[GitHub] [commons-beanutils] dependabot[bot] opened a new pull request #112: Bump junit-vintage-engine from 5.7.2 to 5.8.2
dependabot[bot] opened a new pull request #112: URL: https://github.com/apache/commons-beanutils/pull/112 Bumps [junit-vintage-engine](https://github.com/junit-team/junit5) from 5.7.2 to 5.8.2. Release notes Sourced from https://github.com/junit-team/junit5/releases;>junit-vintage-engine's releases. JUnit 5.8.2 = Platform 1.8.2 + Jupiter 5.8.2 + Vintage 5.8.2 See http://junit.org/junit5/docs/5.8.2/release-notes/;>Release Notes. JUnit 5.8.1 = Platform 1.8.1 + Jupiter 5.8.1 + Vintage 5.8.1 See http://junit.org/junit5/docs/5.8.1/release-notes/;>Release Notes. JUnit 5.8.0 = Platform 1.8.0 + Jupiter 5.8.0 + Vintage 5.8.0 See http://junit.org/junit5/docs/5.8.0/release-notes/;>Release Notes. JUnit 5.8.0-RC1 = Platform 1.8.0-RC1 + Jupiter 5.8.0-RC1 + Vintage 5.8.0-RC1 See http://junit.org/junit5/docs/5.8.0-RC1/release-notes/;>Release Notes. JUnit 5.8.0-M1 = Platform 1.8.0-M1 + Jupiter 5.8.0-M1 + Vintage 5.8.0-M1 See http://junit.org/junit5/docs/5.8.0-M1/release-notes/;>Release Notes. Commits https://github.com/junit-team/junit5/commit/f58cd419755846f1476e8d15783438de8d7aede4;>f58cd41 Release 5.8.2 https://github.com/junit-team/junit5/commit/893617c8bcfd50a9c22023177c80db9973e36d8f;>893617c Fix Javadoc of DEFAULT_DISCOVERY_LISTENER_CONFIGURATION_PROPERTY_NAME https://github.com/junit-team/junit5/commit/3d75f99bf78fa386c17a52009670d6bcfa3f3168;>3d75f99 Use Gradle because to document junit-platform-launcher dependency https://github.com/junit-team/junit5/commit/4ef6e70989fb9ad9efef7bb45996854d876503b1;>4ef6e70 Support CSV headers in display names in parameterized tests https://github.com/junit-team/junit5/commit/69aed70d38b2b2ca3bb51b7a4f29c909573c0544;>69aed70 Polish Overview section of User Guide https://github.com/junit-team/junit5/commit/4181b9c05d5ac8ea056e3c06d35503f99403157a;>4181b9c Make quote character in https://github.com/CsvFileSource;>@CsvFileSource configurable https://github.com/junit-team/junit5/commit/e27058ec5c283bce2f495d0d0b4d328abc16d6e1;>e27058e Stop publishing to scans.gradle.com for PR builds https://github.com/junit-team/junit5/commit/d455b9894ae508d5aa859b7b8ae42debaadb8137;>d455b98 Always update snapshots https://github.com/junit-team/junit5/commit/938ab00d4db1f5ef074856907536bdec5ec414a1;>938ab00 Increase tool timeout to reduce flakiness https://github.com/junit-team/junit5/commit/cd257bd863cc63d32adbefe0c596b881eeabe099;>cd257bd Use longer timeouts to stabilize flaky tests Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.7.2...r5.8.2;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.vintage:junit-vintage-engine=maven=5.7.2=5.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] dependabot[bot] opened a new pull request #71: Bump actions/cache from 2 to 3
dependabot[bot] opened a new pull request #71: URL: https://github.com/apache/commons-validator/pull/71 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. v2.1.7 Support 10GB cache upload using the latest version 1.0.8 of https://www.npmjs.com/package/@actions/cache;>@actions/cache v2.1.6 Catch unhandled bad file descriptor errors that sometimes occurs when the cache server returns non-successful response (https://github-redirect.dependabot.com/actions/cache/pull/596;>actions/cache#596) v2.1.5 Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (https://github-redirect.dependabot.com/actions/cache/issues/527;>actions/cache#527) v2.1.4 Make caching more verbose https://github-redirect.dependabot.com/actions/toolkit/pull/650;>#650 Use GNU tar on macOS if available https://github-redirect.dependabot.com/actions/toolkit/pull/701;>#701 v2.1.3 Upgrades @actions/core to v1.2.6 for https://github.com/advisories/GHSA-mfwh-5m23-j46w;>CVE-2020-15228. This action was not using the affected methods. Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly v2.1.2 Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds No-op when executing on GHES v2.1.1 Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files. v2.1.0 Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently Display download progress and speed Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger
[GitHub] [commons-beanutils] dependabot[bot] opened a new pull request #111: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #111: URL: https://github.com/apache/commons-beanutils/pull/111 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] kinow merged pull request #868: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
kinow merged pull request #868: URL: https://github.com/apache/commons-lang/pull/868 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-fileupload] coveralls commented on pull request #141: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
coveralls commented on pull request #141: URL: https://github.com/apache/commons-fileupload/pull/141#issuecomment-1079475209 [![Coverage Status](https://coveralls.io/builds/47710744/badge)](https://coveralls.io/builds/47710744) Coverage remained the same at 77.585% when pulling **d0b4c0c183254605fdc380b73c9f8a078b8228a3 on dependabot/maven/com.github.spotbugs-spotbugs-maven-plugin-4.6.0.0** into **47414723191ddf118118080cc0306778a7778458 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] kinow commented on pull request #311: (doc) Add missing exception javadocs, add a couple more unit tests
kinow commented on pull request #311: URL: https://github.com/apache/commons-text/pull/311#issuecomment-1079458828 Squashed and merged, thank you!!! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] kinow closed pull request #311: (doc) Add missing exception javadocs, add a couple more unit tests
kinow closed pull request #311: URL: https://github.com/apache/commons-text/pull/311 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (IO-697) IOUtils.toByteArray size validation does not match documenation.
[ https://issues.apache.org/jira/browse/IO-697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno P. Kinoshita resolved IO-697. --- Resolution: Fixed > IOUtils.toByteArray size validation does not match documenation. > > > Key: IO-697 > URL: https://issues.apache.org/jira/browse/IO-697 > Project: Commons IO > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: scottyg >Assignee: Bruno P. Kinoshita >Priority: Major > Fix For: 2.12.0 > > > According to the javadoc, "throws IOException ... or InputStream size differ > from parameter size. > I read that as the passed in parameter size must exactly match the length of > data represented by the InputStream. However, the current implementation will: > * Throw an exception if size parameter is larger than the InputStream > * Work as expected if size parameter matches size of InputStream > * *Return a byte array only containing up-to size parameter when InputStream > is larger than size parameter. No exception is thrown*. > What is the actual intention of the method? What the javadoc says, or what > the implementation is currently doing? > > {code:java} > /** > * Gets the contents of an InputStream as a byte[]. > * Use this method instead of toByteArray(InputStream) > * when InputStream size is known > * > * @param input the InputStream to read from > * @param size the size of InputStream > * @return the requested byte array > * @throws IOException if an I/O error occurs or > InputStream size differ from parameter > * size > * @throws IllegalArgumentException if size is less than zero > * @since 2.1 > */ > public static byte[] toByteArray(final InputStream input, final int size) > throws IOException {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (IO-697) IOUtils.toByteArray size validation does not match documenation.
