seanjmullan commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1410793725
##
src/main/java/org/apache/xml/security/encryption/AgreementMethod.java:
##
@@ -88,6 +91,22 @@ public interface AgreementMethod {
*/
coheigea commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1829502160
4.0.1 is in maven central now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
coheigea merged PR #247:
URL: https://github.com/apache/santuario-xml-security-java/pull/247
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea opened a new pull request, #247:
URL: https://github.com/apache/santuario-xml-security-java/pull/247
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
T
coheigea merged PR #245:
URL: https://github.com/apache/santuario-xml-security-java/pull/245
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1823879687
I'm calling a vote on 4.0.1 today with the fix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
coheigea commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1820411710
It's working now thanks @jrihtarsic
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL a
jrihtarsic commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1819723155
Hi @coheigea
I tried with the latest Zulu JDK version 11.0.21 and Oracle OpenJDK 11.0.19
and I could not repeat the issue. (See the version details below). But I
dependabot[bot] closed pull request #246: Bump actions/dependency-review-action
from 3.1.0 to 3.1.3
URL: https://github.com/apache/santuario-xml-security-java/pull/246
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
U
dependabot[bot] commented on PR #246:
URL:
https://github.com/apache/santuario-xml-security-java/pull/246#issuecomment-1818955810
Looks like actions/dependency-review-action is no longer a dependency, so
this is no longer needed.
--
This is an automated message from the Apache Git Servic
coheigea commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1398738315
##
src/main/java/org/apache/xml/security/keys/derivedKey/KeyDerivationMethodImpl.java:
##
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software
github-advanced-security[bot] commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1398732391
##
src/main/java/org/apache/xml/security/keys/derivedKey/KeyDerivationMethodImpl.java:
##
@@ -0,0 +1,108 @@
+/**
+ * Licensed t
github-actions[bot] commented on PR #246:
URL:
https://github.com/apache/santuario-xml-security-java/pull/246#issuecomment-1818114772
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
.github/workflows/dependency-review.ymlactions/dependency-review-
dependabot[bot] commented on PR #244:
URL:
https://github.com/apache/santuario-xml-security-java/pull/244#issuecomment-1818114197
Superseded by #246.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
dependabot[bot] closed pull request #244: Bump actions/dependency-review-action
from 3.1.0 to 3.1.2
URL: https://github.com/apache/santuario-xml-security-java/pull/244
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
U
dependabot[bot] opened a new pull request, #246:
URL: https://github.com/apache/santuario-xml-security-java/pull/246
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 3.1.0 to 3.1.3.
Release notes
Sourced from https://github.com/act
narras-oss commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1816655403
This particular pull request (which is merged) is what I am referring to as
the fix, either 3.0.4 or 4.0.1 (next release) would work.
--
This is an automated mes
coheigea commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1815825408
@narras-oss What release do you specifically need a fix in?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to G
narras-oss commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1815519461
@coheigea Is there an ETA for next release ? We are unable to upgrade to
latest version to get the CVE fix until this fix included (other than
copy-pasting this cla
jrihtarsic commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1814298829
Hi @coheigea
I would be grateful if you could take a look at it and provide me with your
feedback, particularly on the architecture of the implementation. Also,
github-actions[bot] commented on PR #245:
URL:
https://github.com/apache/santuario-xml-security-java/pull/245#issuecomment-1813697229
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
pom.xmlorg.bouncycastle:bcprov-jdk18on@1.77org.bouncycastle:bcpro
dependabot[bot] opened a new pull request, #245:
URL: https://github.com/apache/santuario-xml-security-java/pull/245
Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java)
from 1.76 to 1.77.
Changelog
Sourced from https://github.com/bcgit/bc-java/blob/main/docs/r
github-actions[bot] commented on PR #244:
URL:
https://github.com/apache/santuario-xml-security-java/pull/244#issuecomment-1807380159
Dependency Review
✅ No vulnerabilities or license issues found.Snapshot Warnings
⚠️: No snapshots were found for the head SHA
343354b9ad55bd40ac098038b
dependabot[bot] opened a new pull request, #244:
URL: https://github.com/apache/santuario-xml-security-java/pull/244
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 3.1.0 to 3.1.2.
