[GitHub] [commons-compress] kinow merged pull request #342: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

kinow merged PR #342:
URL: https://github.com/apache/commons-compress/pull/342


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-cli] codecov-commenter commented on pull request #153: Bump actions/cache from 3.0.11 to 3.2.1

[GitBox]

codecov-commenter commented on PR #153:
URL: https://github.com/apache/commons-cli/pull/153#issuecomment-1363675771

   # 
[Codecov](https://codecov.io/gh/apache/commons-cli/pull/153?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#153](https://codecov.io/gh/apache/commons-cli/pull/153?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (4a5bc9f) into 
[master](https://codecov.io/gh/apache/commons-cli/commit/c8504a8bfc21852bf11a1c09f129fc20857af6db?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (c8504a8) will **not change** coverage.
   > The diff coverage is `n/a`.
   
   ```diff
   @@Coverage Diff@@
   ## master #153   +/-   ##
   =
 Coverage 93.19%   93.19%   
 Complexity  567  567   
   =
 Files21   21   
 Lines  1205 1205   
 Branches214  214   
   =
 Hits   1123 1123   
 Misses   46   46   
 Partials 36   36   
   ```
   
   
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-cli] codecov-commenter commented on pull request #152: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

codecov-commenter commented on PR #152:
URL: https://github.com/apache/commons-cli/pull/152#issuecomment-1363675678

   # 
[Codecov](https://codecov.io/gh/apache/commons-cli/pull/152?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#152](https://codecov.io/gh/apache/commons-cli/pull/152?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (17e3dad) into 
[master](https://codecov.io/gh/apache/commons-cli/commit/c8504a8bfc21852bf11a1c09f129fc20857af6db?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (c8504a8) will **not change** coverage.
   > The diff coverage is `n/a`.
   
   ```diff
   @@Coverage Diff@@
   ## master #152   +/-   ##
   =
 Coverage 93.19%   93.19%   
 Complexity  567  567   
   =
 Files21   21   
 Lines  1205 1205   
 Branches214  214   
   =
 Hits   1123 1123   
 Misses   46   46   
 Partials 36   36   
   ```
   
   
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-jcs] dependabot[bot] opened a new pull request, #127: Bump actions/cache from 3.0.11 to 3.2.1

[GitBox]

dependabot[bot] opened a new pull request, #127:
URL: https://github.com/apache/commons-jcs/pull/127

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.1.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.1
   What's Changed
   
   Release compression related changes for windows by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1039";>actions/cache#1039
   Upgrade codeql to v2 by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1023";>actions/cache#1023
   
   Full Changelog: https://github.com/actions/cache/compare/v3.2.0...v3.2.1";>https://github.com/actions/cache/compare/v3.2.0...v3.2.1
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first 

[GitHub] [commons-jcs] dependabot[bot] opened a new pull request, #128: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #128:
URL: https://github.com/apache/commons-jcs/pull/128

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency`

[GitHub] [commons-cli] dependabot[bot] opened a new pull request, #152: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #152:
URL: https://github.com/apache/commons-cli/pull/152

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency`

[GitHub] [commons-cli] dependabot[bot] opened a new pull request, #153: Bump actions/cache from 3.0.11 to 3.2.1

[GitBox]

dependabot[bot] opened a new pull request, #153:
URL: https://github.com/apache/commons-cli/pull/153

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.1.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.1
   What's Changed
   
   Release compression related changes for windows by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1039";>actions/cache#1039
   Upgrade codeql to v2 by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1023";>actions/cache#1023
   
   Full Changelog: https://github.com/actions/cache/compare/v3.2.0...v3.2.1";>https://github.com/actions/cache/compare/v3.2.0...v3.2.1
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first 

[GitHub] [commons-build-plugin] dependabot[bot] opened a new pull request, #117: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #117:
URL: https://github.com/apache/commons-build-plugin/pull/117

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://githu

[GitHub] [commons-build-plugin] dependabot[bot] opened a new pull request, #116: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #116:
URL: https://github.com/apache/commons-build-plugin/pull/116

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this de

[jira] [Work logged] (LANG-1682) Adding StringUtils.startsWithAnyIgnoreCase method

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/LANG-1682?focusedWorklogId=835446&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-835446
 ]

ASF GitHub Bot logged work on LANG-1682:


Author: ASF GitHub Bot
Created on: 23/Dec/22 05:38
Start Date: 23/Dec/22 05:38
Worklog Time Spent: 10m 
  Work Description: Enigo commented on PR #848:
URL: https://github.com/apache/commons-lang/pull/848#issuecomment-1363635919

   Hey @garydgregory 
   any chance for this PR to be reviewed and merged?
   thanks!
   




