[GitHub] [commons-codec] garydgregory closed pull request #159: [SECURITY] Fix Temporary File Information Disclosure Vulnerability
garydgregory closed pull request #159: [SECURITY] Fix Temporary File Information Disclosure Vulnerability URL: https://github.com/apache/commons-codec/pull/159 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-codec] garydgregory commented on pull request #159: [SECURITY] Fix Temporary File Information Disclosure Vulnerability
garydgregory commented on PR #159: URL: https://github.com/apache/commons-codec/pull/159#issuecomment-1320790327 In a test? Really? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-codec] JLLeitschuh opened a new pull request, #159: [SECURITY] Fix Temporary File Information Disclosure Vulnerability
JLLeitschuh opened a new pull request, #159: URL: https://github.com/apache/commons-codec/pull/159 # Security Vulnerability Fix This pull request fixes a Temporary File Information Disclosure Vulnerability, which existed in this project. ## Preamble The system temporary directory is shared between all users on most unix-like systems (not MacOS, or Windows). Thus, code interacting with the system temporary directory must be careful about file interactions in this directory, and must ensure that the correct file posix permissions are set. This PR was generated because a call to `File.createTempFile(..)` was detected in this repository in a way that makes this project vulnerable to local information disclosure. With the default uname configuration, `File.createTempFile(..)` creates a file with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. ### Impact Information in this file is visible to other local users, allowing a malicious actor co-resident on the same machine to view potentially sensitive files. Other Examples - [CVE-2020-15250](https://github.com/advisories/GHSA-269g-pwp5-87pp) - junit-team/junit - [CVE-2021-21364](https://github.com/advisories/GHSA-hpv8-9rq5-hq7w) - swagger-api/swagger-codegen - [CVE-2022-24823](https://github.com/advisories/GHSA-5mcr-gq6c-3hq2) - netty/netty - [CVE-2022-24823](https://github.com/advisories/GHSA-269q-hmxg-m83q) - netty/netty # The Fix The fix has been to convert the logic above to use the following API that was introduced in Java 1.7. ```java File tmpDir = Files.createTempFile("temp dir").toFile(); ``` The API both creates the file securely, ie. with a random, non-conflicting name, with file permissions that only allow the currently executing user to read or write the contents of this file. By default, `Files.createTempFile("temp dir")` will create a file with the permissions `-rw---`, which only allows the user that created the file to view/write the file contents. # :arrow_right: Vulnerability Disclosure :arrow_left: :wave: Vulnerability disclosure is a super important part of the vulnerability handling process and should not be skipped! This may be completely new to you, and that's okay, I'm here to assist! First question, do we need to perform vulnerability disclosure? It depends! 1. Is the vulnerable code only in tests or example code? No disclosure required! 2. Is the vulnerable code in code shipped to your end users? Vulnerability disclosure is probably required! ## Vulnerability Disclosure How-To You have a few options options to perform vulnerability disclosure. However, I'd like to suggest the following 2 options: 1. Request a CVE number from GitHub by creating a repository-level [GitHub Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory). This has the advantage that, if you provide sufficient information, GitHub will automatically generate Dependabot alerts for your downstream consumers, resolving this vulnerability more quickly. 2. Reach out to the team at Snyk to assist with CVE issuance. They can be reached at the [Snyk's Disclosure Email](mailto:rep...@snyk.io). ## Detecting this and Future Vulnerabilities This vulnerability was automatically detected by GitHub's CodeQL using this [CodeQL Query](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/). You can automatically detect future vulnerabilities like this by enabling the free (for open-source) [GitHub Action](https://github.com/github/codeql-action). I'm not an employee of GitHub, I'm simply an open-source security researcher. ## Source This contribution was automatically generated with an [OpenRewrite](https://github.com/openrewrite/rewrite) [refactoring recipe](https://docs.openrewrite.org/), which was lovingly hand crafted to bring this security fix to your repository. The source code that generated this PR can be found here: [SecureTempFileCreation](https://github.com/openrewrite/rewrite-java-security/blob/main/src/main/java/org/openrewrite/java/security/SecureTempFileCreation.java) ## Opting-Out If you'd like to opt-out of future automated security vulnerability fixes like this, please consider adding a file called `.github/GH-ROBOTS.txt` to your repository with the line: ``` User-agent: JLLeitschuh/security-research Disallow: * ``` This bot will respect the [ROBOTS.txt](https://moz.com/learn/seo/robotstxt) format for future contributions. Alternatively, if this project is no longer actively maintained, consider
[GitHub] [commons-imaging] JLLeitschuh opened a new pull request, #249: [SECURITY] Fix Temporary File Information Disclosure Vulnerability
JLLeitschuh opened a new pull request, #249: URL: https://github.com/apache/commons-imaging/pull/249 # Security Vulnerability Fix This pull request fixes a Temporary File Information Disclosure Vulnerability, which existed in this project. ## Preamble The system temporary directory is shared between all users on most unix-like systems (not MacOS, or Windows). Thus, code interacting with the system temporary directory must be careful about file interactions in this directory, and must ensure that the correct file posix permissions are set. This PR was generated because a call to `File.createTempFile(..)` was detected in this repository in a way that makes this project vulnerable to local information disclosure. With the default uname configuration, `File.createTempFile(..)` creates a file with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. ### Impact Information in this file is visible to other local users, allowing a malicious actor co-resident on the same machine to view potentially sensitive files. Other Examples - [CVE-2020-15250](https://github.com/advisories/GHSA-269g-pwp5-87pp) - junit-team/junit - [CVE-2021-21364](https://github.com/advisories/GHSA-hpv8-9rq5-hq7w) - swagger-api/swagger-codegen - [CVE-2022-24823](https://github.com/advisories/GHSA-5mcr-gq6c-3hq2) - netty/netty - [CVE-2022-24823](https://github.com/advisories/GHSA-269q-hmxg-m83q) - netty/netty # The Fix The fix has been to convert the logic above to use the following API that was introduced in Java 1.7. ```java File tmpDir = Files.createTempFile("temp dir").toFile(); ``` The API both creates the file securely, ie. with a random, non-conflicting name, with file permissions that only allow the currently executing user to read or write the contents of this file. By default, `Files.createTempFile("temp dir")` will create a file with the permissions `-rw---`, which only allows the user that created the file to view/write the file contents. # :arrow_right: Vulnerability Disclosure :arrow_left: :wave: Vulnerability disclosure is a super important part of the vulnerability handling process and should not be skipped! This may be completely new to you, and that's okay, I'm here to assist! First question, do we need to perform vulnerability disclosure? It depends! 1. Is the vulnerable code only in tests or example code? No disclosure required! 2. Is the vulnerable code in code shipped to your end users? Vulnerability disclosure is probably required! ## Vulnerability Disclosure How-To You have a few options options to perform vulnerability disclosure. However, I'd like to suggest the following 2 options: 1. Request a CVE number from GitHub by creating a repository-level [GitHub Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory). This has the advantage that, if you provide sufficient information, GitHub will automatically generate Dependabot alerts for your downstream consumers, resolving this vulnerability more quickly. 2. Reach out to the team at Snyk to assist with CVE issuance. They can be reached at the [Snyk's Disclosure Email](mailto:rep...@snyk.io). ## Detecting this and Future Vulnerabilities This vulnerability was automatically detected by GitHub's CodeQL using this [CodeQL Query](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/). You can automatically detect future vulnerabilities like this by enabling the free (for open-source) [GitHub Action](https://github.com/github/codeql-action). I'm not an employee of GitHub, I'm simply an open-source security researcher. ## Source This contribution was automatically generated with an [OpenRewrite](https://github.com/openrewrite/rewrite) [refactoring recipe](https://docs.openrewrite.org/), which was lovingly hand crafted to bring this security fix to your repository. The source code that generated this PR can be found here: [SecureTempFileCreation](https://github.com/openrewrite/rewrite-java-security/blob/main/src/main/java/org/openrewrite/java/security/SecureTempFileCreation.java) ## Opting-Out If you'd like to opt-out of future automated security vulnerability fixes like this, please consider adding a file called `.github/GH-ROBOTS.txt` to your repository with the line: ``` User-agent: JLLeitschuh/security-research Disallow: * ``` This bot will respect the [ROBOTS.txt](https://moz.com/learn/seo/robotstxt) format for future contributions. Alternatively, if this project is no longer actively maintained, consider