[ https://issues.apache.org/jira/browse/IO-697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno P. Kinoshita updated IO-697: -- Assignee: Bruno P. Kinoshita > IOUtils.toByteArray size validation does not match documenation. > > > Key: IO-697 > URL: https://issues.apache.org/jira/browse/IO-697 > Project: Commons IO > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: scottyg >Assignee: Bruno P. Kinoshita >Priority: Major > Fix For: 2.12.0 > > > According to the javadoc, "throws IOException ... or InputStream size differ > from parameter size. > I read that as the passed in parameter size must exactly match the length of > data represented by the InputStream. However, the current implementation will: > * Throw an exception if size parameter is larger than the InputStream > * Work as expected if size parameter matches size of InputStream > * *Return a byte array only containing up-to size parameter when InputStream > is larger than size parameter. No exception is thrown*. > What is the actual intention of the method? What the javadoc says, or what > the implementation is currently doing? > > {code:java} > /** > * Gets the contents of an InputStream as a byte[]. > * Use this method instead of toByteArray(InputStream) > * when InputStream size is known > * > * @param input the InputStream to read from > * @param size the size of InputStream > * @return the requested byte array > * @throws IOException if an I/O error occurs or > InputStream size differ from parameter > * size > * @throws IllegalArgumentException if size is less than zero > * @since 2.1 > */ > public static byte[] toByteArray(final InputStream input, final int size) > throws IOException {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (IO-697) IOUtils.toByteArray size validation does not match documenation.
[ https://issues.apache.org/jira/browse/IO-697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno P. Kinoshita updated IO-697: -- Fix Version/s: 2.12.0 > IOUtils.toByteArray size validation does not match documenation. > > > Key: IO-697 > URL: https://issues.apache.org/jira/browse/IO-697 > Project: Commons IO > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: scottyg >Priority: Major > Fix For: 2.12.0 > > > According to the javadoc, "throws IOException ... or InputStream size differ > from parameter size. > I read that as the passed in parameter size must exactly match the length of > data represented by the InputStream. However, the current implementation will: > * Throw an exception if size parameter is larger than the InputStream > * Work as expected if size parameter matches size of InputStream > * *Return a byte array only containing up-to size parameter when InputStream > is larger than size parameter. No exception is thrown*. > What is the actual intention of the method? What the javadoc says, or what > the implementation is currently doing? > > {code:java} > /** > * Gets the contents of an InputStream as a byte[]. > * Use this method instead of toByteArray(InputStream) > * when InputStream size is known > * > * @param input the InputStream to read from > * @param size the size of InputStream > * @return the requested byte array > * @throws IOException if an I/O error occurs or > InputStream size differ from parameter > * size > * @throws IllegalArgumentException if size is less than zero > * @since 2.1 > */ > public static byte[] toByteArray(final InputStream input, final int size) > throws IOException {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [commons-io] kinow commented on pull request #336: FIX #io-697
kinow commented on pull request #336: URL: https://github.com/apache/commons-io/pull/336#issuecomment-1079451765 Thanks a lot for the initial PR and for the patience to work through the javadoc issues @richarda23 . I rebased the branch, squashed the commits down to a single commit, updated the commit message to include the JIRA issue, added the entry in `changes.xml` and merged locally. Finally, pushed to `master` :+1: JIRA Issue updated as well. Merged, fixed. Thanks @richarda23 !! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] kinow closed pull request #336: FIX #io-697
kinow closed pull request #336: URL: https://github.com/apache/commons-io/pull/336 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-codec] kinow merged pull request #119: Bump actions/cache from 2.1.7 to 3
kinow merged pull request #119: URL: https://github.com/apache/commons-codec/pull/119 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] kinow merged pull request #169: Bump actions/cache from 2.1.7 to 3
kinow merged pull request #169: URL: https://github.com/apache/commons-configuration/pull/169 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] richarda23 commented on pull request #336: FIX #io-697
richarda23 commented on pull request #336: URL: https://github.com/apache/commons-io/pull/336#issuecomment-1079418908 ok, sorry, made some heavy weather on this. all ok now -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] kinow commented on pull request #336: FIX #io-697
kinow commented on pull request #336: URL: https://github.com/apache/commons-io/pull/336#issuecomment-1079406229 Almost there! I'm re-running a failed macos job in GH actions, to see if it was some glitch in the macos build or if there's still something missing here. :+1: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] closed pull request #72: Bump actions/cache from 2.1.4 to 2.1.7
dependabot[bot] closed pull request #72: URL: https://github.com/apache/commons-rdf/pull/72 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] commented on pull request #72: Bump actions/cache from 2.1.4 to 2.1.7
dependabot[bot] commented on pull request #72: URL: https://github.com/apache/commons-rdf/pull/72#issuecomment-1079358439 Superseded by #77. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] opened a new pull request #77: Bump actions/cache from 2.1.4 to 3
dependabot[bot] opened a new pull request #77: URL: https://github.com/apache/commons-rdf/pull/77 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.4 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. v2.1.7 Support 10GB cache upload using the latest version 1.0.8 of https://www.npmjs.com/package/@actions/cache;>@actions/cache v2.1.6 Catch unhandled bad file descriptor errors that sometimes occurs when the cache server returns non-successful response (https://github-redirect.dependabot.com/actions/cache/pull/596;>actions/cache#596) v2.1.5 Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (https://github-redirect.dependabot.com/actions/cache/issues/527;>actions/cache#527) Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.4...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.4=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for
[GitHub] [commons-bcel] dependabot[bot] opened a new pull request #119: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #119: URL: https://github.com/apache/commons-bcel/pull/119 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-fileupload] dependabot[bot] opened a new pull request #141: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #141: URL: https://github.com/apache/commons-fileupload/pull/141 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[GitHub] [commons-daemon] garydgregory merged pull request #41: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #41: URL: https://github.com/apache/commons-daemon/pull/41 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jcs] garydgregory merged pull request #86: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #86: URL: https://github.com/apache/commons-jcs/pull/86 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-daemon] dependabot[bot] opened a new pull request #41: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #41: URL: https://github.com/apache/commons-daemon/pull/41 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-cli] garydgregory merged pull request #98: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
garydgregory merged pull request #98: URL: https://github.com/apache/commons-cli/pull/98 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-cli] garydgregory merged pull request #97: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #97: URL: https://github.com/apache/commons-cli/pull/97 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #66: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