Issue Time Tracking
---

Worklog Id: (was: 835446)
Time Spent: 0.5h  (was: 20m)

> Adding StringUtils.startsWithAnyIgnoreCase method
> -
>
> Key: LANG-1682
> URL: https://issues.apache.org/jira/browse/LANG-1682
> Project: Commons Lang
>  Issue Type: Improvement
>  Components: lang.*
>Reporter: Ruslan Sibgatullin
>Priority: Minor
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Adding `StringUtils.startsWithAnyIgnoreCase` to have more flexibility.
> Based on the existing `startsWith` method



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [commons-lang] Enigo commented on pull request #848: LANG-1682 Adding StringUtils.startsWithAnyIgnoreCase method

[GitBox]

Enigo commented on PR #848:
URL: https://github.com/apache/commons-lang/pull/848#issuecomment-1363635919

   Hey @garydgregory 
   any chance for this PR to be reviewed and merged?
   thanks!
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-digester] dependabot[bot] closed pull request #53: Bump ossf/scorecard-action from 1.1.2 to 2.1.0

[GitBox]

dependabot[bot] closed pull request #53: Bump ossf/scorecard-action from 1.1.2 
to 2.1.0
URL: https://github.com/apache/commons-digester/pull/53


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-digester] dependabot[bot] commented on pull request #53: Bump ossf/scorecard-action from 1.1.2 to 2.1.0

[GitBox]

dependabot[bot] commented on PR #53:
URL: https://github.com/apache/commons-digester/pull/53#issuecomment-1363587980

   Superseded by #55.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-digester] dependabot[bot] opened a new pull request, #55: Bump ossf/scorecard-action from 1.1.2 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #55:
URL: https://github.com/apache/commons-digester/pull/55

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
1.1.2 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   v2.1.0
   What's Changed
   Scorecard version
   This release uses https://github.com/ossf/scorecard/releases/tag/v4.10.0";>scorecard 
v4.10.0.
   Improvements
   
   Docker build workflow by https://github.com/naveensrinivasan";>@​naveensrinivasan 
in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981";>ossf/scorecard-action#981
   Use root user in distroless to support GitHub Actions by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994";>ossf/scorecard-action#994
   Disable pull_request_target by https://github.com/laurentsimon";>@​laurentsimon in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031";>ossf/scorecard-action#1031
   
   Documentation
   
   Add PAT section explaining risks by https://github.com/olivekl";>@​olivekl in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024";>ossf/scorecard-action#1024
   Make the badge text easier to copy by https://github.com/rajbos";>@​rajbos in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026";>ossf/scorecard-action#1026
   
   New Contributors
   
   https://github.com/joycebrum";>@​joycebrum made 
their first contribution in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984";>ossf/scorecard-action#984
   https://github.com/rajbos";>@​rajbos made their 
first contribution in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026";>ossf/scorecard-action#1026
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0";>https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0
   v2.0.6
   What's Changed
   
   Fix - Broken dockerfile by https://github.com/naveensrinivasan";>@​naveensrinivasan 
in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/979";>ossf/scorecard-action#979
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6";>https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6
   v2.0.5
   What's Changed
   
   Remove trailing space from example by https://github.com/jamacku";>@​jamacku in https://github-redirect.dependabot.com/ossf/scorecard-action/pull/955";>ossf/scorecard-action#955
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d

[GitHub] [commons-digester] dependabot[bot] closed pull request #40: Bump actions/cache from 3.0.8 to 3.0.11

[GitBox]

dependabot[bot] closed pull request #40: Bump actions/cache from 3.0.8 to 3.0.11
URL: https://github.com/apache/commons-digester/pull/40


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-dbcp] dependabot[bot] opened a new pull request, #250: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #250:
URL: https://github.com/apache/commons-dbcp/pull/250

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency

[GitHub] [commons-digester] dependabot[bot] commented on pull request #40: Bump actions/cache from 3.0.8 to 3.0.11

[GitBox]

dependabot[bot] commented on PR #40:
URL: https://github.com/apache/commons-digester/pull/40#issuecomment-1363587921

   Superseded by #54.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-digester] dependabot[bot] opened a new pull request, #54: Bump actions/cache from 3.0.8 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #54:
URL: https://github.com/apache/commons-digester/pull/54