[GitHub] [commons-beanutils] dependabot[bot] opened a new pull request, #146: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
dependabot[bot] opened a new pull request, #146: URL: https://github.com/apache/commons-beanutils/pull/146 Bumps [japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.16.0 to 0.17.1. Commits https://github.com/siom79/japicmp/commit/64c6164efaa04381e3ccc8e58cd39f6195cbd021;>64c6164 [maven-release-plugin] prepare release japicmp-base-0.17.1 https://github.com/siom79/japicmp/commit/d2a6f1bb96cbfcf3e0c43b5a08f1b5c9332cd97d;>d2a6f1b Merge remote-tracking branch 'origin/master' https://github.com/siom79/japicmp/commit/a6c78dad8b452488ca56150ce4330e15821a6a8a;>a6c78da upgraded version in *.md files to 0.17.1 https://github.com/siom79/japicmp/commit/566ca25ee13a2644b9e4f3466c897b0a81f84933;>566ca25 update ReleaseNotes.md https://github.com/siom79/japicmp/commit/460d8c28814459da377a07d2f1dac5e4a7998a29;>460d8c2 https://github-redirect.dependabot.com/siom79/japicmp/issues/350;>#350 added new METHOD_MOVED_TO_SUPERCLASS compatibility check https://github.com/siom79/japicmp/commit/5b71a6c883b1b146bb897d0ffe19e8eeb3e00630;>5b71a6c https://github-redirect.dependabot.com/siom79/japicmp/issues/349;>#349: no IllegalStateException when method is removed from Sub-Class and Supe... https://github.com/siom79/japicmp/commit/413175d440cfa00a7a88e48903e21cabdb25d771;>413175d [maven-release-plugin] prepare for next development iteration https://github.com/siom79/japicmp/commit/2b1b6e1160bba5a4e2c7ed508e636b943cd293ff;>2b1b6e1 [maven-release-plugin] prepare release japicmp-base-0.17.0 https://github.com/siom79/japicmp/commit/dd0a6424332327c8bcb2366c5afcedd126764651;>dd0a642 upgraded version in *.md files to 0.17.0 https://github.com/siom79/japicmp/commit/4e799a63120317bd77b4b8b3624b33cd104d9ca2;>4e799a6 upgrade version to 0.17.0-SNAPSHOT Additional commits viewable in https://github.com/siom79/japicmp/compare/japicmp-base-0.16.0...japicmp-base-0.17.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.siom79.japicmp:japicmp-maven-plugin=maven=0.16.0=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] garydgregory merged pull request #388: Bump jmh.version from 1.35 to 1.36
garydgregory merged PR #388: URL: https://github.com/apache/commons-text/pull/388 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] garydgregory merged pull request #389: Bump mockito-inline from 4.8.1 to 4.9.0
garydgregory merged PR #389: URL: https://github.com/apache/commons-text/pull/389 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-email] codecov-commenter commented on pull request #112: Bump slf4j-jdk14 from 1.7.7 to 2.0.4
codecov-commenter commented on PR #112: URL: https://github.com/apache/commons-email/pull/112#issuecomment-1320478223 # [Codecov](https://codecov.io/gh/apache/commons-email/pull/112?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) Report > Merging [#112](https://codecov.io/gh/apache/commons-email/pull/112?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (f698036) into [master](https://codecov.io/gh/apache/commons-email/commit/ba918854ea0e9b562b7dd20227cd528fd91ab8c6?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) (ba91885) will **not change** coverage. > The diff coverage is `n/a`. ```diff @@Coverage Diff@@ ## master #112 +/- ## = Coverage 65.58% 65.58% Complexity 304 304 = Files18 18 Lines 1052 1052 Branches137 137 = Hits690 690 Misses 283 283 Partials 79 79 ``` :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-email] dependabot[bot] opened a new pull request, #112: Bump slf4j-jdk14 from 1.7.7 to 2.0.4
dependabot[bot] opened a new pull request, #112: URL: https://github.com/apache/commons-email/pull/112 Bumps [slf4j-jdk14](https://github.com/qos-ch/slf4j) from 1.7.7 to 2.0.4. Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v1.7.7...v_2.0.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-jdk14=maven=1.7.7=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory merged pull request #170: Bump jmh.version from 1.35 to 1.36
garydgregory merged PR #170: URL: https://github.com/apache/commons-bcel/pull/170 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] dependabot[bot] opened a new pull request, #389: Bump mockito-inline from 4.8.1 to 4.9.0
dependabot[bot] opened a new pull request, #389: URL: https://github.com/apache/commons-text/pull/389 Bumps [mockito-inline](https://github.com/mockito/mockito) from 4.8.1 to 4.9.0. Release notes Sourced from https://github.com/mockito/mockito/releases;>mockito-inline's releases. v4.9.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 4.9.0 2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>6 commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, dependabot[bot] Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784;>mockito/mockito#2784) Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>mockito/mockito#2783) Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780;>mockito/mockito#2780) bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776;>mockito/mockito#2776) Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775;>mockito/mockito#2775) Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770)](https://github-redirect.dependabot.com/mockito/mockito/pull/2770;>mockito/mockito#2770) Bump junit-platform-launcher from 1.9.0 to 1.9.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768)](https://github-redirect.dependabot.com/mockito/mockito/pull/2768;>mockito/mockito#2768) Commits https://github.com/mockito/mockito/commit/0052e2f5f78ca2eda4593df158e1c2366639e5db;>0052e2f Avoid clearing stale weak entries from critical code segments (https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780) https://github.com/mockito/mockito/commit/47045cbdfe606d8616f7e0a814af6e7803d4c33f;>47045cb Upgrade objenesis 3.2 - 3.3 (https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784) https://github.com/mockito/mockito/commit/eb85518cef362e39788a7e030bab8ac78eca76c9;>eb85518 Update gradle to 7.5.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776) https://github.com/mockito/mockito/commit/fcb4cf7bf3f38b0135b50bdc930d7532c7168356;>fcb4cf7 Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 (https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775) https://github.com/mockito/mockito/commit/f512a7694097b46b18394d89173506cf59d071ae;>f512a76 Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770) https://github.com/mockito/mockito/commit/fe7dca265190a6ae3040e4938fb25600a09c669f;>fe7dca2 Bump junit-platform-launcher from 1.9.0 to 1.9.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768) See full diff in https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-inline=maven=4.8.1=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[GitHub] [commons-text] dependabot[bot] opened a new pull request, #388: Bump jmh.version from 1.35 to 1.36
dependabot[bot] opened a new pull request, #388: URL: https://github.com/apache/commons-text/pull/388 Bumps `jmh.version` from 1.35 to 1.36. Updates `jmh-core` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Updates `jmh-generator-annprocess` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this
[GitHub] [commons-lang] kinow merged pull request #991: Bump junit-pioneer from 1.8.0 to 1.9.0
kinow merged PR #991: URL: https://github.com/apache/commons-lang/pull/991 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] kinow merged pull request #990: Bump jmh.version from 1.35 to 1.36
kinow merged PR #990: URL: https://github.com/apache/commons-lang/pull/990 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] kinow merged pull request #404: Bump jmh.version from 1.35 to 1.36
kinow merged PR #404: URL: https://github.com/apache/commons-io/pull/404 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] kinow merged pull request #238: Bump slf4j.version from 2.0.2 to 2.0.4
kinow merged PR #238: URL: https://github.com/apache/commons-configuration/pull/238 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] kinow merged pull request #329: Bump slf4j-api from 2.0.3 to 2.0.4
kinow merged PR #329: URL: https://github.com/apache/commons-compress/pull/329 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (FILEUPLOAD-309) Release version 2.0.0
