan/async/blob/master/CHANGELOG.md;>async's changelog. v3.2.3 Fix bugs in comment parsing in autoInject. (https://github-redirect.dependabot.com/caolan/async/issues/1767;>#1767, https://github-redirect.dependabot.com/caolan/async/issues/1780;>#1780) v3.2.2 Fix potential prototype pollution exploit v3.2.1 Use queueMicrotask if available to the environment (https://github-redirect.dependabot.com/caolan/async/issues/1761;>#1761) Minor perf improvement in priorityQueue (https://github-redirect.dependabot.com/caolan/async/issues/1727;>#1727) More examples in documentation (https://github-redirect.dependabot.com/caolan/async/issues/1726;>#1726) Various doc fixes (https://github-redirect.dependabot.com/caolan/async/issues/1708;>#1708, https://github-redirect.dependabot.com/caolan/async/issues/1712;>#1712, https://github-redirect.dependabot.com/caolan/async/issues/1717;>#1717, https://github-redirect.dependabot.com/caolan/async/issues/1740;>#1740, https://github-redirect.dependabot.com/caolan/async/issues/1739;>#1739, https://github-redirect.dependabot.com/caolan/async/issues/1749;>#1749, https://github-redirect.dependabot.com/caolan/async/issues/1756;>#1756) Improved test coverage (https://github-redirect.dependabot.com/caolan/async/issues/1754;>#1754) Commits https://github.com/caolan/async/commit/62943cac64876328780792319a37da7f7b3966dd;>62943ca Version 3.2.3 https://github.com/caolan/async/commit/d2c9d51ebc1a43385449eb1a5192067f9442ac94;>d2c9d51 Update built files https://github.com/caolan/async/commit/de8d4c425f5c1b59c3b1a3ef9bdb325e50fc3816;>de8d4c4 Update changelog for v3.2.3 https://github.com/caolan/async/commit/b015d34178801b8c717034f737927165007b07b4;>b015d34 fix: address edge case in comment stripping (https://github-redirect.dependabot.com/caolan/async/issues/1780;>#1780) https://github.com/caolan/async/commit/e27aaab6cb5278ce312a673852bc962afa1ae233;>e27aaab chore: remove unused Travis CI config (https://github-redirect.dependabot.com/caolan/async/issues/1781;>#1781) https://github.com/caolan/async/commit/a038c8fb26419b35e2524564f7852c899ddd2251;>a038c8f ci: setup GitHub Actions (https://github-redirect.dependabot.com/caolan/async/issues/1782;>#1782) https://github.com/caolan/async/commit/e74bd18406e6511ca3da9d67d971d9b50dd9d8e8;>e74bd18 Core: const, let, arrow-fn and unused variables (https://github-redirect.dependabot.com/caolan/async/issues/1776;>#1776) https://github.com/caolan/async/commit/2ee673f5af40bdbbec4ce21d81147e946b75d55a;>2ee673f Housekeeping (https://github-redirect.dependabot.com/caolan/async/issues/1772;>#1772) https://github.com/caolan/async/commit/cdfb4917e6028c8f966276d6e792018c7fd2ae3c;>cdfb491 Fix an inefficient regex in autoInject (https://github-redirect.dependabot.com/caolan/async/issues/1767;>#1767) https://github.com/caolan/async/commit/bb41f2a59aa41af0b906f0cb9a11ffa6332e56dd;>bb41f2a be explicit (https://github-redirect.dependabot.com/caolan/async/issues/1769;>#1769) Additional commits viewable in https://github.com/caolan/async/compare/v3.2.0...v3.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating
[GitHub] [sling-org-apache-sling-app-cms] dependabot[bot] opened a new pull request, #18: Bump node-fetch from 2.6.1 to 2.6.7 in /it
dependabot[bot] opened a new pull request, #18: URL: https://github.com/apache/sling-org-apache-sling-app-cms/pull/18 Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. Release notes Sourced from https://github.com/node-fetch/node-fetch/releases;>node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred What's Changed fix: don't forward secure headers to 3th party by https://github.com/jimmywarting;>@jimmywarting in https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1453;>node-fetch/node-fetch#1453 Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7;>https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7 v2.6.6 What's Changed fix(URL): prefer built in URL version when available and fallback to whatwg by https://github.com/jimmywarting;>@jimmywarting in https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352;>node-fetch/node-fetch#1352 Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6;>https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6 v2.6.2 fixed main path in package.json Commits https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35;>1ef4b56 backport of https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449;>#1449 (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1453;>#1453) https://github.com/node-fetch/node-fetch/commit/8fe5c4ea66b9b8187600e6d5ec9b1b6781f44009;>8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1310;>#1310) https://github.com/node-fetch/node-fetch/commit/f56b0c66d3dd2ef185436de1f2fd40f66bfea8f4;>f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (... https://github.com/node-fetch/node-fetch/commit/b5417aea6a3275932283a200214522e6ab53f1ea;>b5417ae fix: import whatwg-url in a way compatible with ESM Node (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1303;>#1303) https://github.com/node-fetch/node-fetch/commit/18193c5922c64046b922e18faf41821290535f06;>18193c5 fix v2.6.3 that did not sending query params (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1301;>#1301) https://github.com/node-fetch/node-fetch/commit/ace7536c96be742d9910566738630cc3c2a6;>ace7536 fix: properly encode url with unicode characters (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1291;>#1291) https://github.com/node-fetch/node-fetch/commit/152214ca2f6e2a5a17d71e4638114625d3be30c6;>152214c Fix(package.json): Corrected main file path in package.json (https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1274;>#1274) See full diff in https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7;>compare view Maintainer changes This version was pushed to npm by https://www.npmjs.com/~endless;>endless, a new releaser for node-fetch since your current version. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency`
[GitHub] [sling-org-apache-sling-app-cms] dependabot[bot] opened a new pull request, #16: Bump ws from 6.2.1 to 6.2.2 in /it