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://github.com/k

[GitHub] [commons-compress] dependabot[bot] opened a new pull request, #343: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #343:
URL: https://github.com/apache/commons-compress/pull/343

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this depend

[GitHub] [commons-dbcp] dependabot[bot] opened a new pull request, #249: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #249:
URL: https://github.com/apache/commons-dbcp/pull/249

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://github.com/ko

[GitHub] [commons-compress] dependabot[bot] opened a new pull request, #342: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #342:
URL: https://github.com/apache/commons-compress/pull/342

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://github.co

[GitHub] [commons-net] garydgregory merged pull request #134: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

garydgregory merged PR #134:
URL: https://github.com/apache/commons-net/pull/134


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-net] garydgregory merged pull request #133: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

garydgregory merged PR #133:
URL: https://github.com/apache/commons-net/pull/133


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-net] dependabot[bot] opened a new pull request, #134: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #134:
URL: https://github.com/apache/commons-net/pull/134

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://github.com/kot

[GitHub] [commons-net] dependabot[bot] opened a new pull request, #133: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #133:
URL: https://github.com/apache/commons-net/pull/133

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency`

[GitHub] [commons-io] kinow merged pull request #416: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

kinow merged PR #416:
URL: https://github.com/apache/commons-io/pull/416


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-io] dependabot[bot] opened a new pull request, #417: Bump ossf/scorecard-action from 2.1.0 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #417:
URL: https://github.com/apache/commons-io/pull/417

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.0 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   v2.1.1
   Scorecard version
   This release use https://github.com/ossf/scorecard/releases/tag/v4.10.1";>Scorecard's 
v4.10.1
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1";>https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   https://github.com/ossf/scorecard-action/commit/15c10fcf1cf912bd22260bfec67569a359ab87da";>15c10fc
 Update tag to v2.1.1 (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047";>#1047)
   https://github.com/ossf/scorecard-action/commit/f96da1a128903623ca8553562d0a85aa8b11d5af";>f96da1a
 :seedling: Update scorecard for the panic (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045";>#1045)
   https://github.com/ossf/scorecard-action/commit/813a8251528830defc8d1d9e3b20ba7640225d7d";>813a825
 Complete the list of required actions (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044";>#1044)
   https://github.com/ossf/scorecard-action/commit/be62ea89c1d5c6cb8560cb24a4da589926d74068";>be62ea8
 Update RELEASE.md (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042";>#1042)
   Additional commits viewable in https://github.com/ossf/scorecard-action/compare/937ffa90d79c7d720498178154ad4c7ba1e4ad8c...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` 

[GitHub] [commons-io] dependabot[bot] opened a new pull request, #416: Bump actions/cache from 3.0.11 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request, #416:
URL: https://github.com/apache/commons-io/pull/416

   Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/actions/cache/releases";>actions/cache's 
releases.
   
   v3.2.0
   What's Changed
   
   fix wrong timeout env var key in README.md by https://github.com/walterddr";>@​walterddr in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   Updated release doc with correct env variable by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/960";>actions/cache#960
   Create pull_request_template.md by https://github.com/pdotl";>@​pdotl in https://github-redirect.dependabot.com/actions/cache/pull/963";>actions/cache#963
   Update README with clearer info about cache-hit and its value by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/961";>actions/cache#961
   Change datadog/squid to Ubuntu/squid in CI check by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/976";>actions/cache#976
   Add more details to version section in readme by https://github.com/bishal-pdMSFT";>@​bishal-pdMSFT in https://github-redirect.dependabot.com/actions/cache/pull/971";>actions/cache#971
   Update hashFiles documentation reference by https://github.com/asaf400";>@​asaf400 in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   Updated link for cache segment download info by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/986";>actions/cache#986
   Readme update for deleting caches by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/981";>actions/cache#981
   Add oncall logic to assign issues and PRs by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/997";>actions/cache#997
   Bump minimatch from 3.0.4 to 3.1.2 by https://github.com/dependabot";>@​dependabot in https://github-redirect.dependabot.com/actions/cache/pull/998";>actions/cache#998
   Revert "Bump minimatch from 3.0.4 to 3.1.2" by https://github.com/vsvipul";>@​vsvipul in https://github-redirect.dependabot.com/actions/cache/pull/1005";>actions/cache#1005
   Fix npm vulnerability by https://github.com/Phantsure";>@​Phantsure in https://github-redirect.dependabot.com/actions/cache/pull/1007";>actions/cache#1007
   refactor: Use early return pattern to avoid nested conditions by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   Use cache in check-dist.yml by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1004";>actions/cache#1004
   chore: Use built-in cache action to cache dependencies by https://github.com/jongwooo";>@​jongwooo in https://github-redirect.dependabot.com/actions/cache/pull/1014";>actions/cache#1014
   Updated node example by https://github.com/t-dedah";>@​t-dedah in https://github-redirect.dependabot.com/actions/cache/pull/1008";>actions/cache#1008
   Fix: Node npm doc example  by https://github.com/apascualm";>@​apascualm in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   docs: fix an invalid link in workarounds.md by https://github.com/teatimeguest";>@​teatimeguest in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   General Availability release for granular cache by https://github.com/kotewar";>@​kotewar in https://github-redirect.dependabot.com/actions/cache/pull/1035";>actions/cache#1035
 More details here on https://github.com/actions/cache/discussions/1020";>beta release.
   