[ https://issues.apache.org/jira/browse/FILEUPLOAD-309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616378#comment-17616378 ] Andy Seaborne edited comment on FILEUPLOAD-309 at 11/18/22 7:28 PM: (( This whole jakarta thing is "no gain, and a bit of a pain". )) The [Jakarta 9 release plan|https://eclipse-ee4j.github.io/jakartaee-platform/jakartaee9/JakartaEE9ReleasePlan] says that the idea is for a "no changes except namespaces" release, with an exception if referring to spec not transferring. Would not Fileupload v2.0 with name changes be better, and give the 3.x space for considered changes? A release of 1.4/Jakarta as 2.0 would help smooth this transition as it is significant for many projects. Or is the advice copying the code and changing it locally – which is practical for fileupload. was (Author: andy.seaborne): (( This whole jakarta thing is "no gain, and a bit of a pain". )) The [Jakarta 9 release plan](https://eclipse-ee4j.github.io/jakartaee-platform/jakartaee9/JakartaEE9ReleasePlan) specifically says that the idea is no changes except namespaces with an exception if referring to spec not transferring. Would not Fileupload v3.0 with changes be better, and give the 3.x space for considered changes? A release of 1.4/Jakarta as 2.0 would help smooth this transition as it is significant for many projects. Or advise copying the code and changing it locally which is practical for fileupload. > Release version 2.0.0 > - > > Key: FILEUPLOAD-309 > URL: https://issues.apache.org/jira/browse/FILEUPLOAD-309 > Project: Commons FileUpload > Issue Type: Wish >Reporter: Thiago Henrique Hupner >Priority: Major > > At Piranha, we've migrated to use the new Jakarta namespace. > One of our dependencies is the Commons File Upload, but the latest version > available is 1.4. > Looking around at the source code, I've found that the code is already > prepared for the new Jakarta namespace. > So, I want to know if there's a plan to release a new version soon. Or at > least a 2.0.0 milestone. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (LANG-1677) It should be possible to exclude fields in ReflectionDiffBuilder
[ https://issues.apache.org/jira/browse/LANG-1677?focusedWorklogId=827250=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-827250 ] ASF GitHub Bot logged work on LANG-1677: Author: ASF GitHub Bot Created on: 18/Nov/22 19:06 Start Date: 18/Nov/22 19:06 Worklog Time Spent: 10m Work Description: garydgregory commented on PR #838: URL: https://github.com/apache/commons-lang/pull/838#issuecomment-1320420683 I will be busy this weekend with Commons BCEL and Commons Net, so probably after that. Issue Time Tracking --- Worklog Id: (was: 827250) Time Spent: 3h 10m (was: 3h) > It should be possible to exclude fields in ReflectionDiffBuilder > > > Key: LANG-1677 > URL: https://issues.apache.org/jira/browse/LANG-1677 > Project: Commons Lang > Issue Type: Wish > Components: lang.builder.* >Affects Versions: 3.12.0 >Reporter: Dennis Baerten >Priority: Major > Time Spent: 3h 10m > Remaining Estimate: 0h > > When using ReflectionDiffBuilder to make a diff between two object it will be > default include all fields. As stated in the documentation static and > transient fields are excluded. > Using the transient modifier in combination with other frameworks ( such as > Hibernate ) also has a side affect that those fields are not persisted. > The use case I'm trying to solve it making a diff of an object that get's > updated and has a LastModificationDate and LastModificationUser and thus will > always be a field in the diff. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-lang] garydgregory commented on pull request #838: LANG-1677 : Add ReflectionDiffBuilder.setExcludeFieldNames(...) and DiffExclude a…
garydgregory commented on PR #838: URL: https://github.com/apache/commons-lang/pull/838#issuecomment-1320420683 I will be busy this weekend with Commons BCEL and Commons Net, so probably after that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] commented on pull request #92: Bump slf4j-simple from 1.7.26 to 2.0.3
dependabot[bot] commented on PR #92: URL: https://github.com/apache/commons-rdf/pull/92#issuecomment-1320419940 Superseded by #101. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] closed pull request #92: Bump slf4j-simple from 1.7.26 to 2.0.3
dependabot[bot] closed pull request #92: Bump slf4j-simple from 1.7.26 to 2.0.3 URL: https://github.com/apache/commons-rdf/pull/92 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] dependabot[bot] opened a new pull request, #101: Bump slf4j-simple from 1.7.26 to 2.0.4
dependabot[bot] opened a new pull request, #101: URL: https://github.com/apache/commons-rdf/pull/101 Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.26 to 2.0.4. Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.26...v_2.0.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-simple=maven=1.7.26=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] dependabot[bot] opened a new pull request, #170: Bump jmh.version from 1.35 to 1.36
dependabot[bot] opened a new pull request, #170: URL: https://github.com/apache/commons-bcel/pull/170 Bumps `jmh.version` from 1.35 to 1.36. Updates `jmh-core` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Updates `jmh-generator-annprocess` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this
[jira] [Work logged] (LANG-1677) It should be possible to exclude fields in ReflectionDiffBuilder
[ https://issues.apache.org/jira/browse/LANG-1677?focusedWorklogId=827248=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-827248 ] ASF GitHub Bot logged work on LANG-1677: Author: ASF GitHub Bot Created on: 18/Nov/22 18:58 Start Date: 18/Nov/22 18:58 Worklog Time Spent: 10m Work Description: debae commented on PR #838: URL: https://github.com/apache/commons-lang/pull/838#issuecomment-1320414172 @garydgregory did you have the time too look into this PR Issue Time Tracking --- Worklog Id: (was: 827248) Time Spent: 3h (was: 2h 50m) > It should be possible to exclude fields in ReflectionDiffBuilder > > > Key: LANG-1677 > URL: https://issues.apache.org/jira/browse/LANG-1677 > Project: Commons Lang > Issue Type: Wish > Components: lang.builder.* >Affects Versions: 3.12.0 >Reporter: Dennis Baerten >Priority: Major > Time Spent: 3h > Remaining Estimate: 0h > > When using ReflectionDiffBuilder to make a diff between two object it will be > default include all fields. As stated in the documentation static and > transient fields are excluded. > Using the transient modifier in combination with other frameworks ( such as > Hibernate ) also has a side affect that those fields are not persisted. > The use case I'm trying to solve it making a diff of an object that get's > updated and has a LastModificationDate and LastModificationUser and thus will > always be a field in the diff. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-lang] debae commented on pull request #838: LANG-1677 : Add ReflectionDiffBuilder.setExcludeFieldNames(...) and DiffExclude a…
debae commented on PR #838: URL: https://github.com/apache/commons-lang/pull/838#issuecomment-1320414172 @garydgregory did you have the time too look into this PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jxpath] hummelm10 commented on pull request #26: Add an allow list for classes that can be loaded by JXPath
hummelm10 commented on PR #26: URL: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1320280537 > > > The CVE record has been updated to invalid so my request to edit the title of this PR to remove the CVE reference stands. > > > > > > For clarity, this is not true. The record has been marked DISPUTED which is entirely different to REJECT per the CVE website. (https://www.cve.org/ResourcesSupport/FAQs) Disputed is when there is disagreement between a vendor and security researcher so CVE Program leaves the record as is and updates the status. Rejected is when the record was placed in error and is not a vulnerability and the record could potentially be returned to the reserved pool in the future. The CVE is currently still valid and tied to the vulnerability just with the updated status so people can further research the vulnerability themselves. > > > > DISPUTED is the wrong state for these issues, then, they should be REJECT as they were placed in error, are not a vulnerability (as well as against CNA rules at the time of assignment). DISPUTED is the correct state since there is a dispute between the researcher and the maintainer. They CVE was not placed in error since obviously the researcher and others here do consider it a vulnerability. The DISPUTED tag tells individuals to research the issue; which they should do because this is an issue that could allow RCE in an application. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-daemon] dependabot[bot] opened a new pull request, #66: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0