Release notes
Sourced from https://github.com/act
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1389324757
##
src/main/java/org/apache/xml/security/encryption/params/ConcatKeyDerivationParameter.java:
##
@@ -43,15 +43,15 @@ public class ConcatKeyDerivationPar
jrihtarsic commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1805595216
@coheigea the PR is ready for review.
@phax thanks again for already provided comments and suggestions for
improvements.
--
This is an automated message
phax commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1805500267
I like it ;-) Thanks @jrihtarsic for all the changes 😍
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub an
coheigea commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1805419921
Let me know please when this is ready for review
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and u
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1385009645
##
src/test/java/org/apache/xml/security/testutils/JDKTestUtils.java:
##
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (AS
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384980326
##
src/main/java/org/apache/xml/security/utils/KeyUtils.java:
##
@@ -0,0 +1,280 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384779511
##
src/main/java/org/apache/xml/security/utils/DERDecoderUtils.java:
##
@@ -0,0 +1,250 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) unde
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384940531
##
src/main/java/org/apache/xml/security/encryption/params/ConcatKeyDerivationParameter.java:
##
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384927066
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlockCiph
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384926609
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlockCiph
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384920517
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlo
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384919644
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlo
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384909608
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlo
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384765287
##
src/main/java/org/apache/xml/security/encryption/XMLCipherUtil.java:
##
@@ -81,4 +94,212 @@ private static AlgorithmParameterSpec
constructBlockCiph
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384763142
##
src/test/java/org/apache/xml/security/testutils/KeyTestUtils.java:
##
@@ -101,6 +104,15 @@ public static KeyPair generateKeyPair(KeyUtils.KeyType
ke
jrihtarsic commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1798304706
@phax many thanks for all of the the comments. Let me know if you spot
anything else.
--
This is an automated message from the Apache Git Service.
To respond to t
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384737390
##
src/test/java/org/apache/xml/security/utils/KeyUtilsTest.java:
##
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) un
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384439467
##
src/main/java/org/apache/xml/security/utils/XMLUtils.java:
##
@@ -706,6 +706,27 @@ public static Element selectXencNode(Node sibling, String
n
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384418125
##
src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java:
##
@@ -0,0 +1,240 @@
+/**
+ * Licensed to the Apache Software Foundation
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1384395937
##
src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java:
##
@@ -37,7 +37,9 @@
public class DEREncodedKeyValue extends Signa
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383703120
##
src/test/java/org/apache/xml/security/utils/KeyUtilsTest.java:
##
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under on
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383701345
##
src/test/java/org/apache/xml/security/testutils/KeyTestUtils.java:
##
@@ -0,0 +1,125 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) und
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383700636
##
src/test/java/org/apache/xml/security/testutils/KeyTestUtils.java:
##
@@ -0,0 +1,125 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) und
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383699188
##
src/main/java/org/apache/xml/security/utils/XMLUtils.java:
##
@@ -706,6 +706,27 @@ public static Element selectXencNode(Node sibling, String
nodeNam
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383691978
##
src/main/java/org/apache/xml/security/utils/KeyUtils.java:
##
@@ -0,0 +1,284 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383685527
##
src/main/java/org/apache/xml/security/keys/derivedKey/DerivationAlgorithm.java:
##
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundati
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383684343
##
src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java:
##
@@ -0,0 +1,240 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF)
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383682400
##
src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java:
##
@@ -0,0 +1,240 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF)
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383675427
##
src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java:
##
@@ -0,0 +1,240 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF)
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383661569
##
src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java:
##
@@ -37,7 +37,9 @@
public class DEREncodedKeyValue extends Signature11
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383659525
##
src/main/java/org/apache/xml/security/keys/content/AgreementMethodImpl.java:
##
@@ -0,0 +1,324 @@
+/**
+ * Licensed to the Apache Software Foundation
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383656964
##
src/main/java/org/apache/xml/security/keys/KeyInfo.java:
##
@@ -361,6 +366,16 @@ public void add(DEREncodedKeyValue derEncodedKeyValue) {
ad
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383655155
##
src/main/java/org/apache/xml/security/encryption/params/KeyDerivationParameter.java:
##
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Fou
phax commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383653848
##
src/main/java/org/apache/xml/security/encryption/params/ConcatKeyDerivationParameter.java:
##
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache Softw
jrihtarsic commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383295017
##
src/main/java/org/apache/xml/security/utils/KeyUtils.java:
##
@@ -0,0 +1,280 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under
coheigea merged PR #243:
URL: https://github.com/apache/santuario-xml-security-java/pull/243
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
github-actions[bot] commented on PR #243:
URL:
https://github.com/apache/santuario-xml-security-java/pull/243#issuecomment-1793986498
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
pom.xmlorg.junit.jupiter:junit-jupiter-api@5.10.1org.junit.jupite
dependabot[bot] opened a new pull request, #243:
URL: https://github.com/apache/santuario-xml-security-java/pull/243
Bumps `junit.version` from 5.10.0 to 5.10.1.