   New Contributors
   
   https://github.com/walterddr";>@​walterddr made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/959";>actions/cache#959
   https://github.com/asaf400";>@​asaf400 made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/979";>actions/cache#979
   https://github.com/jongwooo";>@​jongwooo made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1013";>actions/cache#1013
   https://github.com/apascualm";>@​apascualm made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/1026";>actions/cache#1026
   https://github.com/teatimeguest";>@​teatimeguest made 
their first contribution in https://github-redirect.dependabot.com/actions/cache/pull/929";>actions/cache#929
   
   Full Changelog: https://github.com/actions/cache/compare/v3...v3.2.0";>https://github.com/actions/cache/compare/v3...v3.2.0
   v3.2.0-beta.1
   What's Changed
   
   Actions Cache Granular Control Implementation by https://github.com/kote

[jira] [Work logged] (POOL-393) BaseGenericObjectPool.jmxRegister may cost too much time

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/POOL-393?focusedWorklogId=835415&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-835415
 ]

ASF GitHub Bot logged work on POOL-393:
---

Author: ASF GitHub Bot
Created on: 22/Dec/22 23:45
Start Date: 22/Dec/22 23:45
Worklog Time Spent: 10m 
  Work Description: codecov-commenter commented on PR #199:
URL: https://github.com/apache/commons-pool/pull/199#issuecomment-1363443034

   # 
[Codecov](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#199](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (3026c61) into 
[master](https://codecov.io/gh/apache/commons-pool/commit/eb2cf8eb2b7984e7300cb6875ad3882508ff56f3?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (eb2cf8e) will **increase** coverage by `0.10%`.
   > The diff coverage is `100.00%`.
   
   ```diff
   @@ Coverage Diff  @@
   ## master #199  +/-   ##
   
   + Coverage 81.83%   81.94%   +0.10% 
   - Complexity  760  763   +3 
   
 Files42   42  
 Lines  3066 3068   +2 
 Branches308  309   +1 
   
   + Hits   2509 2514   +5 
   + Misses  450  449   -1 
   + Partials107  105   -2 
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | Coverage Δ | |
   |---|---|---|
   | 
[...ache/commons/pool2/impl/BaseGenericObjectPool.java](https://codecov.io/gh/apache/commons-pool/pull/199/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvcG9vbDIvaW1wbC9CYXNlR2VuZXJpY09iamVjdFBvb2wuamF2YQ==)
 | `88.36% <100.00%> (-0.43%)` | :arrow_down: |
   | 
[...g/apache/commons/pool2/impl/GenericObjectPool.java](https://codecov.io/gh/apache/commons-pool/pull/199/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvcG9vbDIvaW1wbC9HZW5lcmljT2JqZWN0UG9vbC5qYXZh)
 | `85.41% <0.00%> (+1.30%)` | :arrow_up: |
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   




Issue Time Tracking
---

Worklog Id: (was: 835415)
Time Spent: 1h 20m  (was: 1h 10m)

> BaseGenericObjectPool.jmxRegister may cost too much time
> 
>
> Key: POOL-393
> URL: https://issues.apache.org/jira/browse/POOL-393
> Project: Commons Pool
>  Issue Type: Improvement
>Affects Versions: 2.4.2
>Reporter: Shichao Yuan
>Priority: Major
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
>  
> When creating many pools, I find that it tasks too much time to register jmx.
> In the code,  the ObjectName's postfix always starts with 1, so many 
> InstanceAlreadyExistsExceptions may be thrown before registered successfully.
> Maybe a random number is a better choice, or a atomic long.
> {quote}private ObjectName jmxRegister(BaseObjectPoolConfig config,
>  String jmxNameBase, String jmxNamePrefix) {
>  ObjectName objectName = null;
>  MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
>  int i = 1;
>  boolean registered = false;
>  String base = config.getJmxNameBase();
>  if (base == null)
> Unknown macro: \{ base = jmxNameBase; }
> while (!registered) {
>  try {
>  ObjectName objName;
>  // Skip the numeric suffix for the first pool in case there is
>  // only one so the names are cleaner.
>  if (i == 1)
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix); }
> else
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix + i); }
> mbs.registerMBean(this, objName);
>  objectName = objName;
>  registered = true;
>  } catch (MalformedObjectNameException e) {
>  if (BaseObjectPoolConfig.DEFAU

[GitHub] [commons-pool] codecov-commenter commented on pull request #199: [POOL-393] Improve BaseGenericObjectPool's JMX Register performance

[GitBox]

codecov-commenter commented on PR #199:
URL: https://github.com/apache/commons-pool/pull/199#issuecomment-1363443034

   # 
[Codecov](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#199](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (3026c61) into 
[master](https://codecov.io/gh/apache/commons-pool/commit/eb2cf8eb2b7984e7300cb6875ad3882508ff56f3?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (eb2cf8e) will **increase** coverage by `0.10%`.
   > The diff coverage is `100.00%`.
   
   ```diff
   @@ Coverage Diff  @@
   ## master #199  +/-   ##
   