dependabot[bot] opened a new pull request, #16: URL: https://github.com/apache/sling-org-apache-sling-app-cms/pull/16 Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. Release notes Sourced from https://github.com/websockets/ws/releases;>ws's releases. 6.2.2 Bug fixes Backported 00c425ec to the 6.x release line (78c676d2). Commits https://github.com/websockets/ws/commit/9bdb58070d64c33a9beeac7c732aac0f4e7e18b7;>9bdb580 [dist] 6.2.2 https://github.com/websockets/ws/commit/78c676d2a1acefbc05292e9f7ea0a9457704bf1b;>78c676d [security] Fix ReDoS vulnerability See full diff in https://github.com/websockets/ws/compare/6.2.1...6.2.2;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-app-cms/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-app-cms] dependabot[bot] opened a new pull request, #17: Bump ansi-regex from 4.1.0 to 4.1.1 in /it
dependabot[bot] opened a new pull request, #17: URL: https://github.com/apache/sling-org-apache-sling-app-cms/pull/17 Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. Commits https://github.com/chalk/ansi-regex/commit/64735d25eb839b55bc9fae3877edb702b4c92ca2;>64735d2 v4.1.1 https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a;>75a657d Fix potential ReDoS (https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37;>#37) See full diff in https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-app-cms/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] sonarcloud[bot] commented on pull request #33: Bump junit from 4.13 to 4.13.1
sonarcloud[bot] commented on PR #33: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/33#issuecomment-1127981908 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-clients=33) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=33=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=33=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=33=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=33=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=33=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=33=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=33=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] sonarcloud[bot] commented on pull request #32: Bump jackson-databind from 2.13.0 to 2.13.2.1
sonarcloud[bot] commented on PR #32: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/32#issuecomment-1127981402 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-clients=32) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=32=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=32=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=32=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=32=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=32=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=32=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=32=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-commons-log] dependabot[bot] opened a new pull request, #10: Bump commons-io from 2.4 to 2.7
dependabot[bot] opened a new pull request, #10: URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/10 Bumps commons-io from 2.4 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-commons-log/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-servlets-post] dependabot[bot] opened a new pull request, #18: Bump commons-io from 2.4 to 2.7
dependabot[bot] opened a new pull request, #18: URL: https://github.com/apache/sling-org-apache-sling-servlets-post/pull/18 Bumps commons-io from 2.4 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-servlets-post/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] dependabot[bot] opened a new pull request, #18: Bump commons-io from 2.4 to 2.7
dependabot[bot] opened a new pull request, #18: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/18 Bumps commons-io from 2.4 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-repoinit-parser/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-slingstart-maven-plugin] dependabot[bot] opened a new pull request, #7: Bump commons-io from 2.6 to 2.7
dependabot[bot] opened a new pull request, #7: URL: https://github.com/apache/sling-slingstart-maven-plugin/pull/7 Bumps commons-io from 2.6 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-slingstart-maven-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] sonarcloud[bot] commented on pull request #80: Bump cross-fetch from 3.0.4 to 3.1.5 in /slingpost
sonarcloud[bot] commented on PR #80: URL: https://github.com/apache/sling-whiteboard/pull/80#issuecomment-1127975080 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-whiteboard=80) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=80=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=80=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=80=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=80=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-whiteboard=80=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-whiteboard=80=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] sonarcloud[bot] commented on pull request #79: Bump minimist from 1.2.5 to 1.2.6 in /remote-content-api/openwhisk-rendering
sonarcloud[bot] commented on PR #79: URL: https://github.com/apache/sling-whiteboard/pull/79#issuecomment-1127974657 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-whiteboard=79) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=79=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=79=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-whiteboard=79=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-whiteboard=79=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-whiteboard=79=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-whiteboard=79=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-discovery-oak] dependabot[bot] opened a new pull request, #6: Bump commons-io from 2.4 to 2.7
dependabot[bot] opened a new pull request, #6: URL: https://github.com/apache/sling-org-apache-sling-discovery-oak/pull/6 Bumps commons-io from 2.4 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-discovery-oak/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-commons-metrics] dependabot[bot] opened a new pull request, #3: Bump htmlunit from 2.32 to 2.37.0