Updates `org.junit.jupiter:junit-jupiter-engine` from 5.10.0 to 5.10.1
Release notes
Sourced from https://github.com/j
coheigea commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1792583378
Backmerging to 3.0.x as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
coheigea merged PR #240:
URL: https://github.com/apache/santuario-xml-security-java/pull/240
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea closed pull request #235: Downgrading some dependencies with known
vulns to see if caught by de…
URL: https://github.com/apache/santuario-xml-security-java/pull/235
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
coheigea closed pull request #236: Downgrading Jetty for test
URL: https://github.com/apache/santuario-xml-security-java/pull/236
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
coheigea merged PR #242:
URL: https://github.com/apache/santuario-xml-security-java/pull/242
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
github-actions[bot] commented on PR #242:
URL:
https://github.com/apache/santuario-xml-security-java/pull/242#issuecomment-1791890795
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
--
This is an automated message from the Apache Git Se
coheigea opened a new pull request, #242:
URL: https://github.com/apache/santuario-xml-security-java/pull/242
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
T
narras-oss commented on code in PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#discussion_r1380827955
##
src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java:
##
@@ -62,7 +62,7 @@ public SignatureBaseRSA(Provider p
seanjmullan commented on code in PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#discussion_r1380629008
##
src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java:
##
@@ -62,7 +62,7 @@ public SignatureBaseRSA(Provider
narras-oss commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1791243958
@coheigea and @seanjmullan We are unable to upgrade to 3.0.3 or 4.0.0 to get
the fix for CVE-2023-44483 because of this issue. Appreciate your attention to
this pull
seanjmullan commented on PR #240:
URL:
https://github.com/apache/santuario-xml-security-java/pull/240#issuecomment-1791262307
Sorry for the delay. I will take a look now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and us
coheigea merged PR #241:
URL: https://github.com/apache/santuario-xml-security-java/pull/241
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
github-actions[bot] commented on PR #241:
URL:
https://github.com/apache/santuario-xml-security-java/pull/241#issuecomment-1790872602
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
--
This is an automated message from the Apache Git Se
coheigea opened a new pull request, #241:
URL: https://github.com/apache/santuario-xml-security-java/pull/241
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
T
coheigea commented on PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#issuecomment-1788667659
@jrihtarsic Please see the codeql comments
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
github-advanced-security[bot] commented on code in PR #234:
URL:
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1378570296
##
src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java:
##
@@ -0,0 +1,232 @@
+/**
+ * Licensed to the Apache S
coheigea merged PR #233:
URL: https://github.com/apache/santuario-xml-security-java/pull/233
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea merged PR #232:
URL: https://github.com/apache/santuario-xml-security-java/pull/232
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea merged PR #239:
URL: https://github.com/apache/santuario-xml-security-java/pull/239
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
coheigea merged PR #238:
URL: https://github.com/apache/santuario-xml-security-java/pull/238
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
narras-oss opened a new pull request, #240:
URL: https://github.com/apache/santuario-xml-security-java/pull/240
The debug log message makes a call to Signature.getProvider() too early.