   + Coverage 81.83%   81.94%   +0.10% 
   - Complexity  760  763   +3 
   
 Files42   42  
 Lines  3066 3068   +2 
 Branches308  309   +1 
   
   + Hits   2509 2514   +5 
   + Misses  450  449   -1 
   + Partials107  105   -2 
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/commons-pool/pull/199?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | Coverage Δ | |
   |---|---|---|
   | 
[...ache/commons/pool2/impl/BaseGenericObjectPool.java](https://codecov.io/gh/apache/commons-pool/pull/199/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvcG9vbDIvaW1wbC9CYXNlR2VuZXJpY09iamVjdFBvb2wuamF2YQ==)
 | `88.36% <100.00%> (-0.43%)` | :arrow_down: |
   | 
[...g/apache/commons/pool2/impl/GenericObjectPool.java](https://codecov.io/gh/apache/commons-pool/pull/199/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2NvbW1vbnMvcG9vbDIvaW1wbC9HZW5lcmljT2JqZWN0UG9vbC5qYXZh)
 | `85.41% <0.00%> (+1.30%)` | :arrow_up: |
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (POOL-393) BaseGenericObjectPool.jmxRegister may cost too much time

[Niall Pemberton (Jira)]

[ 
https://issues.apache.org/jira/browse/POOL-393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17651437#comment-17651437
 ] 

Niall Pemberton commented on POOL-393:
--

I created the following PR:
 * [https://github.com/apache/commons-pool/pull/199]

It adds a check to MBeanServer's _*isRegistered(ObjectName)*_ method and from 
running Phil's test this improves performance 10x even though there are alot of 
calls to JMX for a large number of pools.

> BaseGenericObjectPool.jmxRegister may cost too much time
> 
>
> Key: POOL-393
> URL: https://issues.apache.org/jira/browse/POOL-393
> Project: Commons Pool
>  Issue Type: Improvement
>Affects Versions: 2.4.2
>Reporter: Shichao Yuan
>Priority: Major
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
>  
> When creating many pools, I find that it tasks too much time to register jmx.
> In the code,  the ObjectName's postfix always starts with 1, so many 
> InstanceAlreadyExistsExceptions may be thrown before registered successfully.
> Maybe a random number is a better choice, or a atomic long.
> {quote}private ObjectName jmxRegister(BaseObjectPoolConfig config,
>  String jmxNameBase, String jmxNamePrefix) {
>  ObjectName objectName = null;
>  MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
>  int i = 1;
>  boolean registered = false;
>  String base = config.getJmxNameBase();
>  if (base == null)
> Unknown macro: \{ base = jmxNameBase; }
> while (!registered) {
>  try {
>  ObjectName objName;
>  // Skip the numeric suffix for the first pool in case there is
>  // only one so the names are cleaner.
>  if (i == 1)
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix); }
> else
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix + i); }
> mbs.registerMBean(this, objName);
>  objectName = objName;
>  registered = true;
>  } catch (MalformedObjectNameException e) {
>  if (BaseObjectPoolConfig.DEFAULT_JMX_NAME_PREFIX.equals(
>  jmxNamePrefix) && jmxNameBase.equals(base))
> Unknown macro: \{ // Shouldn't happen. Skip registration if it does. 
> registered = true; }
> else
> Unknown macro: \{ // Must be an invalid name. Use the defaults instead. 
> jmxNamePrefix = BaseObjectPoolConfig.DEFAULT_JMX_NAME_PREFIX; base = 
> jmxNameBase; }
> } catch (InstanceAlreadyExistsException e)
> Unknown macro: \{ // Increment the index and try again i++; }
> catch (MBeanRegistrationException e)
> Unknown macro: \{ // Shouldn't happen. Skip registration if it does. 
> registered = true; }
> catch (NotCompliantMBeanException e)
> }
>  return objectName;
>  }
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (MATH-1652) comments about the formula of binomialCoefficient wrong