dependabot[bot] opened a new pull request, #3: URL: https://github.com/apache/sling-org-apache-sling-commons-metrics/pull/3 Bumps [htmlunit](https://github.com/HtmlUnit/htmlunit) from 2.32 to 2.37.0. Release notes Sourced from https://github.com/HtmlUnit/htmlunit/releases;>htmlunit's releases. HtmlUnit-2.37.0 Bugfixes many js improvements done in Rhino CHROME 79 FF52 removed FF68 added HtmlUnit-2.36.0 Bugfixes many js fixes done in Rhino CHROME 76 Brotli support FF52 deprecated HtmlUnit-2.35.0 bugfixes again many Rhino improvements some cssparser fixes neko fixes and some cleanup HtmlUnit-2.34.1 A small bugfix release required to make alle HtmlUnit Driver tests green fix insert position for elements with contenteditable='true' send 'image/png' as mime type when uploading a png file HtmlUnit-2.34.0 bugfixes again many Rhino improvements cssparser no longer requires sac13 neko fixes HtmlUnit-2.33 source moved to GitHub reworked JS event listeners bugfixes Commits https://github.com/HtmlUnit/htmlunit/commit/cb286216471036d314897083f5aee48039c51e50;>cb28621 prepare release 2.37.0 https://github.com/HtmlUnit/htmlunit/commit/2d6ec1c5836a720e77792b8b1dd3ff18e7b872d2;>2d6ec1c move some methods up https://github.com/HtmlUnit/htmlunit/commit/bc1f58d483cc8854a9c4c1739abd5e04a2eb0367;>bc1f58d Security: prevent Rhinos access to Java resources; e.g. call java methods https://github.com/HtmlUnit/htmlunit/commit/4237700638ebc1618dd8a6c3da0ca134a7f932bc;>4237700 checkstyle update https://github.com/HtmlUnit/htmlunit/commit/814de74ddbb2ca91ec33d736e6f3773ae6768922;>814de74 support activeX object mocker https://github.com/HtmlUnit/htmlunit/commit/16aca54bcd7520150222c9a53da9c39c5c33bc68;>16aca54 pmd update https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28;>934390f disable java access to avoid execution of arbitrary (java) code https://github.com/HtmlUnit/htmlunit/commit/0ffc3f79dbead058b2aeffa6f75a01ef91561e37;>0ffc3f7 use initSafeStandardObjects() instead of initStandardObjects() to avoid execu... https://github.com/HtmlUnit/htmlunit/commit/dfa6ffc1a6831cd544f9b90109f59d3d877729c4;>dfa6ffc fix object-classid processing if the js engine is disabled https://github.com/HtmlUnit/htmlunit/commit/fbc628ca7fbcb1566d450897ba050a1f8f51b330;>fbc628c pgpverify-maven-plugin update Additional commits viewable in https://github.com/HtmlUnit/htmlunit/compare/2.32...2.37.0;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and
[GitHub] [sling-org-apache-sling-rewriter] dependabot[bot] opened a new pull request, #6: Bump jsoup from 1.12.1 to 1.14.2
dependabot[bot] opened a new pull request, #6: URL: https://github.com/apache/sling-org-apache-sling-rewriter/pull/6 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.12.1 to 1.14.2. Release notes Sourced from https://github.com/jhy/jsoup/releases;>jsoup's releases. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements. See the https://jsoup.org/news/release-1.14.2;>release announcement for the full changelog. jsoup 1.14.1 jsoup 1.14.1 is out now, with simple request session management, increased parse robustness, and a ton of other improvements, speed-ups, and bug fixes. See the full https://jsoup.org/news/release-1.14.1;>announcement for all the details on what's changed. jsoup 1.13.1 See the https://jsoup.org/news/release-1.13.1;>release notes. dependency !-- jsoup HTML parser library @ https://jsoup.org/ -- groupIdorg.jsoup/groupId artifactIdjsoup/artifactId version1.13.1/version /dependency jsoup-1.12.2 No release notes provided. Changelog Sourced from https://github.com/jhy/jsoup/blob/master/CHANGES;>jsoup's changelog. jsoup changelog *** Release 1.15.1 [2022-May-15] Change: removed previously deprecated methods and classes (including org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist instead). Improvement: when converting jsoup Documents to W3C Documents in W3CDom, preserve HTML valid attribute names if the input document is using the HTML syntax. (Previously, would always coerce using the more restrictive XML syntax.) https://github-redirect.dependabot.com/jhy/jsoup/pull/1648;>jhy/jsoup#1648 Improvement: added the :containsWholeText(text) selector, to match against non-normalized Element text. That can be useful when elements can only be distinguished by e.g. specific case, or leading whitespace, etc. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: added Element#wholeOwnText() to retrieve the original (non-normalized) ownText of an Element. Also added the :containsWholeOwnText(text) selector, to match against that. BR elements are now treated as newlines in the wholeText methods. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: added the :matchesWholeText(regex) and :matchesWholeOwnText(regex) selectors, to match against whole (non-normalized, case sensitive) element text and own text, respectively. https://github-redirect.dependabot.com/jhy/jsoup/issues/1636;>jhy/jsoup#1636 Improvement: when evaluating an XPath query against a context element, the complete document is now visible to the query, vs only the context element's sub-tree. This enables support for queries outside (parent or sibling) the element, e.g. ancestor-or-self::*. https://github-redirect.dependabot.com/jhy/jsoup/issues/1652;>jhy/jsoup#1652 Improvement: allow a maxPaddingWidth on the indent level in OutputSettings when pretty printing. This defaults to 30 to limit the indent level for very deeply nested elements, and may be disabled by setting to -1. https://github-redirect.dependabot.com/jhy/jsoup/pull/1655;>jhy/jsoup#1655 Improvement: when cloning a Node or an Element, the clone gets a cloned OwnerDocument containing only that clone, so as to preserve applicable settings, such as the Pretty Print settings. https://github-redirect.dependabot.com/jhy/jsoup/issues/763;>jhy/jsoup#763 Improvement: added a convenience method Jsoup.parse(File). https://github-redirect.dependabot.com/jhy/jsoup/issues/1693;>jhy/jsoup#1693 Improvement: in the NodeTraversor, added default implementations for NodeVisitor.tail() and NodeFilter.tail(), so that code using only head() methods can be written as lambdas. Improvement: in NodeTraversor, added support for removing nodes via Node.remove() during NodeVisitor.head(). https://github-redirect.dependabot.com/jhy/jsoup/issues/1699;>jhy/jsoup#1699 Improvement: added Node.forEachNode(Consumer) and Element.forEach(ConsumerElement) methods, to efficiently traverse the DOM with a functional interface. https://github-redirect.dependabot.com/jhy/jsoup/issues/1700;>jhy/jsoup#1700 Bugfix: boolean attribute names should be case-insensitive, but were not when the parser was configured to preserve ... (truncated) Commits https://github.com/jhy/jsoup/commit/19c77325c9abb6f8b8b65034470e15faad6ce822;>19c7732 [maven-release-plugin] prepare release jsoup-1.14.2 https://github.com/jhy/jsoup/commit/acde180f094e2749d22034916cb35914289e521a;>acde180 Compress harder
[GitHub] [sling-org-apache-sling-testing-clients] dependabot[bot] opened a new pull request, #33: Bump junit from 4.13 to 4.13.1