dependabot[bot] opened a new pull request, #66: URL: https://github.com/apache/commons-daemon/pull/66 Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.7.2.1 to 4.7.3.0. Release notes Sourced from https://github.com/spotbugs/spotbugs-maven-plugin/releases;>spotbugs-maven-plugin's releases. Spotbugs Maven Plugin 4.7.3.0 Supports spotbugs 4.7.3 note: 4.7.2.2 was released and actually included 4.7.3 by default. All items in 4.7.2.2 are in this release with only change being to denote underlying spotbugs. Spotbugs Maven Plugin 4.7.2.2 Groovy bumped to 4.0.6 Make sarifOutputDirectory and sarifOutputFilename configurable per https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/506;>#506 and https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/507;>#507 notice: This is actually running spotbugs 4.7.3. A new release will be pushed that directly shows that. Sorry for any confusion. Commits https://github.com/spotbugs/spotbugs-maven-plugin/commit/a084687f6bb4706314cc57c0119a79135ba053f6;>a084687 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.7.3.0 https://github.com/spotbugs/spotbugs-maven-plugin/commit/99061cb2526a26536b767a2305198084942524b7;>99061cb Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/509;>#509 from hazendaz/spotbugs https://github.com/spotbugs/spotbugs-maven-plugin/commit/371096c3b2dd6f320006b9d9fd95c411e93d48fc;>371096c [pom] Set rest of spotbugs 4.7.3 artifacts https://github.com/spotbugs/spotbugs-maven-plugin/commit/d46ad44ad6c0b1782f2dfce57a59436e27e4ee79;>d46ad44 [maven-release-plugin] prepare for next development iteration https://github.com/spotbugs/spotbugs-maven-plugin/commit/f8450ddacc7328075693c6e56d3cdb2844767d1c;>f8450dd [maven-release-plugin] prepare release spotbugs-maven-plugin-4.7.2.2 https://github.com/spotbugs/spotbugs-maven-plugin/commit/24a8bb294680413a781efdbf73735b763830860c;>24a8bb2 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/508;>#508 from jwgmeligmeyling/issues/506-507 https://github.com/spotbugs/spotbugs-maven-plugin/commit/e148e19538bccf78a215e95f520274a7a249839b;>e148e19 Make sarifOutputDirectory and sarifOutputFilename configurable https://github.com/spotbugs/spotbugs-maven-plugin/commit/f01a7f6b99da3d2e6dcdbddd20f0b4e4dfac73fa;>f01a7f6 Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/504;>#504 from spotbugs/renovate/versionspluginversion https://github.com/spotbugs/spotbugs-maven-plugin/commit/717ab1ec1f3aec7a5131a4c561942756b456c09a;>717ab1e Merge pull request https://github-redirect.dependabot.com/spotbugs/spotbugs-maven-plugin/issues/503;>#503 from spotbugs/renovate/plexusutilsversion https://github.com/spotbugs/spotbugs-maven-plugin/commit/a01ef40e5a6ffd2deff1f125b717396b671f1536;>a01ef40 Update dependency org.codehaus.mojo:versions-maven-plugin to v2.13.0 Additional commits viewable in https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.7.2.1...spotbugs-maven-plugin-4.7.3.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.spotbugs:spotbugs-maven-plugin=maven=4.7.2.1=4.7.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot
[GitHub] [commons-configuration] dependabot[bot] opened a new pull request, #239: Bump spring.version from 5.3.23 to 6.0.0
dependabot[bot] opened a new pull request, #239: URL: https://github.com/apache/commons-configuration/pull/239 Bumps `spring.version` from 5.3.23 to 6.0.0. Updates `spring-core` from 5.3.23 to 6.0.0 Release notes Sourced from https://github.com/spring-projects/spring-framework/releases;>spring-core's releases. v6.0.0 See https://github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x;>What's New in Spring Framework 6.x and https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x;>Upgrading to Spring Framework 6.x for upgrade instructions and details of new features. :star: New Features Avoid direct URL construction and URL equality checks https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29486;>#29486 Simplify creating RFC 7807 responses from functional endpoints https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29462;>#29462 Allow test classes to provide runtime hints via declarative mechanisms https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29455;>#29455 :notebook_with_decorative_cover: Documentation Align javadoc of DefaultParameterNameDiscoverer with its behavior https://github-redirect.dependabot.com/spring-projects/spring-framework/pull/29494;>#29494 Document AOT support in the TestContext framework https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29482;>#29482 Document Ahead of Time processing in the reference guide https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29350;>#29350 :hammer: Dependency Upgrades Upgrade to Reactor 2022.0.0 https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29465;>#29465 :heart: Contributors Thank you to all the contributors who worked on this release: https://github.com/ophiuhus;>@ophiuhus and https://github.com/wilkinsona;>@wilkinsona v6.0.0-RC4 :star: New Features Introduce DataFieldMaxValueIncrementer for SQL Server sequences https://github-redirect.dependabot.com/spring-projects/spring-framework/pull/29447;>#29447 Introduce findAllAnnotationsOnBean variant on ListableBeanFactory https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29446;>#29446 Introduce support for Jakarta WebSocket 2.1 https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29436;>#29436 Allow @ControllerAdvice in WebFlux to handle exceptions before a handler is selected https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/22991;>#22991 :lady_beetle: Bug Fixes Bean with unresolved generics do not use fallback algorithms with AOT https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29454;>#29454 TomcatRequestUpgradeStrategy is not compatible with Tomcat 10.1 https://github-redirect.dependabot.com/spring-projects/spring-framework/pull/29434;>#29434 Autowiring of a generic type produced by a factory bean fails after AOT processing https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29385;>#29385 :notebook_with_decorative_cover: Documentation Reference PDF containing full docs not available https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/28451;>#28451 :hammer: Dependency Upgrades Revisit Servlet API baseline: Servlet 6.0 in the build, Servlet 5.0 compatibility at runtime https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29435;>#29435 Upgrade to Context Propagation 1.0.0 https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29442;>#29442 Upgrade to Jackson 2.14.0 https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29351;>#29351 Upgrade to Micrometer 1.10.0 https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/29441;>#29441 ... (truncated) Commits https://github.com/spring-projects/spring-framework/commit/5a30a43b753a971ac8bf4005a8ccddeaff439d7e;>5a30a43 Release v6.0.0 https://github.com/spring-projects/spring-framework/commit/42856bab164dd0b9d92dbb1cd42acce66d491ffa;>42856ba Add milestone repo for optional Netty 5 support https://github.com/spring-projects/spring-framework/commit/9be6cea012b2c5ac55e862329ccb9103e978f3d2;>9be6cea Polishing deprecated methods https://github.com/spring-projects/spring-framework/commit/37b439182e4aacf48b33d9c1ad3201a2ef5a6f13;>37b4391 Align javadoc of DefaultParameterNameDiscoverer with its behavior https://github.com/spring-projects/spring-framework/commit/09a58a55bf7882f24352c0bb2ecf742c14c22cc3;>09a58a5 Polish https://github.com/spring-projects/spring-framework/commit/10f4ad1a44a7031b84a9f43578a5d37135ad21da;>10f4ad1 Assert fixed in
[GitHub] [commons-configuration] dependabot[bot] closed pull request #218: Bump slf4j.version from 2.0.2 to 2.0.3
dependabot[bot] closed pull request #218: Bump slf4j.version from 2.0.2 to 2.0.3 URL: https://github.com/apache/commons-configuration/pull/218 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] dependabot[bot] commented on pull request #218: Bump slf4j.version from 2.0.2 to 2.0.3
dependabot[bot] commented on PR #218: URL: https://github.com/apache/commons-configuration/pull/218#issuecomment-1320220722 Superseded by #238. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] dependabot[bot] opened a new pull request, #238: Bump slf4j.version from 2.0.2 to 2.0.4
dependabot[bot] opened a new pull request, #238: URL: https://github.com/apache/commons-configuration/pull/238 Bumps `slf4j.version` from 2.0.2 to 2.0.4. Updates `slf4j-api` from 2.0.2 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_2.0.2...v_2.0.4;>compare view Updates `slf4j-ext` from 2.0.2 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_2.0.2...v_2.0.4;>compare view Updates `slf4j-log4j12` from 2.0.2 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_2.0.2...v_2.0.4;>compare view Updates `slf4j-nop` from 2.0.2 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry
[GitHub] [commons-weaver] garydgregory commented on a diff in pull request #12: JUnit5 assertThrows ProvidersTest
garydgregory commented on code in PR #12: URL: https://github.com/apache/commons-weaver/pull/12#discussion_r1026567810 ## processor/src/test/java/org/apache/commons/weaver/utils/ProvidersTest.java: ## @@ -29,17 +30,20 @@ import org.apache.commons.weaver.spi.Weaver; import org.hamcrest.collection.IsIterableContainingInOrder; import org.junit.Test; +import org.junit.jupiter.api.function.Executable; public class ProvidersTest { -@Test(expected = NullPointerException.class) +@Test public void testSortNull() { -Providers.sort(null); +final Executable testMethod = () -> Providers.sort(null); +assertThrows(NullPointerException.class, testMethod); Review Comment: Hi @nhojpatrick Please remove the local variable. ## processor/src/test/java/org/apache/commons/weaver/utils/ProvidersTest.java: ## @@ -85,9 +89,10 @@ public void testSort() { assertThat(Providers.sort(Arrays.asList(y, w, x, z)), IsIterableContainingInOrder.contains(z, y, x, w)); } -@Test(expected = IllegalStateException.class) +@Test public void testCircularSort() { -Providers.sort(Arrays.asList(y, z, monkeywrench)); +final Executable testMethod = () -> Providers.sort(Arrays.asList(y, z, monkeywrench)); Review Comment: Hi @nhojpatrick Please remove the local variable. ## processor/src/test/java/org/apache/commons/weaver/utils/ProvidersTest.java: ## @@ -29,17 +30,20 @@ import org.apache.commons.weaver.spi.Weaver; import org.hamcrest.collection.IsIterableContainingInOrder; import org.junit.Test; +import org.junit.jupiter.api.function.Executable; public class ProvidersTest { -@Test(expected = NullPointerException.class) +@Test public void testSortNull() { -Providers.sort(null); +final Executable testMethod = () -> Providers.sort(null); +assertThrows(NullPointerException.class, testMethod); } -@Test(expected = IllegalArgumentException.class) +@Test public void testSortNullElement() { -Providers.sort(Arrays.asList((Weaver) null)); +final Executable testMethod = () -> Providers.sort(Arrays.asList((Weaver) null)); Review Comment: Hi @nhojpatrick Please remove the local variable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory closed pull request #335: Bump slf4j-simple from 1.7.26 to 2.0.4