[Gilles Sadowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MATH-1652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gilles Sadowski resolved MATH-1652.
---
Resolution: Invalid

No feedback: Closing.

> comments about the formula of binomialCoefficient wrong
> ---
>
> Key: MATH-1652
> URL: https://issues.apache.org/jira/browse/MATH-1652
> Project: Commons Math
>  Issue Type: Improvement
>Reporter: nimo mayr
>Priority: Minor
>
> The class
> {code:java}
> org.apache.commons.math3.util.CombinatoricsUtils{code}
> within the method 
> {code:java}
> public static long binomialCoefficient(final int n, final int k){code}
> contains the following comments:
> {code:java}
> // We use the formula
> // (n choose k) = n! / (n-k)! / k!
> // (n choose k) == ((n-k+1)...*n) / (1...*k)
> // which could be written
> // (n choose k) == (n-1 choose k-1) * n / k
> {code}
> I think, the second line
> {code:java}
> (n choose k) = n! / (n-k)! / k!{code}
> must be written to
> {code:java}
> (n choose k) = n! / (n-k)! * k!{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (POOL-393) BaseGenericObjectPool.jmxRegister may cost too much time

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/POOL-393?focusedWorklogId=835413&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-835413
 ]

ASF GitHub Bot logged work on POOL-393:
---

Author: ASF GitHub Bot
Created on: 22/Dec/22 23:16
Start Date: 22/Dec/22 23:16
Worklog Time Spent: 10m 
  Work Description: niallkp opened a new pull request, #199:
URL: https://github.com/apache/commons-pool/pull/199

   The algorithm for generating the JMX name for newly created pools can be 
very slow if the number of pools is large. This PR makes a 10x improvement 
without changing the naming sequence.
   
   I tried a couple of approaches - first retrieving all the registered pool 
names using  the MBeanServer's  **_queryNames(ObjectName, QueryExp)_** method 
and and then using MBeanServer's **_isRegistered(ObjectName)_** method. The 
later involved many more JMX calls but was slightly faster and simpler code - 
so this PR uses that approach.
   
   This PR seems to provide the performance improvement without changing 
behavior - which Phil didn't like in 
https://github.com/apache/commons-pool/pull/115




Issue Time Tracking
---

Worklog Id: (was: 835413)
Time Spent: 1h 10m  (was: 1h)

> BaseGenericObjectPool.jmxRegister may cost too much time
> 
>
> Key: POOL-393
> URL: https://issues.apache.org/jira/browse/POOL-393
> Project: Commons Pool
>  Issue Type: Improvement
>Affects Versions: 2.4.2
>Reporter: Shichao Yuan
>Priority: Major
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
>  
> When creating many pools, I find that it tasks too much time to register jmx.
> In the code,  the ObjectName's postfix always starts with 1, so many 
> InstanceAlreadyExistsExceptions may be thrown before registered successfully.
> Maybe a random number is a better choice, or a atomic long.
> {quote}private ObjectName jmxRegister(BaseObjectPoolConfig config,
>  String jmxNameBase, String jmxNamePrefix) {
>  ObjectName objectName = null;
>  MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
>  int i = 1;
>  boolean registered = false;
>  String base = config.getJmxNameBase();
>  if (base == null)
> Unknown macro: \{ base = jmxNameBase; }
> while (!registered) {
>  try {
>  ObjectName objName;
>  // Skip the numeric suffix for the first pool in case there is
>  // only one so the names are cleaner.
>  if (i == 1)
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix); }
> else
> Unknown macro: \{ objName = new ObjectName(base + jmxNamePrefix + i); }
> mbs.registerMBean(this, objName);
>  objectName = objName;
>  registered = true;
>  } catch (MalformedObjectNameException e) {
>  if (BaseObjectPoolConfig.DEFAULT_JMX_NAME_PREFIX.equals(
>  jmxNamePrefix) && jmxNameBase.equals(base))
> Unknown macro: \{ // Shouldn't happen. Skip registration if it does. 
> registered = true; }
> else
> Unknown macro: \{ // Must be an invalid name. Use the defaults instead. 
> jmxNamePrefix = BaseObjectPoolConfig.DEFAULT_JMX_NAME_PREFIX; base = 
> jmxNameBase; }
> } catch (InstanceAlreadyExistsException e)
> Unknown macro: \{ // Increment the index and try again i++; }
> catch (MBeanRegistrationException e)
> Unknown macro: \{ // Shouldn't happen. Skip registration if it does. 
> registered = true; }
> catch (NotCompliantMBeanException e)
> }
>  return objectName;
>  }
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [commons-pool] niallkp opened a new pull request, #199: [POOL-393] Improve BaseGenericObjectPool's JMX Register performance