dependabot[bot] opened a new pull request, #33: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/33 Bumps [junit](https://github.com/junit-team/junit4) from 4.13 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases;>junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md;>release notes for details. Changelog Sourced from https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md;>junit's changelog. Summary of changes in version 4.13.1 Rules Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp;>security advisory for details. Test Runners [Pull request https://github-redirect.dependabot.com/junit-team/junit4/issues/1669;>#1669:](https://github-redirect.dependabot.com/junit-team/junit/pull/1669;>junit-team/junit#1669) Make FrameworkField constructor public Prior to this change, custom runners could make FrameworkMethod instances, but not FrameworkField instances. This small change allows for both now, because FrameworkField's constructor has been promoted from package-private to public. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66;>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2;>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24;>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567;>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9;>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944;>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae;>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec;>b6cfd1e Explicitly wrap float parameter for consistency (https://github-redirect.dependabot.com/junit-team/junit4/issues/1671;>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646;>a5d205c Fix GitHub link in FAQ (https://github-redirect.dependabot.com/junit-team/junit4/issues/1672;>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8;>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://github-redirect.dependabot.com/junit-team/junit4/issues/1660;>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.13...r4.13.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the
[GitHub] [sling-org-apache-sling-testing-clients] dependabot[bot] opened a new pull request, #32: Bump jackson-databind from 2.13.0 to 2.13.2.1
dependabot[bot] opened a new pull request, #32: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/32 Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.13.0 to 2.13.2.1. Commits See full diff in https://github.com/FasterXML/jackson/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-testing-clients/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-discovery-base] dependabot[bot] opened a new pull request, #8: Bump commons-io from 2.4 to 2.7
dependabot[bot] opened a new pull request, #8: URL: https://github.com/apache/sling-org-apache-sling-discovery-base/pull/8 Bumps commons-io from 2.4 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-discovery-base/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #84: Bump jackson-databind from 2.8.4 to 2.12.6.1 in /org.apache.sling.repoinit.webconsole
dependabot[bot] opened a new pull request, #84: URL: https://github.com/apache/sling-whiteboard/pull/84 Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.8.4 to 2.12.6.1. Commits See full diff in https://github.com/FasterXML/jackson/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #83: Bump jackson-databind from 2.9.0 to 2.12.6.1 in /org.apache.sling.thumbnails
dependabot[bot] opened a new pull request, #83: URL: https://github.com/apache/sling-whiteboard/pull/83 Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.0 to 2.12.6.1. Commits See full diff in https://github.com/FasterXML/jackson/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #82: Bump async from 2.6.3 to 2.6.4 in /slingpost
dependabot[bot] opened a new pull request, #82: URL: https://github.com/apache/sling-whiteboard/pull/82 Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md;>async's changelog. v2.6.4 Fix potential prototype pollution exploit (https://github-redirect.dependabot.com/caolan/async/issues/1828;>#1828) Commits https://github.com/caolan/async/commit/c6bdaca4f9175c14fc655d3783c6af6a883e6514;>c6bdaca Version 2.6.4 https://github.com/caolan/async/commit/8870da9d5022bab310413041b4079e10db3980b7;>8870da9 Update built files https://github.com/caolan/async/commit/4df6754ef4e96a742956df8782fee27242a2ea12;>4df6754 update changelog https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2;>8f7f903 Fix prototype pollution vulnerability (https://github-redirect.dependabot.com/caolan/async/issues/1828;>#1828) See full diff in https://github.com/caolan/async/compare/v2.6.3...v2.6.4;>compare view Maintainer changes This version was pushed to npm by https://www.npmjs.com/~hargasinski;>hargasinski, a new releaser for async since your current version. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #81: Bump minimist from 1.2.5 to 1.2.6 in /slingpost
dependabot[bot] opened a new pull request, #81: URL: https://github.com/apache/sling-whiteboard/pull/81 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846;>7efb22a 1.2.6 https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2;>ef88b93 security notice for additional prototype pollution issue https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d;>c2b9819 isConstructorOrProto adapted from PR https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb;>bc8ecee test from prototype pollution PR See full diff in https://github.com/substack/minimist/compare/1.2.5...1.2.6;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #80: Bump cross-fetch from 3.0.4 to 3.1.5 in /slingpost