garydgregory closed pull request #335: Bump slf4j-simple from 1.7.26 to 2.0.4 URL: https://github.com/apache/commons-vfs/pull/335 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory commented on pull request #335: Bump slf4j-simple from 1.7.26 to 2.0.4
garydgregory commented on PR #335: URL: https://github.com/apache/commons-vfs/pull/335#issuecomment-1320170763 Close to open slot of other updates. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] garydgregory merged pull request #91: Bump actions/cache from 3.0.10 to 3.0.11
garydgregory merged PR #91: URL: https://github.com/apache/commons-validator/pull/91 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] garydgregory merged pull request #96: Bump actions/upload-artifact from 3.1.0 to 3.1.1
garydgregory merged PR #96: URL: https://github.com/apache/commons-validator/pull/96 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] garydgregory merged pull request #98: Bump actions/setup-java from 3.5.1 to 3.6.0
garydgregory merged PR #98: URL: https://github.com/apache/commons-validator/pull/98 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] garydgregory commented on pull request #95: JUnit5 assertThrows UrlValidatorTest
garydgregory commented on PR #95: URL: https://github.com/apache/commons-validator/pull/95#issuecomment-1320159884 -1 This is not better, let's wait until this component is on Java 8. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-skin] garydgregory merged pull request #18: Bump actions/upload-artifact from 3.1.0 to 3.1.1
garydgregory merged PR #18: URL: https://github.com/apache/commons-skin/pull/18 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-skin] garydgregory merged pull request #19: Bump github/codeql-action from 2.1.30 to 2.1.31
garydgregory merged PR #19: URL: https://github.com/apache/commons-skin/pull/19 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #75: Bump actions/checkout from 3.0.2 to 3.1.0
garydgregory merged PR #75: URL: https://github.com/apache/commons-scxml/pull/75 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #78: Bump actions/cache from 3.0.8 to 3.0.11
garydgregory merged PR #78: URL: https://github.com/apache/commons-scxml/pull/78 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #79: Bump actions/setup-java from 3.5.1 to 3.6.0
garydgregory merged PR #79: URL: https://github.com/apache/commons-scxml/pull/79 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #82: Bump actions/upload-artifact from 3.1.0 to 3.1.1
garydgregory merged PR #82: URL: https://github.com/apache/commons-scxml/pull/82 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #83: Bump jackson-databind from 2.13.4 to 2.14.0
garydgregory merged PR #83: URL: https://github.com/apache/commons-scxml/pull/83 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] garydgregory merged pull request #84: Bump jackson-core from 2.13.4 to 2.14.0
garydgregory merged PR #84: URL: https://github.com/apache/commons-scxml/pull/84 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory merged pull request #174: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
garydgregory merged PR #174: URL: https://github.com/apache/commons-parent/pull/174 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] dependabot[bot] opened a new pull request, #991: Bump junit-pioneer from 1.8.0 to 1.9.0
dependabot[bot] opened a new pull request, #991: URL: https://github.com/apache/commons-lang/pull/991 Bumps [junit-pioneer](https://github.com/junit-pioneer/junit-pioneer) from 1.8.0 to 1.9.0. Release notes Sourced from https://github.com/junit-pioneer/junit-pioneer/releases;>junit-pioneer's releases. v1.9.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 1.9.0 2022-11-14 - https://github.com/junit-pioneer/junit-pioneer/compare/v1.8.0...v1.9.0;>1 commit(s) by Jonathan Bluett-Duncan Create new temporary directory/resource extension [(https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/issues/491;>#491)](https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/pull/491;>junit-pioneer/junit-pioneer#491) Create new temporary directory/resource extension [(https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/issues/348;>#348)](https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/issues/348;>junit-pioneer/junit-pioneer#348) Commits https://github.com/junit-pioneer/junit-pioneer/commit/7f56ffeac22eec50ddbcec51c96f56108aec8499;>7f56ffe Create resource temp dir extensions (https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/issues/348;>#348 / https://github-redirect.dependabot.com/junit-pioneer/junit-pioneer/issues/491;>#491) See full diff in https://github.com/junit-pioneer/junit-pioneer/compare/v1.8.0...v1.9.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit-pioneer:junit-pioneer=maven=1.8.0=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] dependabot[bot] opened a new pull request, #990: Bump jmh.version from 1.35 to 1.36
dependabot[bot] opened a new pull request, #990: URL: https://github.com/apache/commons-lang/pull/990 Bumps `jmh.version` from 1.35 to 1.36. Updates `jmh-core` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Updates `jmh-generator-annprocess` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this
[GitHub] [commons-rdf] garydgregory merged pull request #82: Bump junit from 4.12 to 4.13.1 in /commons-rdf-examples
garydgregory merged PR #82: URL: https://github.com/apache/commons-rdf/pull/82 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] garydgregory merged pull request #95: Bump actions/checkout from 3.0.2 to 3.1.0
garydgregory merged PR #95: URL: https://github.com/apache/commons-rdf/pull/95 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] garydgregory merged pull request #97: Bump actions/cache from 3.0.8 to 3.0.11
garydgregory merged PR #97: URL: https://github.com/apache/commons-rdf/pull/97 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] garydgregory merged pull request #99: Bump actions/setup-java from 3.5.1 to 3.6.0
garydgregory merged PR #99: URL: https://github.com/apache/commons-rdf/pull/99 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] garydgregory merged pull request #100: Bump actions/upload-artifact from 3.1.0 to 3.1.1
garydgregory merged PR #100: URL: https://github.com/apache/commons-rdf/pull/100 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory commented on pull request #174: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
garydgregory commented on PR #174: URL: https://github.com/apache/commons-parent/pull/174#issuecomment-1320137297 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] garydgregory merged pull request #405: Bump mockito-inline from 4.8.1 to 4.9.0
garydgregory merged PR #405: URL: https://github.com/apache/commons-io/pull/405 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] garydgregory merged pull request #406: Bump junit-pioneer from 1.7.2 to 1.9.0
garydgregory merged PR #406: URL: https://github.com/apache/commons-io/pull/406 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-fileupload] dependabot[bot] commented on pull request #179: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0
dependabot[bot] commented on PR #179: URL: https://github.com/apache/commons-fileupload/pull/179#issuecomment-1320115493 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-fileupload] garydgregory closed pull request #179: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0
garydgregory closed pull request #179: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0 URL: https://github.com/apache/commons-fileupload/pull/179 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-exec] garydgregory commented on a diff in pull request #73: JUnit5 assertThrows Exec65Test
garydgregory commented on code in PR #73: URL: https://github.com/apache/commons-exec/pull/73#discussion_r1026534070 ## src/test/java/org/apache/commons/exec/issues/Exec65Test.java: ## @@ -51,7 +53,8 @@ public void testExec65WitSleepUsingSleepCommandDirectly() throws Exception { executor.setStreamHandler(new PumpStreamHandler(System.out, System.err)); executor.setWatchdog(watchdog); -executor.execute(command); +final Executable testMethod = () -> executor.execute(command); Review Comment: @nhojpatrick ping -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbcp] garydgregory merged pull request #235: Bump mockito-core from 4.8.1 to 4.9.0