garydgregory merged pull request #66: URL: https://github.com/apache/commons-build-plugin/pull/66 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #65: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #65: URL: https://github.com/apache/commons-build-plugin/pull/65 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] garydgregory merged pull request #867: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #867: URL: https://github.com/apache/commons-lang/pull/867 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (RNG-173) BaseProvider state filling procedure can be improved
Alex Herbert created RNG-173: Summary: BaseProvider state filling procedure can be improved Key: RNG-173 URL: https://issues.apache.org/jira/browse/RNG-173 Project: Commons RNG Issue Type: Improvement Reporter: Alex Herbert The BaseProvider has a method to fill in remaining state if the input seed is too short. The fill uses existing seed values to fill the remaining. The next state is created using: {code:java} long n = state[i - seed.length]; state[i] = 1812433253L * (n ^ (n >> 30)) + i{code} If the existing state is zero then the new state is i. When the input seed has no length then the filled state is a natural sequence. Here is a state of 10 filled from empty seeds of length 0 to 5: {noformat} 0: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] 1: [0, 1, 1812433255, 3284914298392595265, 6102061520201954364, -3308799481182342998, -3869692221293809580, -7101959917617921332, 7986832403292652032, 8936067391732911773] 2: [0, 0, 2, 3, 3624866510, 5437299764, 6569828598597623783, -8592001180344199076, 1136775338421644002, 8717367692712810396] 3: [0, 0, 0, 3, 4, 5, 5437299765, 7249733019, 9062166273, -8592001182156632327] 4: [0, 0, 0, 0, 4, 5, 6, 7, 7249733020, 9062166274] 5: [0, 0, 0, 0, 0, 5, 6, 7, 8, 9] {noformat} When the seed is zero length or close to half the length of the desired state and all zeros then the output state has a low number of non-zero bits. Note: This has little impact when using the Commons RNG simple module to create a generator. The seed is produced to the correct length using a high quality random source. A second issue is that the method to fill the state is an instance method. Since it uses no state it could be a static method. I would suggest a method to convert a seed to the correct length: {code:java} protected static long[] ensureSeedLength(long[] seed, int length); {code} This would allow classes that implement the following pattern: {code:java} MyRNG(long[] seed) { if (seed.length < SEED_SIZE) { final long[] state = new long[SEED_SIZE]; fillState(state, seed); setState(state); } else { setState(seed); } } {code} To simplify to: {code:java} MyRNG(long[] seed) { setState(ensureSeedLength(seed, SEED_SIZE)); }{code} h2. Compatibility The user guide states: {noformat} upon initialization, the underlying generation algorithm - may not use all the information contents of the seed, - may use a procedure (using the given seed as input) for further filling its internal state (in order to avoid a too uniform initial state). In both cases, the behavior is not standard but should not change between releases of the library (bugs notwithstanding).{noformat} Since behaviour *should not change* it would rule out changes for existing classes. New classes could use the new static version to fill state. I would suggest providing a new method to ensure the input seed is a minimum length. If the method seeds a SplitMix64 style generator with the first value of the input seed (or zero if the seed length is zero) then the filled state will be high quality. This type of generator only outputs zero once during the period and so any seed length can be ensured to be non zero when it has been expanded. An input seed of entirely zero values would be passed through unchanged. This is the default *user beware* behaviour for full length zero seeds. A 32-bit variant can be created using a similar hashing function that outputs only a single 0 in the period, for example MurmurHash3's 32-bit finaliser function. An example implementation for long values is: {code:java} private static final long GOLDEN_RATIO = 0x9e3779b97f4a7c15L protected static long[] ensureSeedLength(long[] seed, int length) { if (seed.length < length) { final long[] s = Arrays.copyOf(seed, length); // Fill the rest as if using a SplitMix64 RNG long x = s[0]; for (int i = seed.length; i < length; i++) { s[i] = stafford13(x += GOLDEN_RATIO); } return s; } return seed; } private static long stafford13(long x) { x = (x ^ (x >>> 30)) * 0xbf58476d1ce4e5b9L; x = (x ^ (x >>> 27)) * 0x94d049bb133111ebL; return x ^ (x >>> 31); } {code} A 32-bit mix function for Murmur32 is: {code:java} private static int murmur32(int x) { x = (x ^ (x >>> 16)) * 0x85ebca6b; x = (x ^ (x >>> 13)) * 0xc2b2ae35; return x ^ (x >>> 16); }{code} -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [commons-lang] garydgregory commented on a change in pull request #866: Refactoring the code
garydgregory commented on a change in pull request #866: URL: https://github.com/apache/commons-lang/pull/866#discussion_r835392915 ## File path: src/main/java/org/apache/commons/lang3/StringEscapeUtils.java ## @@ -372,49 +333,6 @@ public int translate(final CharSequence input, final int index, final Writer out new NumericEntityUnescaper() ); -/** - * Translator object for unescaping escaped Comma Separated Value entries. - * - * While {@link #unescapeCsv(String)} is the expected method of use, this - * object allows the CSV unescaping functionality to be used - * as the foundation for a custom translator. - * - * @since 3.0 - */ -public static final CharSequenceTranslator UNESCAPE_CSV = new CsvUnescaper(); - -static class CsvUnescaper extends CharSequenceTranslator { Review comment: This is a big -1. You cannot break binary compatibility. Run 'mvn' and watch for build failures. ## File path: src/main/java/org/apache/commons/lang3/CSVEscapeUtils.java ## @@ -0,0 +1,44 @@ +package org.apache.commons.lang3; Review comment: This is confusing IMO, we already have an Apache Commons CSV component, we should not mix in public CSV code in Lang IMO. If this is absolutely needed it should be package-private but I am doubtful. ## File path: src/main/java/org/apache/commons/lang3/CSVEscapeUtils.java ## @@ -0,0 +1,44 @@ +package org.apache.commons.lang3; + +import org.apache.commons.lang3.text.translate.CharSequenceTranslator; + +import java.io.IOException; +import java.io.Writer; + +public class CSVEscapeUtils extends CharSequenceTranslator { Review comment: This is confusing IMO, we already have an Apache Commons CSV component, we should not mix in public CSV code in Lang IMO. If this is absolutely needed it should be package-private but I am doubtful. ## File path: src/main/java/org/apache/commons/lang3/BooleanUtils.java ## @@ -681,13 +681,13 @@ public static Boolean toBooleanObject(final String str) { case 1: { final char ch0 = str.charAt(0); if (ch0 == 'y' || ch0 == 'Y' || -ch0 == 't' || ch0 == 'T' || -ch0 == '1') { +ch0 == 't' || ch0 == 'T' || +ch0 == '1') { Review comment: I agree with @kinow -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] dependabot[bot] opened a new pull request #868: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #868: URL: https://github.com/apache/commons-lang/pull/868 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any
[GitHub] [commons-dbutils] garydgregory merged pull request #109: Bump actions/cache from 2 to 3
garydgregory merged pull request #109: URL: https://github.com/apache/commons-dbutils/pull/109 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] dependabot[bot] commented on pull request #79: Bump maven-dependency-plugin from 3.2.0 to 3.3.0
dependabot[bot] commented on pull request #79: URL: https://github.com/apache/commons-logging/pull/79#issuecomment-1079140284 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] garydgregory closed pull request #79: Bump maven-dependency-plugin from 3.2.0 to 3.3.0
garydgregory closed pull request #79: URL: https://github.com/apache/commons-logging/pull/79 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] garydgregory merged pull request #78: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
garydgregory merged pull request #78: URL: https://github.com/apache/commons-logging/pull/78 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] garydgregory merged pull request #77: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #77: URL: https://github.com/apache/commons-logging/pull/77 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-net] dependabot[bot] commented on pull request #102: Bump actions/cache from 2.1.7 to 3
dependabot[bot] commented on pull request #102: URL: https://github.com/apache/commons-net/pull/102#issuecomment-1079135497 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-net] garydgregory closed pull request #102: Bump actions/cache from 2.1.7 to 3