dependabot[bot] opened a new pull request, #80: URL: https://github.com/apache/sling-whiteboard/pull/80 Bumps [cross-fetch](https://github.com/lquixada/cross-fetch) from 3.0.4 to 3.1.5. Release notes Sourced from https://github.com/lquixada/cross-fetch/releases;>cross-fetch's releases. v3.1.5 What's Changed chore: updated node-fetch version to 2.6.7 by https://github.com/dlafreniere;>@dlafreniere in https://github-redirect.dependabot.com/lquixada/cross-fetch/pull/124;>lquixada/cross-fetch#124 New Contributors https://github.com/dlafreniere;>@dlafreniere made their first contribution in https://github-redirect.dependabot.com/lquixada/cross-fetch/pull/124;>lquixada/cross-fetch#124 Full Changelog: https://github.com/lquixada/cross-fetch/compare/v3.1.4...v3.1.5;>https://github.com/lquixada/cross-fetch/compare/v3.1.4...v3.1.5 v3.1.4 fixed typescript errors. v3.1.3 fixed typescript compilation error causing https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/95;>#95, https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/101;>#101, https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/102;>#102. v3.1.2 added missing Headers interface augmentation from lib.dom.iterable.d.ts (https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/97;>#97) v3.1.1 fixed missing fetch api types from constructor signatures https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/96;>#96 (thanks https://github.com/jstewmon;>@jstewmon) v3.1.0 ⚡️ improved TypeScript support with own fetch API type definitions (thanks https://github.com/jstewmon;>@jstewmon) ⚡️ set fetch.ponyfill to true when custom ponyfill implementation is used. set the same fetch API test suite to run against node-fetch, whatwg-fetch and native fetch. v3.0.6 ⚡️ updated node-fetch to 2.6.1 v3.0.5 ⚡️ whatwg-fetch is not a prod dependency anymore (https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/63;>#63) ⚡️ updated all dev dependencies. Commits https://github.com/lquixada/cross-fetch/commit/c6089dfafc1fd6253b4d204d37c0439eea631cd0;>c6089df chore(release): 3.1.5 https://github.com/lquixada/cross-fetch/commit/a3b3a9481091ddd06b8f83784ba9c4e034dc912a;>a3b3a94 chore: updated node-fetch version to 2.6.7 (https://github-redirect.dependabot.com/lquixada/cross-fetch/issues/124;>#124) https://github.com/lquixada/cross-fetch/commit/efed703489d591eee76a15d12b088538d04f668b;>efed703 chore: updated node-fetch version to 2.6.5 https://github.com/lquixada/cross-fetch/commit/694ff77b367cff4be7e16366988b394016717e88;>694ff77 refactor: removed ora from dependencies https://github.com/lquixada/cross-fetch/commit/efc5956f740440cf4684e982fd4ceef85f2a2c67;>efc5956 refactor: added .vscode to .gitignore https://github.com/lquixada/cross-fetch/commit/da605d5ab026e7986f6633307fbd3018f1eebb58;>da605d5 refactor: renamed test/fetch/ to test/fetch-api/ and test/module/ to test/mod... https://github.com/lquixada/cross-fetch/commit/0f0d51de7f07f5202ee9de472d88c71911da9cb9;>0f0d51d chore: updated minor and patch versions of dev dependencies https://github.com/lquixada/cross-fetch/commit/c6e34ead1bb70845eccf9ec83c3144ccf4a73f2e;>c6e34ea refactor: removed sinon.js https://github.com/lquixada/cross-fetch/commit/f524a522ecda60db99f57798beac8e7af3349580;>f524a52 fix: yargs was incompatible with node 10 https://github.com/lquixada/cross-fetch/commit/7906fcf4c2d3fa300690baa72dc6b8fa30ac02ea;>7906fcf chore: updated dev dependencies Additional commits viewable in https://github.com/lquixada/cross-fetch/compare/v3.0.4...v3.1.5;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #79: Bump minimist from 1.2.5 to 1.2.6 in /remote-content-api/openwhisk-rendering
dependabot[bot] opened a new pull request, #79: URL: https://github.com/apache/sling-whiteboard/pull/79 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846;>7efb22a 1.2.6 https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2;>ef88b93 security notice for additional prototype pollution issue https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d;>c2b9819 isConstructorOrProto adapted from PR https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb;>bc8ecee test from prototype pollution PR See full diff in https://github.com/substack/minimist/compare/1.2.5...1.2.6;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #78: Bump minimist from 1.2.5 to 1.2.6 in /vscode-htl
dependabot[bot] opened a new pull request, #78: URL: https://github.com/apache/sling-whiteboard/pull/78 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846;>7efb22a 1.2.6 https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2;>ef88b93 security notice for additional prototype pollution issue https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d;>c2b9819 isConstructorOrProto adapted from PR https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb;>bc8ecee test from prototype pollution PR See full diff in https://github.com/substack/minimist/compare/1.2.5...1.2.6;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #77: Bump jackson-databind from 2.9.6 to 2.12.6.1 in /SlingModelPersist
dependabot[bot] opened a new pull request, #77: URL: https://github.com/apache/sling-whiteboard/pull/77 Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.6 to 2.12.6.1. Commits See full diff in https://github.com/FasterXML/jackson/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-whiteboard/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-11060) CPConverter - sling initial content - ACL support
[
https://issues.apache.org/jira/browse/SLING-11060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-11060:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> CPConverter - sling initial content - ACL support
> -
>
> Key: SLING-11060
> URL: https://issues.apache.org/jira/browse/SLING-11060
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Affects Versions: Content-Package to Feature Model Converter 1.1.10
>Reporter: Niek Raaijmakers
>Assignee: Niek Raaijmakers
>Priority: Major
>
> Currently, we do not implement the ACL support for Sling Initial Content as
> specified :
> [https://sling.apache.org/documentation/bundles/repository-initialization.html]
> We need the following methods
> (org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.VaultContentXMLContentCreator)
> implemented or another workaround found:
>
> {code:java}
> @Override
> public boolean switchCurrentNode(String subPath, String newNodeType) throws
> RepositoryException {
> throw new UnsupportedOperationException();
> }
> @Override
> public void createUser(String name, String password, Map
> extraProperties) throws RepositoryException {
> throw new UnsupportedOperationException();
> }
> @Override
> public void createGroup(String name, String[] members, Map
> extraProperties) throws RepositoryException {
> throw new UnsupportedOperationException();
> }
> @Override
> public void createAce(String principal, String[] grantedPrivileges, String[]
> deniedPrivileges, String order) throws RepositoryException {
> throw new UnsupportedOperationException();
> }
> @Override
> public void createAce(String principalId, String[] grantedPrivilegeNames,
> String[] deniedPrivilegeNames,
> String order, Map restrictions, Map
> mvRestrictions,
> Set removedRestrictionNames) throws RepositoryException {