[GitBox]

niallkp opened a new pull request, #199:
URL: https://github.com/apache/commons-pool/pull/199

   The algorithm for generating the JMX name for newly created pools can be 
very slow if the number of pools is large. This PR makes a 10x improvement 
without changing the naming sequence.
   
   I tried a couple of approaches - first retrieving all the registered pool 
names using  the MBeanServer's  **_queryNames(ObjectName, QueryExp)_** method 
and and then using MBeanServer's **_isRegistered(ObjectName)_** method. The 
later involved many more JMX calls but was slightly faster and simpler code - 
so this PR uses that approach.
   
   This PR seems to provide the performance improvement without changing 
behavior - which Phil didn't like in 
https://github.com/apache/commons-pool/pull/115


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-email] garydgregory merged pull request #124: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

garydgregory merged PR #124:
URL: https://github.com/apache/commons-email/pull/124


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-ognl] garydgregory merged pull request #100: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

garydgregory merged PR #100:
URL: https://github.com/apache/commons-ognl/pull/100


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-fileupload] garydgregory merged pull request #191: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

garydgregory merged PR #191:
URL: https://github.com/apache/commons-fileupload/pull/191


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-imaging] garydgregory merged pull request #259: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

garydgregory merged PR #259:
URL: https://github.com/apache/commons-imaging/pull/259


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-exec] garydgregory merged pull request #85: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

garydgregory merged PR #85:
URL: https://github.com/apache/commons-exec/pull/85


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-email] dependabot[bot] opened a new pull request, #124: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #124:
URL: https://github.com/apache/commons-email/pull/124

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.1 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   See full diff in https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-ognl] dependabot[bot] opened a new pull request, #100: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #100:
URL: https://github.com/apache/commons-ognl/pull/100

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.1 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   See full diff in https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-fileupload] dependabot[bot] opened a new pull request, #191: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #191:
URL: https://github.com/apache/commons-fileupload/pull/191

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.1 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   See full diff in https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-imaging] dependabot[bot] opened a new pull request, #259: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #259:
URL: https://github.com/apache/commons-imaging/pull/259

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.1 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   See full diff in https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [commons-exec] dependabot[bot] opened a new pull request, #85: Bump ossf/scorecard-action from 2.1.1 to 2.1.2

[GitBox]

dependabot[bot] opened a new pull request, #85:
URL: https://github.com/apache/commons-exec/pull/85

   Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 
2.1.1 to 2.1.2.
   
   Release notes
   Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's
 releases.
   
   v2.1.2
   What's Changed
   Fixes
   
   🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf 
statement. by https://github.com/spencerschrock";>@​spencerschrock in 
https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054";>ossf/scorecard-action#1054
   
   Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2";>https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2
   
   
   
   Commits
   
   https://github.com/ossf/scorecard-action/commit/e38b1902ae4f44df626f11ba0734b14fb91f8f86";>e38b190
 Bump docker tag for release. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055";>#1055)
   https://github.com/ossf/scorecard-action/commit/7da02bf0d58396bc404a7e5aef3e9b0c24dcb9bc";>7da02bf
 Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054";>#1054)
   https://github.com/ossf/scorecard-action/commit/013c0f8bd2b3c3003f636c6766a361e000c32d25";>013c0f8
 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2
   https://github.com/ossf/scorecard-action/commit/f93c094f4acf097f91d5753d637606bc11fdd8f6";>f93c094
 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37
   https://github.com/ossf/scorecard-action/commit/ce8978e058ff447b9df113f0f576b977fc627d6d";>ce8978e
 :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1
   https://github.com/ossf/scorecard-action/commit/5ce49db1aa7b24de0c4143035a64115e9c674b14";>5ce49db
 :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0
   See full diff in https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (JEXL-390) Pragmas should not be statements

[Henri Biestro (Jira)]

[ 
https://issues.apache.org/jira/browse/JEXL-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17651338#comment-17651338
 ] 

Henri Biestro commented on JEXL-390:


You are absolutely correct. One way to fool-proof it ( pragmas must occur 
before any statement)  and maintain compatibility (and choice) would be to 
introduce a feature flag (much like operator names).