garydgregory closed pull request #102: URL: https://github.com/apache/commons-net/pull/102 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory merged pull request #103: Bump maven-project-info-reports-plugin from 3.2.1 to 3.2.2
garydgregory merged pull request #103: URL: https://github.com/apache/commons-parent/pull/103 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory closed pull request #100: Bump spotbugs-maven-plugin from 4.5.2.0 to 4.5.3.0
garydgregory closed pull request #100: URL: https://github.com/apache/commons-parent/pull/100 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] dependabot[bot] commented on pull request #100: Bump spotbugs-maven-plugin from 4.5.2.0 to 4.5.3.0
dependabot[bot] commented on pull request #100: URL: https://github.com/apache/commons-parent/pull/100#issuecomment-1079132489 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory merged pull request #102: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #102: URL: https://github.com/apache/commons-parent/pull/102 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] dvmarcilio opened a new pull request #311: (doc) Add missing exception javadocs
dvmarcilio opened a new pull request #311: URL: https://github.com/apache/commons-text/pull/311 Hello! I found a few methods that could throw exceptions that were not documented in javadoc. I added the documentation and tests when applicable. Those that throw `StringIndexOutOfBoundsException` are quite tricky to express concisely, so I'm happy to change them if you suggest something else. By the way, I'm working on a tool that can identify exceptions that could be thrown in given methods. It can help identify missing documentation and provide some inputs to be used in tests. I could submit more pull requests if the project welcomes this kind of contribution. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory merged pull request #249: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #249: URL: https://github.com/apache/commons-vfs/pull/249 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory merged pull request #152: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
garydgregory merged pull request #152: URL: https://github.com/apache/commons-crypto/pull/152 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-codec] dependabot[bot] opened a new pull request #119: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #119: URL: https://github.com/apache/commons-codec/pull/119 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] dependabot[bot] opened a new pull request #867: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #867: URL: https://github.com/apache/commons-lang/pull/867 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory merged pull request #150: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #150: URL: https://github.com/apache/commons-crypto/pull/150 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-pool] garydgregory merged pull request #138: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #138: URL: https://github.com/apache/commons-pool/pull/138 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] dependabot[bot] commented on pull request #223: Bump actions/cache from 2.1.7 to 3
dependabot[bot] commented on pull request #223: URL: https://github.com/apache/commons-csv/pull/223#issuecomment-1079109259 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] garydgregory closed pull request #223: Bump actions/cache from 2.1.7 to 3
garydgregory closed pull request #223: URL: https://github.com/apache/commons-csv/pull/223 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-collections] garydgregory closed pull request #294: Bump actions/cache from 2.1.7 to 3
garydgregory closed pull request #294: URL: https://github.com/apache/commons-collections/pull/294 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-collections] dependabot[bot] commented on pull request #294: Bump actions/cache from 2.1.7 to 3
dependabot[bot] commented on pull request #294: URL: https://github.com/apache/commons-collections/pull/294#issuecomment-1079106056 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbcp] garydgregory merged pull request #177: Bump spotbugs from 4.5.3 to 4.6.0
garydgregory merged pull request #177: URL: https://github.com/apache/commons-dbcp/pull/177 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbcp] garydgregory merged pull request #176: Bump actions/cache from 2.1.7 to 3
garydgregory merged pull request #176: URL: https://github.com/apache/commons-dbcp/pull/176 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jexl] henrib merged pull request #83: Bump actions/cache from 2.1.7 to 3
henrib merged pull request #83: URL: https://github.com/apache/commons-jexl/pull/83 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MATH-1641) GSoC 2022
[ https://issues.apache.org/jira/browse/MATH-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17512361#comment-17512361 ] Yusuf Karadag commented on MATH-1641: - Got it, thanks! (y) > GSoC 2022 > - > > Key: MATH-1641 > URL: https://issues.apache.org/jira/browse/MATH-1641 > Project: Commons Math > Issue Type: Wish >Reporter: Gilles Sadowski >Priority: Minor > Labels: gsoc, gsoc2022 > > Placeholder for tasks that could be undertaken in this year's > [GSoC|https://summerofcode.withgoogle.com/]. > Ideas (extracted from the ["dev" > ML|https://markmail.org/message/2qckwxw2x4ue36sd]): > # Redesign and modularize the "ml" package > -> main goal: enable multi-thread usage. > # Abstract the linear algebra utilities > -> main goal: allow switching to alternative implementations. > # Redesign and modularize the "random" package > -> main goal: general support of low-discrepancy sequences. > # Refactor and modularize the "special" package > -> main goals: ensure accuracy and performance and better API, > add other functions. > # Upgrade the test suite to [Junit 5|https://junit.org/junit5/] > -> additional goal: collect a list of "odd" expectations. > Other suggestions welcome, as well as > * delineating additional and/or intermediate goals, > * signalling potential pitfalls and/or alternative approaches to the > intended goal(s). -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [commons-collections] codecov-commenter edited a comment on pull request #294: Bump actions/cache from 2.1.7 to 3
codecov-commenter edited a comment on pull request #294: URL: https://github.com/apache/commons-collections/pull/294#issuecomment-1078962689 # [Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) Report > Merging [#294](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (92c6665) into [master](https://codecov.io/gh/apache/commons-collections/commit/b4edfcc866170e01889f20b1fb9944d9ccfc7c28?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (b4edfcc) will **increase** coverage by `0.05%`. > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## master #294 +/- ## + Coverage 85.77% 85.82% +0.05% - Complexity 4672 4674 +2 Files 292 292 Lines 1347213472 Branches 1955 1955 + Hits 1155511562 +7 + Misses 1334 1330 -4 + Partials583 580 -3 ``` | [Impacted Files](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) | Coverage Δ | | |---|---|---| | [...commons/collections4/map/AbstractReferenceMap.java](https://codecov.io/gh/apache/commons-collections/pull/294/diff?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvY29sbGVjdGlvbnM0L21hcC9BYnN0cmFjdFJlZmVyZW5jZU1hcC5qYXZh) | `88.23% <0.00%> (+2.57%)` | :arrow_up: | -- [Continue to review full report at Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=footer_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). Last update [b4edfcc...92c6665](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=lastupdated_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-collections] codecov-commenter commented on pull request #294: Bump actions/cache from 2.1.7 to 3