> throw new UnsupportedOperationException();
> }{code}
>
> Stashed code is on branch: SLING-10931
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (SLING-10861) Subpackages are missing dependency on their container
[ https://issues.apache.org/jira/browse/SLING-10861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-10861: - Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16) > Subpackages are missing dependency on their container > - > > Key: SLING-10861 > URL: https://issues.apache.org/jira/browse/SLING-10861 > Project: Sling > Issue Type: Bug > Components: Content-Package to Feature Model Converter >Affects Versions: Content-Package to Feature Model Converter 1.1.10 >Reporter: Karl Pauls >Priority: Major > > When the converter is extracting sub packages it is not adding a dependency > to their containing package to them. It does for embedded packages but not > for subpackages. It should add a dependency in both cases. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (SLING-10781) ContentPackage2FeatureModelConverterLauncher - sonar findings
[ https://issues.apache.org/jira/browse/SLING-10781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-10781: - Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16) > ContentPackage2FeatureModelConverterLauncher - sonar findings > - > > Key: SLING-10781 > URL: https://issues.apache.org/jira/browse/SLING-10781 > Project: Sling > Issue Type: Sub-task > Components: Content-Package to Feature Model Converter >Reporter: Angela Schreiber >Priority: Major > > see > https://sonarcloud.io/code?id=apache_sling-org-apache-sling-feature-cpconverter=apache_sling-org-apache-sling-feature-cpconverter%3Asrc%2Fmain%2Fjava%2Forg%2Fapache%2Fsling%2Ffeature%2Fcpconverter%2Fcli%2FContentPackage2FeatureModelConverterLauncher.java -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (SLING-10784) BundleEntryHandler - sonar findings
[ https://issues.apache.org/jira/browse/SLING-10784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-10784: - Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16) > BundleEntryHandler - sonar findings > --- > > Key: SLING-10784 > URL: https://issues.apache.org/jira/browse/SLING-10784 > Project: Sling > Issue Type: Sub-task > Components: Content-Package to Feature Model Converter >Reporter: Angela Schreiber >Priority: Major > > https://sonarcloud.io/code?id=apache_sling-org-apache-sling-feature-cpconverter=apache_sling-org-apache-sling-feature-cpconverter%3Asrc%2Fmain%2Fjava%2Forg%2Fapache%2Fsling%2Ffeature%2Fcpconverter%2Fhandlers%2FBundleEntryHandler.java -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (SLING-10787) BundleEntryHandler.extractArtifactId prone to IllegalArgumentException
[
https://issues.apache.org/jira/browse/SLING-10787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-10787:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> BundleEntryHandler.extractArtifactId prone to IllegalArgumentException
> --
>
> Key: SLING-10787
> URL: https://issues.apache.org/jira/browse/SLING-10787
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Reporter: Angela Schreiber
>Priority: Major
>
> trying to address sonar findings for {{BundleEntryHandler}} (see SLING-10784)
> i noticed that there is no guarantee that 'artifactId' and 'version' are not
> left null after all the processing completed. if any of the two is null
> constructing a new {{ArtifactId}} object from the given strings will fail
> will {{IllegalArgumentException}}.
> it might be as simple as extracting the following statements out of the
> previous block that handles the {{groupId == null}} case:
> {code}
> if (artifactId == null || artifactId.isEmpty()) {
> artifactId = groupId;
> }
>
> if (version == null) {
> Version osgiVersion =
> Version.parseVersion(getCheckedProperty(jarFile.getManifest(),
> Constants.BUNDLE_VERSION));
> version = osgiVersion.getMajor() + "." + osgiVersion.getMinor() +
> "." + osgiVersion.getMicro() + (osgiVersion.getQualifier().isEmpty() ? "" :
> "-" + osgiVersion.getQualifier());
> }
> {code}
> but i am not totally sure there is a reason the method
> {{BundleEntryHandler.extractArtifactId}} gets called out by sonar :)
> note: on line 472 of the same method {{IllegalArgumentException}} is
> caught so i assume the code doesn't expect this method to fail upon
> building the {{ArtifactId}}.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (SLING-10774) Fix sonar findings in content-package to feature model converter
[ https://issues.apache.org/jira/browse/SLING-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-10774: - Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16) > Fix sonar findings in content-package to feature model converter > > > Key: SLING-10774 > URL: https://issues.apache.org/jira/browse/SLING-10774 > Project: Sling > Issue Type: Improvement > Components: Content-Package to Feature Model Converter >Reporter: Angela Schreiber >Priority: Major > > sonar reports quite some findings for the content-package to feature model > converter bundle that are easy to fix preventing broken window syndrome i > would suggest to keep fixing as much as possible. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (SLING-10760) Converter ignores access control content and users/groups in .content.xml files
[
https://issues.apache.org/jira/browse/SLING-10760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-10760:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> Converter ignores access control content and users/groups in .content.xml
> files
> ---
>
> Key: SLING-10760
> URL: https://issues.apache.org/jira/browse/SLING-10760
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Reporter: Angela Schreiber
>Priority: Critical
> Attachments: subtree_in_contentxml_policy.png,
> subtree_in_contentxml_sibling.png
>
>
> [~kpauls], while trying to find more edge cases that could cause SLING-10754,
> i noticed that not only sibling nodes but also access control content (like
> e.g. _rep:policy_ nodes) contained in a _.content.xml_ get installed by
> Jackrabbit Filevault even if those nodes are not covered by the corresponding
> {{WorkspaceFilter}}.
> It also seems that these package 'entries' are not spotted by the converter
> and thus the dedicated {{EntryHandler}} implementations that are intended to
> analyze and convert special content like e.g. access control (but probably
> not limited to that) are not triggered.