> Pragmas should not be statements
> 
>
> Key: JEXL-390
> URL: https://issues.apache.org/jira/browse/JEXL-390
> Project: Commons JEXL
>  Issue Type: Improvement
>Affects Versions: 3.2.1
>Reporter: Dmitri Blinov
>Assignee: Henri Biestro
>Priority: Minor
> Fix For: 3.3
>
>
> In Jexl pragmas are treated as statements syntactically, but do not find 
> their way to AST tree and this leads to strange bugs like in the following 
> example
> {code}
> @Test
> public void testBadPragmas() throws Exception {
> final JexlEngine jexl = new 
> JexlBuilder().cache(1024).debug(true).create();
> final JexlScript script = jexl.createScript("if (true) #pragma one 
> 42");
> JexlContext jc = new MapContext();
> final Object result = script.execute(jc);
> debuggerCheck(jexl);  
> }
> {code}
> While this partucular bug can be trivially fixed, in fact the whole idea to 
> allow putting pragmas for example inside a loop or inside if-branch is a 
> strange language design (I'm not aware of examples in other languages) as it 
> gives false idea of the pragma being controlled by script execution logic. 
> If there's no reason or use case to keep this design as is, my proposal is to 
> make a grammar change and allow pragmas to be declared only at the top of the 
> script. Another point to change current pragma implementation is that pragmas 
> can not be used with expressions, e.g. no way to specify standard options / 
> imports.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (JEXL-390) Pragmas should not be statements

[Dmitri Blinov (Jira)]

[ 
https://issues.apache.org/jira/browse/JEXL-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17651323#comment-17651323
 ] 

Dmitri Blinov commented on JEXL-390:


I understand your point to keep the things as much backward compatible as 
possible but if pragmas are allowed to be placed closer to the the point where 
they are used, they stiil can unintentionally influence the interpretation of 
the code before them, because they are still pragmas and not lexical 
preprocessor directives, like in CPP. Here is artificial example.
{code}
@Test
public void testPragmaOptions1() {
final String str = "i; #pragma jexl.options '-strict'\n";
final JexlEngine jexl = new JexlBuilder().strict(true).create();
final JexlScript e = jexl.createScript(str);
final JexlContext ctxt = new MapContext();
try {
final Object o = e.execute(ctxt);
Assert.fail("i should not be resolved");
} catch (final JexlException xany) {
Assert.assertNotNull(xany);
}
}
{code}

> Pragmas should not be statements
> 
>
> Key: JEXL-390
> URL: https://issues.apache.org/jira/browse/JEXL-390
> Project: Commons JEXL
>  Issue Type: Improvement
>Affects Versions: 3.2.1
>Reporter: Dmitri Blinov
>Assignee: Henri Biestro
>Priority: Minor
> Fix For: 3.3
>
>
> In Jexl pragmas are treated as statements syntactically, but do not find 
> their way to AST tree and this leads to strange bugs like in the following 
> example
> {code}
> @Test
> public void testBadPragmas() throws Exception {
> final JexlEngine jexl = new 
> JexlBuilder().cache(1024).debug(true).create();
> final JexlScript script = jexl.createScript("if (true) #pragma one 
> 42");
> JexlContext jc = new MapContext();
> final Object result = script.execute(jc);
> debuggerCheck(jexl);  
> }
> {code}
> While this partucular bug can be trivially fixed, in fact the whole idea to 
> allow putting pragmas for example inside a loop or inside if-branch is a 
> strange language design (I'm not aware of examples in other languages) as it 
> gives false idea of the pragma being controlled by script execution logic. 
> If there's no reason or use case to keep this design as is, my proposal is to 
> make a grammar change and allow pragmas to be declared only at the top of the 
> script. Another point to change current pragma implementation is that pragmas 
> can not be used with expressions, e.g. no way to specify standard options / 
> imports.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)