codecov-commenter commented on pull request #294: URL: https://github.com/apache/commons-collections/pull/294#issuecomment-1078962689 # [Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) Report > Merging [#294](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (92c6665) into [master](https://codecov.io/gh/apache/commons-collections/commit/b4edfcc866170e01889f20b1fb9944d9ccfc7c28?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (b4edfcc) will **increase** coverage by `0.05%`. > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## master #294 +/- ## + Coverage 85.77% 85.82% +0.05% - Complexity 4672 4674 +2 Files 292 292 Lines 1347213472 Branches 1955 1955 + Hits 1155511562 +7 + Misses 1334 1330 -4 + Partials583 580 -3 ``` | [Impacted Files](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) | Coverage Δ | | |---|---|---| | [...commons/collections4/map/AbstractReferenceMap.java](https://codecov.io/gh/apache/commons-collections/pull/294/diff?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvY29sbGVjdGlvbnM0L21hcC9BYnN0cmFjdFJlZmVyZW5jZU1hcC5qYXZh) | `88.23% <0.00%> (+2.57%)` | :arrow_up: | -- [Continue to review full report at Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=footer_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). Last update [b4edfcc...92c6665](https://codecov.io/gh/apache/commons-collections/pull/294?src=pr=lastupdated_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jexl] dependabot[bot] opened a new pull request #83: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #83: URL: https://github.com/apache/commons-jexl/pull/83 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-collections] dependabot[bot] opened a new pull request #294: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #294: URL: https://github.com/apache/commons-collections/pull/294 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] coveralls commented on pull request #152: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
coveralls commented on pull request #152: URL: https://github.com/apache/commons-crypto/pull/152#issuecomment-1078955102 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] coveralls edited a comment on pull request #152: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
coveralls edited a comment on pull request #152: URL: https://github.com/apache/commons-crypto/pull/152#issuecomment-1078955102 [![Coverage Status](https://coveralls.io/builds/47692407/badge)](https://coveralls.io/builds/47692407) Coverage remained the same at 83.636% when pulling **668fb80c5a78de56ac5683e782abb083aba9fbd8 on dependabot/maven/com.github.spotbugs-spotbugs-maven-plugin-4.6.0.0** into **bcdf2e100b27994c1f1329d8b8cdeb14626291b1 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] coveralls commented on pull request #151: Bump jaxb-impl from 2.3.6 to 3.0.2
coveralls commented on pull request #151: URL: https://github.com/apache/commons-crypto/pull/151#issuecomment-1078951772 [![Coverage Status](https://coveralls.io/builds/47692342/badge)](https://coveralls.io/builds/47692342) Coverage remained the same at 83.636% when pulling **c4a7d611f36d8f5bc2020e7c92018478bc97613b on dependabot/maven/com.sun.xml.bind-jaxb-impl-3.0.2** into **bcdf2e100b27994c1f1329d8b8cdeb14626291b1 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] coveralls edited a comment on pull request #151: Bump jaxb-impl from 2.3.6 to 3.0.2
coveralls edited a comment on pull request #151: URL: https://github.com/apache/commons-crypto/pull/151#issuecomment-1078951772 [![Coverage Status](https://coveralls.io/builds/47692342/badge)](https://coveralls.io/builds/47692342) Coverage remained the same at 83.636% when pulling **c4a7d611f36d8f5bc2020e7c92018478bc97613b on dependabot/maven/com.sun.xml.bind-jaxb-impl-3.0.2** into **bcdf2e100b27994c1f1329d8b8cdeb14626291b1 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] dependabot[bot] opened a new pull request #152: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #152: URL: https://github.com/apache/commons-crypto/pull/152 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating
[GitHub] [commons-crypto] coveralls edited a comment on pull request #150: Bump actions/cache from 2.1.7 to 3
coveralls edited a comment on pull request #150: URL: https://github.com/apache/commons-crypto/pull/150#issuecomment-1078936210 [![Coverage Status](https://coveralls.io/builds/47691994/badge)](https://coveralls.io/builds/47691994) Coverage remained the same at 83.636% when pulling **b6524d278d07f14f19028263209b81e3b10f9108 on dependabot/github_actions/actions/cache-3** into **bcdf2e100b27994c1f1329d8b8cdeb14626291b1 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] coveralls commented on pull request #150: Bump actions/cache from 2.1.7 to 3
coveralls commented on pull request #150: URL: https://github.com/apache/commons-crypto/pull/150#issuecomment-1078936210 [![Coverage Status](https://coveralls.io/builds/47691994/badge)](https://coveralls.io/builds/47691994) Coverage remained the same at 83.636% when pulling **b6524d278d07f14f19028263209b81e3b10f9108 on dependabot/github_actions/actions/cache-3** into **bcdf2e100b27994c1f1329d8b8cdeb14626291b1 on master**. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] dependabot[bot] opened a new pull request #151: Bump jaxb-impl from 2.3.6 to 3.0.2
dependabot[bot] opened a new pull request #151: URL: https://github.com/apache/commons-crypto/pull/151 Bumps jaxb-impl from 2.3.6 to 3.0.2. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.sun.xml.bind:jaxb-impl=maven=2.3.6=3.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] dependabot[bot] opened a new pull request #103: Bump maven-project-info-reports-plugin from 3.2.1 to 3.2.2
dependabot[bot] opened a new pull request #103: URL: https://github.com/apache/commons-parent/pull/103 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.2.1 to 3.2.2. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/ca84755a9d1f58f6bd39e70457fb0d36ce3755c4;>ca84755 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.2.2 https://github.com/apache/maven-project-info-reports-plugin/commit/d28e98b8cfedbe179a1017d1a221871919841415;>d28e98b [MPIR-413] Plugin repositories defined in project are not used by plugin mana... https://github.com/apache/maven-project-info-reports-plugin/commit/99bfaef54bbff120317a7adfb7ca9cf0f883075c;>99bfaef [MPIR-414] Upgrade Maven Reporting API/Impl to 3.1.0 https://github.com/apache/maven-project-info-reports-plugin/commit/d1bd10325e2cddf1cdf41f799d1407282006e067;>d1bd103 Upgrade Maven Site Plugin for IT to 3.11.0 https://github.com/apache/maven-project-info-reports-plugin/commit/547314f7cd71bad658ecad07a8195e8bd5e5dbcc;>547314f Replace usage of deprecated expressions https://github.com/apache/maven-project-info-reports-plugin/commit/517662c10b1e817a91c11f8433f3c832f5ad1601;>517662c [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.2.1...maven-project-info-reports-plugin-3.2.2;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.2.1=3.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] dependabot[bot] opened a new pull request #150: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #150: URL: https://github.com/apache/commons-crypto/pull/150 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bsf] dependabot[bot] closed pull request #17: Bump actions/cache from 2 to 2.1.5
dependabot[bot] closed pull request #17: URL: https://github.com/apache/commons-bsf/pull/17 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bsf] dependabot[bot] opened a new pull request #39: Bump actions/cache from 2 to 3
dependabot[bot] opened a new pull request #39: URL: https://github.com/apache/commons-bsf/pull/39 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. v2.1.7 Support 10GB cache upload using the latest version 1.0.8 of https://www.npmjs.com/package/@actions/cache;>@actions/cache v2.1.6 Catch unhandled bad file descriptor errors that sometimes occurs when the cache server returns non-successful response (https://github-redirect.dependabot.com/actions/cache/pull/596;>actions/cache#596) v2.1.5 Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (https://github-redirect.dependabot.com/actions/cache/issues/527;>actions/cache#527) v2.1.4 Make caching more verbose https://github-redirect.dependabot.com/actions/toolkit/pull/650;>#650 Use GNU tar on macOS if available https://github-redirect.dependabot.com/actions/toolkit/pull/701;>#701 v2.1.3 Upgrades @actions/core to v1.2.6 for https://github.com/advisories/GHSA-mfwh-5m23-j46w;>CVE-2020-15228. This action was not using the affected methods. Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly v2.1.2 Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds No-op when executing on GHES v2.1.1 Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files. v2.1.0 Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently Display download progress and speed Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot
[GitHub] [commons-parent] dependabot[bot] opened a new pull request #102: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #102: URL: https://github.com/apache/commons-parent/pull/102 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] dependabot[bot] opened a new pull request #249: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #249: URL: https://github.com/apache/commons-vfs/pull/249 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (TEXT-215) NumericEntityUnescaper may miss decimal entity