This causes Signature.chooseFirstProvider() to be called which matched the
first provider always rat
github-actions[bot] commented on PR #239:
URL:
https://github.com/apache/santuario-xml-security-java/pull/239#issuecomment-1784373172
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
.github/workflows/scorecards.ymlossf/scorecard-action@0864cf19026
dependabot[bot] opened a new pull request, #239:
URL: https://github.com/apache/santuario-xml-security-java/pull/239
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from
2.3.0 to 2.3.1.
Release notes
Sourced from https://github.com/ossf/scorecard-action/rele
github-actions[bot] commented on PR #238:
URL:
https://github.com/apache/santuario-xml-security-java/pull/238#issuecomment-1784368607
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
pom.xmlorg.cyclonedx:cyclonedx-maven-plugin@2.7.10org.cyclonedx:c
dependabot[bot] opened a new pull request, #238:
URL: https://github.com/apache/santuario-xml-security-java/pull/238
Bumps
[org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)
from 2.7.9 to 2.7.10.
Release notes
Sourced from https://github.co
coheigea merged PR #237:
URL: https://github.com/apache/santuario-xml-security-java/pull/237
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubsc
github-actions[bot] commented on PR #237:
URL:
https://github.com/apache/santuario-xml-security-java/pull/237#issuecomment-1778505633
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
--
This is an automated message from the Apache Git Se
coheigea opened a new pull request, #237:
URL: https://github.com/apache/santuario-xml-security-java/pull/237
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
T
github-actions[bot] commented on PR #236:
URL:
https://github.com/apache/santuario-xml-security-java/pull/236#issuecomment-1774812151
Dependency Review
The following issues were found:❌ 3 vulnerable package(s)✅
0 package(s) with incompatible licenses✅ 0 package(s) with invalid
SPDX lice
coheigea opened a new pull request, #236:
URL: https://github.com/apache/santuario-xml-security-java/pull/236
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
T
coheigea opened a new pull request, #235:
URL: https://github.com/apache/santuario-xml-security-java/pull/235
…pendency review
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment
coheigea closed pull request #231: Downgrading some dependencies with known
vulns to see if caught by de…
URL: https://github.com/apache/santuario-xml-security-java/pull/231
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
github-actions[bot] commented on PR #235:
URL:
https://github.com/apache/santuario-xml-security-java/pull/235#issuecomment-1774781239
Dependency Review
The following issues were found:❌ 3 vulnerable package(s)✅
0 package(s) with incompatible licenses✅ 0 package(s) with invalid
SPDX lice
jrihtarsic opened a new pull request, #234:
URL: https://github.com/apache/santuario-xml-security-java/pull/234
Details of the task are here:
https://issues.apache.org/jira/browse/SANTUARIO-511
--
This is an automated message from the Apache Git Service.
To respond to the message, please
github-actions[bot] commented on PR #232:
URL:
https://github.com/apache/santuario-xml-security-java/pull/232#issuecomment-1774348292
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
.github/workflows/dependency-submission.ymladvanced-security/mave
github-actions[bot] commented on PR #233:
URL:
https://github.com/apache/santuario-xml-security-java/pull/233#issuecomment-1774348136
Dependency Review
✅ No vulnerabilities or license issues found.Scanned Manifest Files
.github/workflows/codeql-analysis.ymlactions/checkout@b4ffde65f46
dependabot[bot] opened a new pull request, #233:
URL: https://github.com/apache/santuario-xml-security-java/pull/233
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to
4.1.1.
Release notes
Sourced from https://github.com/actions/checkout/releases";>actions/
dependabot[bot] opened a new pull request, #232:
URL: https://github.com/apache/santuario-xml-security-java/pull/232
Bumps
[advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action)
from 3.0.2 to 3.0.3.
Release note
401 - 500 of 852 matches
Mail list logo