> In other words: content hidden in _.content.xml_ will not be properly
> converted but will be installed even if not covered by _filter.xml_
> associated with the content package. I don't know if that actually intended
> behavior of Jackrabbit FileVault (the documentation clearly stating that
> everything should be covered by filter rules [0], section 'Usage for
> Import/Installation'), but if it is correct it might in the worse case
> require the converter to parse all _.content.xml_ files and delegate to the
> proper handler implementations.
> [~kwin], I would appreciate your input on the FileVault related question of
> this ticket. In particular: is it correct and intended that subnodes defined
> in _.content.xml_ get installed even if not covered by any filter rule?
> [0] https://jackrabbit.apache.org/filevault/filter.html
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (SLING-10914) CpConverter - package type calculation should take filters into account
[ https://issues.apache.org/jira/browse/SLING-10914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-10914: - Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16) > CpConverter - package type calculation should take filters into account > --- > > Key: SLING-10914 > URL: https://issues.apache.org/jira/browse/SLING-10914 > Project: Sling > Issue Type: Bug > Components: Content-Package to Feature Model Converter >Affects Versions: Content-Package to Feature Model Converter 1.1.10 >Reporter: Niek Raaijmakers >Assignee: Niek Raaijmakers >Priority: Minor > > The converter does attempt to (re-)calculate the package type (application, > content, mixed) as part of creating the converted packages. However, it > doesn't take the targets of the filters into account when determining the > type. As such, it is possible that e.g. a package containing a filter > targeting apps would end up being classified as being of type content. > Furthermore, it when looking into the content, it doesn't take into account > if the content is covered by filters - ie., it doesn't really check if the > content would be ignored by vault. > Given that it is hard to know what vault will install or not, it might not be > possible to fix the second issue - however, it should be possible to at least > look at the filters and take their targets into account (as pathes) when > (re-)calculating the package type. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (SLING-10790) BundleEntryHandler.extractArtifactId may use wrong GAV
[
https://issues.apache.org/jira/browse/SLING-10790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-10790:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> BundleEntryHandler.extractArtifactId may use wrong GAV
> --
>
> Key: SLING-10790
> URL: https://issues.apache.org/jira/browse/SLING-10790
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Reporter: Angela Schreiber
>Priority: Minor
>
> [~kpauls], if my reading of {{BundleEntryHandler.extractArtifactId}} is
> correct it the method might be ending up using the wrong
> groupId/artifactId/version.
> the code will loop over jar-entries and stop if the extracted GAV matches the
> bundle name. however, groupId/artifactId/version are not reset to {{null}} in
> case they were successfully extracted but didn't end up matching the bundle
> name i.e. {quote}it was the pom.properties we were looking for{quote}.
> i can't tell how big of an issue that is (and how likely). but given the fact
> that there is some extra effort to verify that the parsed pom is actually the
> right one, it might actually be relevant. the relies on a compliant content
> package that does contain a matching pom, which may or may not be the case...
> logging a warning or throwing a ConverterException in case of violation might
> help spotting troublesome content packages instead of getting some sort of
> side effect if another pom was spotted.
> a heavily simplified copy of the method:
> {code}
> String artifactId = null;
> String version = null;
> String groupId = null;
> String classifier = null;
> for (Enumeration e = jarFile.entries();
> e.hasMoreElements();) {
> [...]
> // extract groupId/artifactId/version
> [...]
>
> if (groupId != null && artifactId != null && version != null) {
> // bundleName is now the bare name without extension
> String synthesized = artifactId + "-" + version;
> // it was the pom.properties we were looking for
> if (bundleName.startsWith(synthesized) ||
> bundleName.equals(artifactId)) {
> [...]
>
> // no need to iterate further
> break;
> }
> }
> }
>
> if (groupId == null) {
> [...]
> }
> return new ArtifactId(groupId, artifactId, version, classifier,
> JAR_TYPE);
> {code}
> feel free to resolve as not a problem in case my reading of the code is all
> wrong.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (SLING-11239) ContentPackage2FeatureModelConverter prone to NPE
[
https://issues.apache.org/jira/browse/SLING-11239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-11239:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> ContentPackage2FeatureModelConverter prone to NPE
> -
>
> Key: SLING-11239
> URL: https://issues.apache.org/jira/browse/SLING-11239
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Affects Versions: Content-Package to Feature Model Converter 1.1.14
>Reporter: Angela Schreiber
>Priority: Major
>
> the {{ContentPackage2FeatureModelConverter}} contains a bunch of fields that
> are only populated when calling the corresponding setters.
> while the {{ContentPackage2FeatureModelConverterLauncher}} client gets
> naturally adjusted when new the converter gets extended, this may easily lead
> to NPE when the converter is used outside of the client code.
> the most recent example where we ran into a NPE was the introduction of the
> 'indexManager' with SLING-11134, but the problem also applies to the
> acl-Manager, the bundleSlingInitialContentExtractor and maybe others that get
> accessed throughout the conversion without checking for null.
> we should either extend the code to handle missing managers/extractors
> gracefully in case they are optional, or initialize defaults (e.g. possible
> for the indexManager) or verify that the converter has been properly
> initialized with all mandatory setters called before running the conversion.
> note: ideally fixing this would also make the corresponding getters to return
> a non-null value as we have potential NPE also with calls to
> {{ContentPackage2FeatureModelConverterLauncher.getAclManager()}}.