[ https://issues.apache.org/jira/browse/TEXT-215?focusedWorklogId=747716=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-747716 ] ASF GitHub Bot logged work on TEXT-215: --- Author: ASF GitHub Bot Created on: 25/Mar/22 10:41 Start Date: 25/Mar/22 10:41 Worklog Time Spent: 10m Work Description: rbunel35 commented on pull request #310: URL: https://github.com/apache/commons-text/pull/310#issuecomment-1078891164 Thank you very much ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 747716) Time Spent: 0.5h (was: 20m) > NumericEntityUnescaper may miss decimal entity > -- > > Key: TEXT-215 > URL: https://issues.apache.org/jira/browse/TEXT-215 > Project: Commons Text > Issue Type: Bug >Affects Versions: 1.0 >Reporter: Richard Bunel >Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > *Description:* > A security breach can be used in the NumericEntityUnescaper through the use > of decimal character entities. > At > [line|https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117] > 117 a string of hexadecimal characters are searched, whether or not the > entity is an hexadecimal one. > Therefore, if the "semiColonOptional" option is enabled and a deicmal entity > without semi-colon is immediately followed by one or several letters from A > to E, these letters will be caught. The Integer parsing with a radix at 10 > will then fail and the whole entity will be ignored. > *Example:* > If one uses the following string: > {code:java} > {code} > The sequence identifying the entity will wrongly be
[GitHub] [commons-text] rbunel35 commented on pull request #310: TEXT-215: Prevent decimal numeric entities from wrongly including hexadecimal characters
rbunel35 commented on pull request #310: URL: https://github.com/apache/commons-text/pull/310#issuecomment-1078891164 Thank you very much ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] dependabot[bot] opened a new pull request #79: Bump maven-dependency-plugin from 3.2.0 to 3.3.0
dependabot[bot] opened a new pull request #79: URL: https://github.com/apache/commons-logging/pull/79 Bumps [maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.2.0 to 3.3.0. Commits https://github.com/apache/maven-dependency-plugin/commit/e52bc0248c00dbf5458a0ce080db260148dab4b9;>e52bc02 [maven-release-plugin] prepare release maven-dependency-plugin-3.3.0 https://github.com/apache/maven-dependency-plugin/commit/0ec0a522e29e740cd8b92da0382c589f3078218e;>0ec0a52 Fix Jenkins url https://github.com/apache/maven-dependency-plugin/commit/77e42ca2b80d42c8ac6195a1a16595ff0a11e8c0;>77e42ca [MDEP-796] Upgrade Maven Parent to 35 https://github.com/apache/maven-dependency-plugin/commit/78976c03b6afd8d28ff5cf82511888904cd645b0;>78976c0 [MDEP-795] Update Jetty to 9.4.45.v20220203 (https://github-redirect.dependabot.com/apache/maven-dependency-plugin/issues/202;>#202) https://github.com/apache/maven-dependency-plugin/commit/a8d4690acefc0d5ac67b6c1d7796802776d8d715;>a8d4690 [MDEP-788] Upgrade maven-reporting-impl to version 3.1.0 https://github.com/apache/maven-dependency-plugin/commit/25ca8338e6af4f121d7d377ccfdd5ada4d4f4410;>25ca833 (doc) Update link to Github PR docs https://github.com/apache/maven-dependency-plugin/commit/76d59f0ffe8ab02757cb9c9d131004b6145a7ceb;>76d59f0 [MDEP-789] Improve documentation of analyze - Non-test scoped https://github.com/apache/maven-dependency-plugin/commit/b66d2b2e9cf81ce865fcd362ec48b3dfdb1b5548;>b66d2b2 Bump mockito-core from 4.2.0 to 4.3.1 https://github.com/apache/maven-dependency-plugin/commit/b057234aec8b3da4001ae5fa94791dde1a73278f;>b057234 Bump slf4j-simple from 1.7.32 to 1.7.36 https://github.com/apache/maven-dependency-plugin/commit/f64d4f7f9fcb59769e5587b7ef9dd2300cda205e;>f64d4f7 [MDEP-787] allow ignoring non-test-scoped dependencies Additional commits viewable in https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.2.0...maven-dependency-plugin-3.3.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-dependency-plugin=maven=3.2.0=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] dependabot[bot] opened a new pull request #78: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #78: URL: https://github.com/apache/commons-logging/pull/78 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any
[jira] [Work logged] (TEXT-215) NumericEntityUnescaper may miss decimal entity
[ https://issues.apache.org/jira/browse/TEXT-215?focusedWorklogId=747707=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-747707 ] ASF GitHub Bot logged work on TEXT-215: --- Author: ASF GitHub Bot Created on: 25/Mar/22 10:22 Start Date: 25/Mar/22 10:22 Worklog Time Spent: 10m Work Description: rbunel35 edited a comment on pull request #310: URL: https://github.com/apache/commons-text/pull/310#issuecomment-1078860610 Hi @kinow ! Thanks for the quick review. I just added a unit test for the "semiColonOptional" option which asserts the unescaping is working for both hexadecimal and decimal entities, with and without semi-colon. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 747707) Time Spent: 20m (was: 10m) > NumericEntityUnescaper may miss decimal entity > -- > > Key: TEXT-215 > URL: https://issues.apache.org/jira/browse/TEXT-215 > Project: Commons Text > Issue Type: Bug >Affects Versions: 1.0 >Reporter: Richard Bunel >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > *Description:* > A security breach can be used in the NumericEntityUnescaper through the use > of decimal character entities. > At > [line|https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117] > 117 a string of hexadecimal characters are searched, whether or not the > entity is an hexadecimal one. > Therefore, if the "semiColonOptional" option is enabled and a deicmal entity > without semi-colon is immediately followed by one or several letters from A > to E, these letters will be caught. The Integer parsing with a radix at 10 > will then fail and the whole entity will be ignored. > *Example:* > If one uses the following string: > {code:java} > {code} > The sequence identifying the entity will wrongly be
[GitHub] [commons-text] rbunel35 edited a comment on pull request #310: TEXT-215: Prevent decimal numeric entities from wrongly including hexadecimal characters
rbunel35 edited a comment on pull request #310: URL: https://github.com/apache/commons-text/pull/310#issuecomment-1078860610 Hi @kinow ! Thanks for the quick review. I just added a unit test for the "semiColonOptional" option which asserts the unescaping is working for both hexadecimal and decimal entities, with and without semi-colon. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbutils] dependabot[bot] closed pull request #102: Bump spotbugs-maven-plugin from 4.4.2 to 4.5.3.0
dependabot[bot] closed pull request #102: URL: https://github.com/apache/commons-dbutils/pull/102 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbutils] dependabot[bot] opened a new pull request #110: Bump spotbugs-maven-plugin from 4.4.2 to 4.6.0.0
dependabot[bot] opened a new pull request #110: URL: https://github.com/apache/commons-dbutils/pull/110 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.4.2 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Spotbugs-maven-plugin 4.5.3.0 Support spotbugs maven plugin 4.5.3.0 Make maven scoped dependencies provided scope Spotbugs-maven-plugin 4.5.2.0 Support spotbugs 4.5.2 Fix deprecations from spotbugs 4.5.0 Spotbugs-maven-plugin 4.5.0.0 support for spotbugs 4.5.0 Spotbugs-maven-plugin 4.4.2.2 Use new base-parent pom with removal of undocumented maven url attributes that cause issues for users of older jfrog artifactory installations. Spotbugs-maven-plugin 4.4.2.1 Release Reworked version string to account for any patches we need to make to plugin that would otherwise case a diverge from spotbugs or require us to wait. This is similar to how other plugins approach this such as lombok. The first 3 positions are reserved for the alignment with spotbugs. The last position is for our patch revision level. Normally this would be '0' but given we released 4.4.2 already, it made sense to denote '1' so that it was clear there was a difference. This patch release addresses issues with resolution of the maven dependencies that resulted in a few regression libraries that had vulnerabilities. This patch further changed lowest maven from 3.2.5 to 3.3.9 but reality is that even 3.3.9 likely doesn't work. Since all maven before 3.8.1 are vulnerable, most should be there. If not, let us know. Future releases will raise that revision number up. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.4.2...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.4.2=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
[GitHub] [commons-release-plugin] kinow merged pull request #105: Bump actions/cache from 2.1.7 to 3