garydgregory merged PR #235: URL: https://github.com/apache/commons-dbcp/pull/235 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbcp] garydgregory merged pull request #238: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
garydgregory merged PR #238: URL: https://github.com/apache/commons-dbcp/pull/238 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory merged pull request #194: Bump jmh.version from 1.35 to 1.36
garydgregory merged PR #194: URL: https://github.com/apache/commons-crypto/pull/194 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] garydgregory merged pull request #330: Bump memoryfilesystem from 2.3.0 to 2.4.0
garydgregory merged PR #330: URL: https://github.com/apache/commons-compress/pull/330 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] garydgregory merged pull request #331: Bump mockito.version from 4.8.1 to 4.9.0
garydgregory merged PR #331: URL: https://github.com/apache/commons-compress/pull/331 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #103: Bump github/codeql-action from 2.1.30 to 2.1.31
garydgregory merged PR #103: URL: https://github.com/apache/commons-build-plugin/pull/103 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #104: Bump maven-plugin-plugin from 3.6.4 to 3.7.0
garydgregory merged PR #104: URL: https://github.com/apache/commons-build-plugin/pull/104 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #106: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0
garydgregory merged PR #106: URL: https://github.com/apache/commons-build-plugin/pull/106 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-beanutils] garydgregory merged pull request #143: Bump actions/upload-artifact from 3.1.0 to 3.1.1
garydgregory merged PR #143: URL: https://github.com/apache/commons-beanutils/pull/143 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-beanutils] garydgregory merged pull request #144: Bump actions/setup-java from 3.5.1 to 3.6.0
garydgregory merged PR #144: URL: https://github.com/apache/commons-beanutils/pull/144 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] garydgregory merged pull request #282: Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0
garydgregory merged PR #282: URL: https://github.com/apache/commons-csv/pull/282 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] garydgregory merged pull request #283: Bump jmh-generator-annprocess from 1.35 to 1.36
garydgregory merged PR #283: URL: https://github.com/apache/commons-csv/pull/283 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] garydgregory merged pull request #284: Bump mockito-core from 4.8.1 to 4.9.0
garydgregory merged PR #284: URL: https://github.com/apache/commons-csv/pull/284 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] garydgregory merged pull request #285: Bump jmh-core from 1.35 to 1.36
garydgregory merged PR #285: URL: https://github.com/apache/commons-csv/pull/285 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (DAEMON-450) Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs
Norimasa Yamamoto created DAEMON-450: Summary: Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs Key: DAEMON-450 URL: https://issues.apache.org/jira/browse/DAEMON-450 Project: Commons Daemon Issue Type: Bug Components: prunsrv Affects Versions: 1.3.2 Environment: Windows 7 SP1 x64 Apache Tomcat 9.0.69 x86 (zip-dist) Reporter: Norimasa Yamamoto Invoked "bin\tomcat9 //US/Tomcat9", logs directory will be inserted unwanted two ACLs. Repro at Tomcat9 directory on Admin Command Prompt (not Admin PowerShell). > ren logs logs1 > md logs > icacls logs logs NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > bin\tomcat9.exe //US/Tomcat9 > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > bin\tomcat9.exe //US/Tomcat9 > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) > for /l %i in (1,0,1) do bin\tomcat9.exe //US/Tomcat9 : (...after 1000-2000 times...) [2022-11-18 17:46:20] [warn] [ 2456] Failed to grant service user 'NT AUTHORITY\LocalService' write permissions to log path '\logs' due to error '1340: The inherited access control list (ACL) or access control entry (ACE) could not be built.' : > icacls logs logs NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\LOCAL SERVICE:(RX,W) : NT AUTHORITY\LOCAL SERVICE:(RX,W) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(GR,GW,GE) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(M) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-jxpath] iamamoose commented on pull request #26: Add an allow list for classes that can be loaded by JXPath
iamamoose commented on PR #26: URL: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1319955459 > > The CVE record has been updated to invalid so my request to edit the title of this PR to remove the CVE reference stands. > > For clarity, this is not true. The record has been marked DISPUTED which is entirely different to REJECT per the CVE website. (https://www.cve.org/ResourcesSupport/FAQs) Disputed is when there is disagreement between a vendor and security researcher so CVE Program leaves the record as is and updates the status. Rejected is when the record was placed in error and is not a vulnerability and the record could potentially be returned to the reserved pool in the future. The CVE is currently still valid and tied to the vulnerability just with the updated status so people can further research the vulnerability themselves. DISPUTED is the wrong state for these issues, then, they should be REJECT as they were placed in error, are not a vulnerability (as well as against CNA rules at the time of assignment). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (FILEUPLOAD-309) Release version 2.0.0
[ https://issues.apache.org/jira/browse/FILEUPLOAD-309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17635846#comment-17635846 ] Thomas Heigl commented on FILEUPLOAD-309: - I second that, please release something that works with Jakarta APIs. If you are not ready to release 2.0 now, please release 1.4.0-jakarta. Apache Shiro for instance is taking the classifier based approach here: https://github.com/apache/shiro/pull/522 > Release version 2.0.0 > - > > Key: FILEUPLOAD-309 > URL: https://issues.apache.org/jira/browse/FILEUPLOAD-309 > Project: Commons FileUpload > Issue Type: Wish >Reporter: Thiago Henrique Hupner >Priority: Major > > At Piranha, we've migrated to use the new Jakarta namespace. > One of our dependencies is the Commons File Upload, but the latest version > available is 1.4. > Looking around at the source code, I've found that the code is already > prepared for the new Jakarta namespace. > So, I want to know if there's a plan to release a new version soon. Or at > least a 2.0.0 milestone. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-csv] dependabot[bot] opened a new pull request, #285: Bump jmh-core from 1.35 to 1.36
dependabot[bot] opened a new pull request, #285: URL: https://github.com/apache/commons-csv/pull/285 Bumps [jmh-core](https://github.com/openjdk/jmh) from 1.35 to 1.36. Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.openjdk.jmh:jmh-core=maven=1.35=1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] dependabot[bot] opened a new pull request, #284: Bump mockito-core from 4.8.1 to 4.9.0
dependabot[bot] opened a new pull request, #284: URL: https://github.com/apache/commons-csv/pull/284 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 4.9.0. Release notes Sourced from https://github.com/mockito/mockito/releases;>mockito-core's releases. v4.9.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 4.9.0 2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>6 commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, dependabot[bot] Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784;>mockito/mockito#2784) Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>mockito/mockito#2783) Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780;>mockito/mockito#2780) bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776;>mockito/mockito#2776) Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775;>mockito/mockito#2775) Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770)](https://github-redirect.dependabot.com/mockito/mockito/pull/2770;>mockito/mockito#2770) Bump junit-platform-launcher from 1.9.0 to 1.9.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768)](https://github-redirect.dependabot.com/mockito/mockito/pull/2768;>mockito/mockito#2768) Commits https://github.com/mockito/mockito/commit/0052e2f5f78ca2eda4593df158e1c2366639e5db;>0052e2f Avoid clearing stale weak entries from critical code segments (https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780) https://github.com/mockito/mockito/commit/47045cbdfe606d8616f7e0a814af6e7803d4c33f;>47045cb Upgrade objenesis 3.2 - 3.3 (https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784) https://github.com/mockito/mockito/commit/eb85518cef362e39788a7e030bab8ac78eca76c9;>eb85518 Update gradle to 7.5.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776) https://github.com/mockito/mockito/commit/fcb4cf7bf3f38b0135b50bdc930d7532c7168356;>fcb4cf7 Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 (https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775) https://github.com/mockito/mockito/commit/f512a7694097b46b18394d89173506cf59d071ae;>f512a76 Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770) https://github.com/mockito/mockito/commit/fe7dca265190a6ae3040e4938fb25600a09c669f;>fe7dca2 Bump junit-platform-launcher from 1.9.0 to 1.9.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768) See full diff in https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core=maven=4.8.1=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[GitHub] [commons-csv] dependabot[bot] opened a new pull request, #283: Bump jmh-generator-annprocess from 1.35 to 1.36