> cc: [~rombert], [~kpauls]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (SLING-10790) BundleEntryHandler.extractArtifactId may use wrong GAV
[
https://issues.apache.org/jira/browse/SLING-10790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17537505#comment-17537505
]
Carsten Ziegeler commented on SLING-10790:
--
I refactored the code in
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/commit/68f71b3ba0a8f54c4d307e0ca179e7cc8a8c17c0
It seems if we actually reset groupId etc. then a lot of tests start failing,
therefore I didn't not do this. But at least the code is now a little bit
easier to read
> BundleEntryHandler.extractArtifactId may use wrong GAV
> --
>
> Key: SLING-10790
> URL: https://issues.apache.org/jira/browse/SLING-10790
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
>Reporter: Angela Schreiber
>Priority: Minor
> Fix For: Content-Package to Feature Model Converter 1.1.16
>
>
> [~kpauls], if my reading of {{BundleEntryHandler.extractArtifactId}} is
> correct it the method might be ending up using the wrong
> groupId/artifactId/version.
> the code will loop over jar-entries and stop if the extracted GAV matches the
> bundle name. however, groupId/artifactId/version are not reset to {{null}} in
> case they were successfully extracted but didn't end up matching the bundle
> name i.e. {quote}it was the pom.properties we were looking for{quote}.
> i can't tell how big of an issue that is (and how likely). but given the fact
> that there is some extra effort to verify that the parsed pom is actually the
> right one, it might actually be relevant. the relies on a compliant content
> package that does contain a matching pom, which may or may not be the case...
> logging a warning or throwing a ConverterException in case of violation might
> help spotting troublesome content packages instead of getting some sort of
> side effect if another pom was spotted.
> a heavily simplified copy of the method:
> {code}
> String artifactId = null;
> String version = null;
> String groupId = null;
> String classifier = null;
> for (Enumeration e = jarFile.entries();
> e.hasMoreElements();) {
> [...]
> // extract groupId/artifactId/version
> [...]
>
> if (groupId != null && artifactId != null && version != null) {
> // bundleName is now the bare name without extension
> String synthesized = artifactId + "-" + version;
> // it was the pom.properties we were looking for
> if (bundleName.startsWith(synthesized) ||
> bundleName.equals(artifactId)) {
> [...]
>
> // no need to iterate further
> break;
> }
> }
> }
>
> if (groupId == null) {
> [...]
> }
> return new ArtifactId(groupId, artifactId, version, classifier,
> JAR_TYPE);
> {code}
> feel free to resolve as not a problem in case my reading of the code is all
> wrong.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (SLING-10768) AbstractJcrNodeParser and subclasses ignore namespace mappings
[
https://issues.apache.org/jira/browse/SLING-10768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-10768:
-
Fix Version/s: (was: Content-Package to Feature Model Converter 1.1.16)
> AbstractJcrNodeParser and subclasses ignore namespace mappings
> --
>
> Key: SLING-10768
> URL: https://issues.apache.org/jira/browse/SLING-10768
> Project: Sling
> Issue Type: Improvement
> Components: Content-Package to Feature Model Converter
>Reporter: Angela Schreiber
>Priority: Minor
>
> The {{AbstractJcrNodeParser}} has a constant defined for "jcr:root". It would
> be better if it (and subclasses) would not rely on the default namespace
> mappings.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
Re: [VOTE] Release Apache Sling JCR Oak Server 1.3.0
Updating KEYS is a manual process: https://sling.apache.org/documentation/development/release-management.html#appendix-a-creating-and-registering-your-pgp-key There is no automatic syncing (anymore) with the key registered in your ASF profile. Regards, Konrad > Am 16.05.2022 um 12:51 schrieb Oliver Lietz : > > On Friday, 13 May 2022 21:16:16 CEST Eric Norman wrote: >> Hi Oliver, >> >> FYI: your key shows as expired for me as well. It looks like the data from >> the committer signature at [1] is different from what is checked into the >> sling/KEYS file at [2] so maybe that needs to be updated with the latest >> data? >> >> 1. https://people.apache.org/keys/committer/ >> 2. https://downloads.apache.org/sling/KEYS > > There are some entries in INFRA Jira mentioning syncing issues with key > servers. And AFAIR there were some changes in key server infrastructure. > I've uploaded my keys manually to keyserver.ubuntu.com, let's see if it helps. > > O. > >> Regards, >> -Eric >> >>> On Fri, May 13, 2022 at 11:52 AM Oliver Lietz wrote: >>> On Friday, 13 May 2022 17:55:05 CEST Radu Cotescu wrote: Hi, >>> >>> Hi Radu, >>> Am I the only one for whom Olli’s key looks like it has expired on >>> >>> December >>> 31st 2021? >>> >>> Key expires on December 31st 2022. Can you reimport? Looks like your local >>> copy is outdated. >>> >>> Regards, >>> O. >>> Thanks, Radu > > > >
Re: [VOTE] Release Apache Sling JCR Oak Server 1.3.0
On Friday, 13 May 2022 21:16:16 CEST Eric Norman wrote: > Hi Oliver, > > FYI: your key shows as expired for me as well. It looks like the data from > the committer signature at [1] is different from what is checked into the > sling/KEYS file at [2] so maybe that needs to be updated with the latest > data? > > 1. https://people.apache.org/keys/committer/ > 2. https://downloads.apache.org/sling/KEYS There are some entries in INFRA Jira mentioning syncing issues with key servers. And AFAIR there were some changes in key server infrastructure. I've uploaded my keys manually to keyserver.ubuntu.com, let's see if it helps. O. > Regards, > -Eric > > On Fri, May 13, 2022 at 11:52 AM Oliver Lietz wrote: > > On Friday, 13 May 2022 17:55:05 CEST Radu Cotescu wrote: > > > Hi, > > > > Hi Radu, > > > > > Am I the only one for whom Olli’s key looks like it has expired on > > > > December > > > > > 31st 2021? > > > > Key expires on December 31st 2022. Can you reimport? Looks like your local > > copy is outdated. > > > > Regards, > > O. > > > > > Thanks, > > > Radu
RE: [VOTE] Release Apache Sling JCR Oak Server 1.3.0
+1 stefan