kinow merged pull request #105: URL: https://github.com/apache/commons-release-plugin/pull/105 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] kinow commented on a change in pull request #866: Refactoring the code
kinow commented on a change in pull request #866: URL: https://github.com/apache/commons-lang/pull/866#discussion_r835073116 ## File path: src/main/java/org/apache/commons/lang3/CSVEscapeUtils.java ## @@ -0,0 +1,44 @@ +package org.apache.commons.lang3; Review comment: Every file in Lang must include a license header. ## File path: src/main/java/org/apache/commons/lang3/BooleanUtils.java ## @@ -681,13 +681,13 @@ public static Boolean toBooleanObject(final String str) { case 1: { final char ch0 = str.charAt(0); if (ch0 == 'y' || ch0 == 'Y' || -ch0 == 't' || ch0 == 'T' || -ch0 == '1') { +ch0 == 't' || ch0 == 'T' || +ch0 == '1') { Review comment: I think this is just cosmetic, not really fixing an issue. Changes like this make things harder to review. It's better to discuss with the developers of the project before changing code style. ## File path: src/main/java/org/apache/commons/lang3/BooleanUtils.java ## @@ -1132,4 +1132,4 @@ public static Boolean xor(final Boolean... array) { public BooleanUtils() { } -} +} Review comment: Missing newline. ## File path: src/main/java/org/apache/commons/lang3/time/GmtTimeZone.java ## @@ -31,6 +36,32 @@ private static final int MINUTES_PER_HOUR = 60; private static final int HOURS_PER_DAY = 24; +private static final TimeZone timezone = new GmtTimeZone(false,0,0); +private static final Pattern GMT_PATTERN1 = Pattern.compile("^(?:(?i)GMT)?([+-])?(\\d\\d?)?(:?(\\d\\d?))?$"); + +public static TimeZone fetchGmtTimeZone(final String pattern) { Review comment: Other methods in this class follow the get/set pattern. This `fetchGmt...` method is being called from `FastTimeZone#getGmtTimeZone`. So it could probably stay as `getGmt...`, I think. ## File path: src/main/java/org/apache/commons/lang3/exception/ContextedRuntimeException.java ## @@ -214,13 +214,13 @@ public Object getFirstContextValue(final String label) { return this.exceptionContext.getContextEntries(); } -/** - * {@inheritDoc} - */ -@Override -public Set getContextLabels() { -return exceptionContext.getContextLabels(); -} +///** +// * {@inheritDoc} +// */ +//@Override +//public Set getContextLabels() { +//return exceptionContext.getContextLabels(); +//} Review comment: It's hard to understand why this was commented out. This is also a public method. We cannot remove it without a major release - https://semver.org/ ## File path: src/main/java/org/apache/commons/lang3/time/FastTimeZone.java ## @@ -29,14 +29,14 @@ private static final Pattern GMT_PATTERN = Pattern.compile("^(?:(?i)GMT)?([+-])?(\\d\\d?)?(:?(\\d\\d?))?$"); -private static final TimeZone GREENWICH = new GmtTimeZone(false, 0, 0); +//private static TimeZone GREENWICH = Review comment: We tend to only leave comments that are intended to help other developers, or things that are almost-ready to be finished, for instance. This one could probably be removed. ## File path: src/main/java/org/apache/commons/lang3/time/FastTimeZone.java ## @@ -29,14 +29,14 @@ private static final Pattern GMT_PATTERN = Pattern.compile("^(?:(?i)GMT)?([+-])?(\\d\\d?)?(:?(\\d\\d?))?$"); -private static final TimeZone GREENWICH = new GmtTimeZone(false, 0, 0); +//private static TimeZone GREENWICH = /** * Gets the GMT TimeZone. * @return A TimeZone with a raw offset of zero. */ public static TimeZone getGmtTimeZone() { -return GREENWICH; +return new GmtTimeZone(false, 0, 0); Review comment: I believe the reason for the static object was to avoid instantiating a new object every time this method was called. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbutils] dependabot[bot] opened a new pull request #109: Bump actions/cache from 2 to 3
dependabot[bot] opened a new pull request #109: URL: https://github.com/apache/commons-dbutils/pull/109 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. v2.1.7 Support 10GB cache upload using the latest version 1.0.8 of https://www.npmjs.com/package/@actions/cache;>@actions/cache v2.1.6 Catch unhandled bad file descriptor errors that sometimes occurs when the cache server returns non-successful response (https://github-redirect.dependabot.com/actions/cache/pull/596;>actions/cache#596) v2.1.5 Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (https://github-redirect.dependabot.com/actions/cache/issues/527;>actions/cache#527) v2.1.4 Make caching more verbose https://github-redirect.dependabot.com/actions/toolkit/pull/650;>#650 Use GNU tar on macOS if available https://github-redirect.dependabot.com/actions/toolkit/pull/701;>#701 v2.1.3 Upgrades @actions/core to v1.2.6 for https://github.com/advisories/GHSA-mfwh-5m23-j46w;>CVE-2020-15228. This action was not using the affected methods. Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly v2.1.2 Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds No-op when executing on GHES v2.1.1 Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files. v2.1.0 Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently Display download progress and speed Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger
[GitHub] [commons-release-plugin] dependabot[bot] opened a new pull request #105: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #105: URL: https://github.com/apache/commons-release-plugin/pull/105 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-cli] dependabot[bot] opened a new pull request #98: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #98: URL: https://github.com/apache/commons-cli/pull/98 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any
[jira] [Updated] (TEXT-215) NumericEntityUnescaper may miss decimal entity
[ https://issues.apache.org/jira/browse/TEXT-215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard Bunel updated TEXT-215: --- Description: *Description:* A security breach can be used in the NumericEntityUnescaper through the use of decimal character entities. At [line|https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117] 117 a string of hexadecimal characters are searched, whether or not the entity is an hexadecimal one. Therefore, if the "semiColonOptional" option is enabled and a deicmal entity without semi-colon is immediately followed by one or several letters from A to E, these letters will be caught. The Integer parsing with a radix at 10 will then fail and the whole entity will be ignored. *Example:* If one uses the following string: {code:java} {code} The sequence identifying the entity will wrongly be
[GitHub] [commons-cli] dependabot[bot] opened a new pull request #97: Bump actions/cache from 2.1.7 to 3
dependabot[bot] opened a new pull request #97: URL: https://github.com/apache/commons-cli/pull/97 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.0.0 This change adds a minimum runner version(node12 - node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect;>github connect or manually copying the repo to their GHES instance. Few dependencies and cache action usage examples have also been updated. Commits https://github.com/actions/cache/commit/4b0cf6cc4619e737324ddfcec08fff2413359514;>4b0cf6c Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/769;>#769 from actions/users/ashwinsangem/bump_major_version https://github.com/actions/cache/commit/60c606a2b4c5358e11c2ca7b4694e59049d008d1;>60c606a Update licensed files https://github.com/actions/cache/commit/b6e9a919a7da3606e9b2db756823ee1c39c7b48d;>b6e9a91 Revert Updated to the latest version. https://github.com/actions/cache/commit/c8425035834f98c304ecf92f5d50f41d433885c1;>c842503 Updated to the latest version. https://github.com/actions/cache/commit/2b7da2a62c3af9fa2692cd8d2d117da76faf31ac;>2b7da2a Bumped up to a major version. https://github.com/actions/cache/commit/deae296ab340574da1ec86242984dfc91f0a7b81;>deae296 Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/651;>#651 from magnetikonline/fix-golang-windows-example https://github.com/actions/cache/commit/c7c46bcb6db3c571021a3a2dc2d2557b512ecace;>c7c46bc Merge pull request https://github-redirect.dependabot.com/actions/cache/issues/707;>#707 from duxtland/main https://github.com/actions/cache/commit/6535c5fb5fe2870754afba7bd4e514867ac9cb98;>6535c5f Regenerated examples.md TOC https://github.com/actions/cache/commit/3fdafa472e0db16435add384585aa138ffdd16d3;>3fdafa4 Update GitHub Actions status badge markdown in README.md https://github.com/actions/cache/commit/341e6d75d9826beb2fa659263d862f6aec63a064;>341e6d7 Merge branch 'actions:main' into fix-golang-windows-example Additional commits viewable in https://github.com/actions/cache/compare/v2.1.7...v3;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=2.1.7=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (TEXT-215) NumericEntityUnescaper may miss decimal entity