dependabot[bot] opened a new pull request, #283: URL: https://github.com/apache/commons-csv/pull/283 Bumps [jmh-generator-annprocess](https://github.com/openjdk/jmh) from 1.35 to 1.36. Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.openjdk.jmh:jmh-generator-annprocess=maven=1.35=1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jexl] dependabot[bot] opened a new pull request, #142: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
dependabot[bot] opened a new pull request, #142: URL: https://github.com/apache/commons-jexl/pull/142 Bumps [japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.16.0 to 0.17.1. Commits https://github.com/siom79/japicmp/commit/64c6164efaa04381e3ccc8e58cd39f6195cbd021;>64c6164 [maven-release-plugin] prepare release japicmp-base-0.17.1 https://github.com/siom79/japicmp/commit/d2a6f1bb96cbfcf3e0c43b5a08f1b5c9332cd97d;>d2a6f1b Merge remote-tracking branch 'origin/master' https://github.com/siom79/japicmp/commit/a6c78dad8b452488ca56150ce4330e15821a6a8a;>a6c78da upgraded version in *.md files to 0.17.1 https://github.com/siom79/japicmp/commit/566ca25ee13a2644b9e4f3466c897b0a81f84933;>566ca25 update ReleaseNotes.md https://github.com/siom79/japicmp/commit/460d8c28814459da377a07d2f1dac5e4a7998a29;>460d8c2 https://github-redirect.dependabot.com/siom79/japicmp/issues/350;>#350 added new METHOD_MOVED_TO_SUPERCLASS compatibility check https://github.com/siom79/japicmp/commit/5b71a6c883b1b146bb897d0ffe19e8eeb3e00630;>5b71a6c https://github-redirect.dependabot.com/siom79/japicmp/issues/349;>#349: no IllegalStateException when method is removed from Sub-Class and Supe... https://github.com/siom79/japicmp/commit/413175d440cfa00a7a88e48903e21cabdb25d771;>413175d [maven-release-plugin] prepare for next development iteration https://github.com/siom79/japicmp/commit/2b1b6e1160bba5a4e2c7ed508e636b943cd293ff;>2b1b6e1 [maven-release-plugin] prepare release japicmp-base-0.17.0 https://github.com/siom79/japicmp/commit/dd0a6424332327c8bcb2366c5afcedd126764651;>dd0a642 upgraded version in *.md files to 0.17.0 https://github.com/siom79/japicmp/commit/4e799a63120317bd77b4b8b3624b33cd104d9ca2;>4e799a6 upgrade version to 0.17.0-SNAPSHOT Additional commits viewable in https://github.com/siom79/japicmp/compare/japicmp-base-0.16.0...japicmp-base-0.17.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.siom79.japicmp:japicmp-maven-plugin=maven=0.16.0=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] dependabot[bot] closed pull request #297: Bump sshd-core from 0.8.0 to 2.9.1
dependabot[bot] closed pull request #297: Bump sshd-core from 0.8.0 to 2.9.1 URL: https://github.com/apache/commons-vfs/pull/297 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] dependabot[bot] commented on pull request #297: Bump sshd-core from 0.8.0 to 2.9.1
dependabot[bot] commented on PR #297: URL: https://github.com/apache/commons-vfs/pull/297#issuecomment-1319848241 Superseded by #336. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] dependabot[bot] opened a new pull request, #336: Bump sshd-core from 0.8.0 to 2.9.2
dependabot[bot] opened a new pull request, #336: URL: https://github.com/apache/commons-vfs/pull/336 Bumps [sshd-core](https://github.com/apache/mina-sshd) from 0.8.0 to 2.9.2. Changelog Sourced from https://github.com/apache/mina-sshd/blob/master/CHANGES.md;>sshd-core's changelog. https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md;>Version 2.9.1 to 2.9.2 Planned for next version Bug fixes Major code re-factoring Potential compatibility issues Minor code helpers Behavioral changes and enhancements Commits https://github.com/apache/mina-sshd/commit/f7b6af7fdf1765f297a96dfec3f198f5fd7d;>f7b [maven-release-plugin] prepare release sshd-2.9.2 https://github.com/apache/mina-sshd/commit/1ccde6cdfe72adf13ef9dd49138434a74aabd784;>1ccde6c Minor comment fix https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5;>5a8fe83 Better file handling for host keys https://github.com/apache/mina-sshd/commit/bba481a9bd7e52c4552f586dd10339e792df7f44;>bba481a MinaSession: avoid synthetic accesses https://github.com/apache/mina-sshd/commit/f3a3d16f257b3545bd31e1a9e94c97632821a557;>f3a3d16 https://github-redirect.dependabot.com/apache/mina-sshd/issues/266;>GH-266: Make ChannelPipedOutputStream.flush() a no-op https://github.com/apache/mina-sshd/commit/a85d0743e597544cd4fe4d5e64893aa2ca71c77b;>a85d074 [releng] Update GitHub action versions https://github.com/apache/mina-sshd/commit/b724ac201afef79b8f9cb199d0afda818adc2c84;>b724ac2 Changes.md: mention https://github-redirect.dependabot.com/apache/mina-sshd/issues/263;>GH-263 https://github.com/apache/mina-sshd/commit/ba82c132472c25168e17bae9e5878b8f1b9af252;>ba82c13 https://github-redirect.dependabot.com/apache/mina-sshd/issues/263;>GH-263: Fix race condition in BufferedIoOutputStream https://github.com/apache/mina-sshd/commit/ae3851ab90bde0f6d873b1afb1c0887ae5b07e73;>ae3851a Changes.md: mention SSHD-1287 https://github.com/apache/mina-sshd/commit/6d0ef481a8822de7466fb749c225bd9a6db7fc33;>6d0ef48 [SSHD-1287] SFTP: better default buffer size handling Additional commits viewable in https://github.com/apache/mina-sshd/compare/sshd-0.8.0...sshd-2.9.2;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.sshd:sshd-core=maven=0.8.0=2.9.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] dependabot[bot] opened a new pull request, #194: Bump jmh.version from 1.35 to 1.36
dependabot[bot] opened a new pull request, #194: URL: https://github.com/apache/commons-crypto/pull/194 Bumps `jmh.version` from 1.35 to 1.36. Updates `jmh-core` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Updates `jmh-generator-annprocess` from 1.35 to 1.36 Commits https://github.com/openjdk/jmh/commit/f2f11b30667906438e3100e79af497f55d615398;>f2f11b3 JMH v1.36. https://github.com/openjdk/jmh/commit/7708484728b73b8ceed8b71dd3068010d588173e;>7708484 7903367: JMH: Add JMHSample_39_MemoryAccess https://github.com/openjdk/jmh/commit/e5caeb14826a978bec0f22907fd45051facbd827;>e5caeb1 7903351: JMH: Update pre-integration testing workflows https://github.com/openjdk/jmh/commit/0c68719cfe3a743a02837276e7a1aa55971299df;>0c68719 7903355: JMH: Drop support for JDK 7 https://github.com/openjdk/jmh/commit/0cffac978e4b6bf4076d56e95d437a7596b2d3e4;>0cffac9 7903369: JMH: GC profiler options https://github.com/openjdk/jmh/commit/e7b1218657240bf14e97868efde81defd8710f20;>e7b1218 7903368: JMH: GC profiler misreports allocation and churn rates https://github.com/openjdk/jmh/commit/31031536fb8c236f6338afc035eeafc59dcb90c8;>3103153 7903350: JMH: Update README https://github.com/openjdk/jmh/commit/7631fce9410aa7991d995df424bc5bd362d7dba7;>7631fce 7903322: JMH: Fix typo in JMHSample_11_Loops https://github.com/openjdk/jmh/commit/fbcc4ac99c22c2da8a62edeb4fb30941c61610fa;>fbcc4ac 7903328: Introduce a new method 'clear' in interface 'Multiset' https://github.com/openjdk/jmh/commit/c1b3e7518b2e4f8364679cb01a9161ed48e1bc8a;>c1b3e75 7903327: Refactor class 'GCProfiler.VMSupport' Additional commits viewable in https://github.com/openjdk/jmh/compare/1.35...1.36;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this
[GitHub] [commons-vfs] dependabot[bot] opened a new pull request, #335: Bump slf4j-simple from 1.7.26 to 2.0.4
dependabot[bot] opened a new pull request, #335: URL: https://github.com/apache/commons-vfs/pull/335 Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.26 to 2.0.4. Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.26...v_2.0.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-simple=maven=1.7.26=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] dependabot[bot] opened a new pull request, #334: Bump slf4j.version from 1.7.36 to 2.0.4
dependabot[bot] opened a new pull request, #334: URL: https://github.com/apache/commons-vfs/pull/334 Bumps `slf4j.version` from 1.7.36 to 2.0.4. Updates `slf4j-api` from 1.7.36 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.4;>compare view Updates `jcl-over-slf4j` from 1.7.36 to 2.0.4 Commits https://github.com/qos-ch/slf4j/commit/35dd7ff1e75cf83ffb6784a9537ff92c865e78b2;>35dd7ff removed unused META-INF/services entry https://github.com/qos-ch/slf4j/commit/440c2f3000fc0e2d7646f0b3d6e36e8bc2ef2485;>440c2f3 prepare release 2.0.4 https://github.com/qos-ch/slf4j/commit/43a36303e5a2338c22ec9aad5b01a401034eb553;>43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC... https://github.com/qos-ch/slf4j/commit/557bf7c0bd4e2c2cd85ef389729107461938dd15;>557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment https://github.com/qos-ch/slf4j/commit/632410565b26e4d67fc7ef2ce4c212380b4e59d1;>6324105 enhance manifest with capabilities https://github.com/qos-ch/slf4j/commit/e540299d58bc5f53cab3236cc1b2f29281982074;>e540299 edit blurb on release championing https://github.com/qos-ch/slf4j/commit/dfb41b06a8e5a6aed5e2856edf099fd324822dcf;>dfb41b0 Update README.md https://github.com/qos-ch/slf4j/commit/47c7cc7fa46d883d46b428aab6ef5562a139;>47c7cc7 clarify Logger.makeLoggingEventBuilder javadoc https://github.com/qos-ch/slf4j/commit/0be1bc15f26f11233ee7f657eb5b50fe552a49f1;>0be1bc1 Merge branch 'master' of github.com:qos-ch/slf4j https://github.com/qos-ch/slf4j/commit/d60690c0b9f0e4c89b71236cee9dc14d967d7778;>d60690c more flexible way to Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.4;>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service,