[ https://issues.apache.org/jira/browse/TEXT-215?focusedWorklogId=747633=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-747633 ] ASF GitHub Bot logged work on TEXT-215: --- Author: ASF GitHub Bot Created on: 25/Mar/22 06:58 Start Date: 25/Mar/22 06:58 Worklog Time Spent: 10m Work Description: rbunel35 opened a new pull request #310: URL: https://github.com/apache/commons-text/pull/310 Hello, This a quick bugfix on the NumericEntityUnescaper. The bug allows decimal characters entities without semi-colon and followed by a letter from A to E to be ignored by the translator. A full description of the problem is found in the ticket: https://issues.apache.org/jira/browse/TEXT-215 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 747633) Remaining Estimate: 0h Time Spent: 10m > NumericEntityUnescaper may miss decimal entity > -- > > Key: TEXT-215 > URL: https://issues.apache.org/jira/browse/TEXT-215 > Project: Commons Text > Issue Type: Bug >Affects Versions: 1.0 >Reporter: Richard Bunel >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > *Description:* > A security breach can be used in the NumericEntityUnescaper through the use > of decimal character entities. > At [line > 117|[https://github.com/opendigitaleducation/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117],] > a string of hexadecimal characters are searched, whether or not the entity > is an hexadecimal one. > Therefore, if the "semiColonOptional" option is enabled and a deicmal entity > without semi-colon is immediately followed by one or several letters from A > to E, these letters will be caught. The Integer parsing with a radix at 10 > will then fail and the whole entity will be ignored. > *Example:* > If one uses the following string: > {code:java} > {code} > The sequence identifying the entity will wrongly be
[jira] [Updated] (TEXT-215) NumericEntityUnescaper may miss decimal entity
[ https://issues.apache.org/jira/browse/TEXT-215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard Bunel updated TEXT-215: --- External issue URL: https://github.com/apache/commons-text/pull/310 > NumericEntityUnescaper may miss decimal entity > -- > > Key: TEXT-215 > URL: https://issues.apache.org/jira/browse/TEXT-215 > Project: Commons Text > Issue Type: Bug >Affects Versions: 1.0 >Reporter: Richard Bunel >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > *Description:* > A security breach can be used in the NumericEntityUnescaper through the use > of decimal character entities. > At [line > 117|[https://github.com/opendigitaleducation/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117],] > a string of hexadecimal characters are searched, whether or not the entity > is an hexadecimal one. > Therefore, if the "semiColonOptional" option is enabled and a deicmal entity > without semi-colon is immediately followed by one or several letters from A > to E, these letters will be caught. The Integer parsing with a radix at 10 > will then fail and the whole entity will be ignored. > *Example:* > If one uses the following string: > {code:java} > {code} > The sequence identifying the entity will wrongly be
[GitHub] [commons-text] rbunel35 opened a new pull request #310: TEXT-215: Prevent decimal numeric entities from wrongly including hexadecimal characters
rbunel35 opened a new pull request #310: URL: https://github.com/apache/commons-text/pull/310 Hello, This a quick bugfix on the NumericEntityUnescaper. The bug allows decimal characters entities without semi-colon and followed by a letter from A to E to be ignored by the translator. A full description of the problem is found in the ticket: https://issues.apache.org/jira/browse/TEXT-215 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (TEXT-215) NumericEntityUnescaper may miss decimal entity
Richard Bunel created TEXT-215: -- Summary: NumericEntityUnescaper may miss decimal entity Key: TEXT-215 URL: https://issues.apache.org/jira/browse/TEXT-215 Project: Commons Text Issue Type: Bug Affects Versions: 1.0 Reporter: Richard Bunel *Description:* A security breach can be used in the NumericEntityUnescaper through the use of decimal character entities. At [line 117|[https://github.com/opendigitaleducation/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L117],] a string of hexadecimal characters are searched, whether or not the entity is an hexadecimal one. Therefore, if the "semiColonOptional" option is enabled and a deicmal entity without semi-colon is immediately followed by one or several letters from A to E, these letters will be caught. The Integer parsing with a radix at 10 will then fail and the whole entity will be ignored. *Example:* If one uses the following string: {code:java} {code} The sequence identifying the entity will wrongly be
[GitHub] [commons-lang] shivambhojani opened a new pull request #866: Refactoring the code
shivambhojani opened a new pull request #866: URL: https://github.com/apache/commons-lang/pull/866 Hello, I am working on refactoring the project and found that few files could be refactored and used more efficiently. Refactoring is done in such a way that all the existing Unit test cases are passing without any issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] shivambhojani commented on pull request #865: Refactoring the files.
shivambhojani commented on pull request #865: URL: https://github.com/apache/commons-lang/pull/865#issuecomment-1078709719 Will be raising new one after one more commit -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] shivambhojani closed pull request #865: Refactoring the files.
shivambhojani closed pull request #865: URL: https://github.com/apache/commons-lang/pull/865 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] dependabot[bot] opened a new pull request #66: Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
dependabot[bot] opened a new pull request #66: URL: https://github.com/apache/commons-build-plugin/pull/66 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.5.3.0 to 4.6.0.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs-maven-plugin 4.6.0.0 Spotbugs 4.6.0 support Groovy 4.0.1 based note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage. note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/1757c7fbfcb997e1d5d0cb696138bac199e4314c;>1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/7e022d79676d398e9a1ad207af10327a783998e2;>7e022d7 [pom] Bump remainder to spotbugs 4.6.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/aa8a2b1bcd3556ac26c0dcbec7d963b6bd4edd0d;>aa8a2b1 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/413;>#413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers... https://github.com/spotbugs/spotbugs-maven-plugin/commit/c51b51c842ada8f91085fec4090e31a0ebc72ca8;>c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/fd7e0208a5100cffd5e1cf17a56b47a12f79b3df;>fd7e020 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/411;>#411 from spotbugs/dependabot/maven/mavenVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4b591e2ad1f8d3fd14c583d1badb319580b4cfd4;>4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/3276bfa6cbdd13346e81bba9e3a5818522d4db58;>3276bfa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/412;>#412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/047836cedbf0e76cffda1051fb90df7e911959e3;>047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5 https://github.com/spotbugs/spotbugs-maven-plugin/commit/4fa6caa62dd3ba7a1d47ac1d58a0bf48c1eab330;>4fa6caa Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/409;>#409 from spotbugs/dependabot/maven/com.github.spotbugs-sp... https://github.com/spotbugs/spotbugs-maven-plugin/commit/3d45f8ff7e9a50aae3164eb40140a7481ef42665;>3d45f8f Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/410;>#410 from spotbugs/dependabot/maven/groovyVersion-4.0.1 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.5.3.0...spotbugs-maven-plugin-4.6.0.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.5.3.0=4.6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[GitHub] [commons-lang] shivambhojani opened a new pull request #865: Refactoring the files.
shivambhojani opened a new pull request #865: URL: https://github.com/apache/commons-lang/pull/865 Hello, I am working on refactoring the project and found that few files could be refactored and used more efficiently. Refactoring is done in such a way that all the existing Unit test cases are passing without any issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org