[GitHub] [commons-parent] dependabot[bot] opened a new pull request, #174: Bump japicmp-maven-plugin from 0.16.0 to 0.17.1
dependabot[bot] opened a new pull request, #174: URL: https://github.com/apache/commons-parent/pull/174 Bumps [japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.16.0 to 0.17.1. Commits https://github.com/siom79/japicmp/commit/64c6164efaa04381e3ccc8e58cd39f6195cbd021;>64c6164 [maven-release-plugin] prepare release japicmp-base-0.17.1 https://github.com/siom79/japicmp/commit/d2a6f1bb96cbfcf3e0c43b5a08f1b5c9332cd97d;>d2a6f1b Merge remote-tracking branch 'origin/master' https://github.com/siom79/japicmp/commit/a6c78dad8b452488ca56150ce4330e15821a6a8a;>a6c78da upgraded version in *.md files to 0.17.1 https://github.com/siom79/japicmp/commit/566ca25ee13a2644b9e4f3466c897b0a81f84933;>566ca25 update ReleaseNotes.md https://github.com/siom79/japicmp/commit/460d8c28814459da377a07d2f1dac5e4a7998a29;>460d8c2 https://github-redirect.dependabot.com/siom79/japicmp/issues/350;>#350 added new METHOD_MOVED_TO_SUPERCLASS compatibility check https://github.com/siom79/japicmp/commit/5b71a6c883b1b146bb897d0ffe19e8eeb3e00630;>5b71a6c https://github-redirect.dependabot.com/siom79/japicmp/issues/349;>#349: no IllegalStateException when method is removed from Sub-Class and Supe... https://github.com/siom79/japicmp/commit/413175d440cfa00a7a88e48903e21cabdb25d771;>413175d [maven-release-plugin] prepare for next development iteration https://github.com/siom79/japicmp/commit/2b1b6e1160bba5a4e2c7ed508e636b943cd293ff;>2b1b6e1 [maven-release-plugin] prepare release japicmp-base-0.17.0 https://github.com/siom79/japicmp/commit/dd0a6424332327c8bcb2366c5afcedd126764651;>dd0a642 upgraded version in *.md files to 0.17.0 https://github.com/siom79/japicmp/commit/4e799a63120317bd77b4b8b3624b33cd104d9ca2;>4e799a6 upgrade version to 0.17.0-SNAPSHOT Additional commits viewable in https://github.com/siom79/japicmp/compare/japicmp-base-0.16.0...japicmp-base-0.17.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.siom79.japicmp:japicmp-maven-plugin=maven=0.16.0=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (CLI-299) Add Automatic-Module-Name to MANIFEST.MF
[ https://issues.apache.org/jira/browse/CLI-299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17635773#comment-17635773 ] Samael Bate edited comment on CLI-299 at 11/18/22 10:00 AM: is there a plan to get this merged/released? was (Author: singingbush): will this ever get merged/released? > Add Automatic-Module-Name to MANIFEST.MF > > > Key: CLI-299 > URL: https://issues.apache.org/jira/browse/CLI-299 > Project: Commons CLI > Issue Type: Improvement >Reporter: Michael Miller >Priority: Major > > Add Automatic-Module-Name to the jar manifest in support of the Java 9 module > system. See other Apache commons projects that have already made the update: > https://issues.apache.org/jira/browse/BEANUTILS-512 > https://issues.apache.org/jira/browse/LOGGING-165 > I am opening this ticket because Accumulo requires its dependencies to have > stable module names before it can release modules of its own. Here is some > discussion and more information about this topic: > https://github.com/apache/accumulo/issues/1434 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CLI-299) Add Automatic-Module-Name to MANIFEST.MF
[ https://issues.apache.org/jira/browse/CLI-299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17635773#comment-17635773 ] Samael Bate commented on CLI-299: - will this ever get merged/released? > Add Automatic-Module-Name to MANIFEST.MF > > > Key: CLI-299 > URL: https://issues.apache.org/jira/browse/CLI-299 > Project: Commons CLI > Issue Type: Improvement >Reporter: Michael Miller >Priority: Major > > Add Automatic-Module-Name to the jar manifest in support of the Java 9 module > system. See other Apache commons projects that have already made the update: > https://issues.apache.org/jira/browse/BEANUTILS-512 > https://issues.apache.org/jira/browse/LOGGING-165 > I am opening this ticket because Accumulo requires its dependencies to have > stable module names before it can release modules of its own. Here is some > discussion and more information about this topic: > https://github.com/apache/accumulo/issues/1434 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-dbutils] dependabot[bot] opened a new pull request, #154: Bump mockito-core from 4.8.1 to 4.9.0
dependabot[bot] opened a new pull request, #154: URL: https://github.com/apache/commons-dbutils/pull/154 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.8.1 to 4.9.0. Release notes Sourced from https://github.com/mockito/mockito/releases;>mockito-core's releases. v4.9.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 4.9.0 2022-11-14 - https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>6 commit(s) by Andrei Solntsev, Rafael Winterhalter, Rick Ossendrijver, dependabot[bot] Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784)](https://github-redirect.dependabot.com/mockito/mockito/pull/2784;>mockito/mockito#2784) Upgrade objenesis 3.2 - 3.3 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>#2783)](https://github-redirect.dependabot.com/mockito/mockito/issues/2783;>mockito/mockito#2783) Avoids clearing stale weak entries from critical code segments. [(https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780)](https://github-redirect.dependabot.com/mockito/mockito/pull/2780;>mockito/mockito#2780) bump gradle from 7.3.1 to 7.5.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776)](https://github-redirect.dependabot.com/mockito/mockito/pull/2776;>mockito/mockito#2776) Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775)](https://github-redirect.dependabot.com/mockito/mockito/pull/2775;>mockito/mockito#2775) Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770)](https://github-redirect.dependabot.com/mockito/mockito/pull/2770;>mockito/mockito#2770) Bump junit-platform-launcher from 1.9.0 to 1.9.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768)](https://github-redirect.dependabot.com/mockito/mockito/pull/2768;>mockito/mockito#2768) Commits https://github.com/mockito/mockito/commit/0052e2f5f78ca2eda4593df158e1c2366639e5db;>0052e2f Avoid clearing stale weak entries from critical code segments (https://github-redirect.dependabot.com/mockito/mockito/issues/2780;>#2780) https://github.com/mockito/mockito/commit/47045cbdfe606d8616f7e0a814af6e7803d4c33f;>47045cb Upgrade objenesis 3.2 - 3.3 (https://github-redirect.dependabot.com/mockito/mockito/issues/2784;>#2784) https://github.com/mockito/mockito/commit/eb85518cef362e39788a7e030bab8ac78eca76c9;>eb85518 Update gradle to 7.5.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2776;>#2776) https://github.com/mockito/mockito/commit/fcb4cf7bf3f38b0135b50bdc930d7532c7168356;>fcb4cf7 Bump gradle/wrapper-validation-action from 1.0.4 to 1.0.5 (https://github-redirect.dependabot.com/mockito/mockito/issues/2775;>#2775) https://github.com/mockito/mockito/commit/f512a7694097b46b18394d89173506cf59d071ae;>f512a76 Bump gradle-errorprone-plugin from 2.0.2 to 3.0.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2770;>#2770) https://github.com/mockito/mockito/commit/fe7dca265190a6ae3040e4938fb25600a09c669f;>fe7dca2 Bump junit-platform-launcher from 1.9.0 to 1.9.1 (https://github-redirect.dependabot.com/mockito/mockito/issues/2768;>#2768) See full diff in https://github.com/mockito/mockito/compare/v4.8.1...v4.9.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core=maven=4.8.1=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[GitHub] [commons-jxpath] markt-asf commented on pull request #26: Add an allow list for classes that can be loaded by JXPath
markt-asf commented on PR #26: URL: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1319707214 There is no security vulnerability. This PR will be dealt with with the same priority as any other enhancement request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jxpath] stephanborn commented on pull request #26: Add an allow list for classes that can be loaded by JXPath
stephanborn commented on PR #26: URL: https://github.com/apache/commons-jxpath/pull/26#issuecomment-1319703699 Now as @kyakdan has renamed the PR's title to "get it merged" - is there a plan / schedule when this will be done and a new version with this included will be released? It would be good if that could be communicated. I am pretty sure there a several projects which are waiting for a release. I hope it will be done very soon as otherwise we need to replace JXPath in our project as we are not allowed to use libs with known security issues with that high criticality. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org