-
Notifications
You must be signed in to change notification settings - Fork 50
Sync branch 4.0.x with main to release 4.0.5 #273
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync branch 4.0.x with main to release 4.0.5 #273
Conversation
954191e
to
2897181
Compare
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
We can rely on GitHub's dependabot to open PRs with version upgrades and CVEs fixes to avoid future problems. Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.apache.commons:commons-lang3 from 3.9 to 3.13.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-lang3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Vishesh Ruparelia <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.4.8 to 1.4.9. - [Commits](qos-ch/logback@v_1.4.8...v_1.4.9) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.thymeleaf:thymeleaf from 3.0.11.RELEASE to 3.1.2.RELEASE. --- updated-dependencies: - dependency-name: org.thymeleaf:thymeleaf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.0.86 to 1.0.87. - [Release notes](https://github.com/networknt/json-schema-validator/releases) - [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md) - [Commits](networknt/json-schema-validator@1.0.86...1.0.87) --- updated-dependencies: - dependency-name: com.networknt:json-schema-validator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 3.0.0 to 5.6.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.0.0...v5.6.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.coveo:fmt-maven-plugin](https://github.com/coveooss/fmt-maven-plugin) from 2.9 to 2.13. - [Release notes](https://github.com/coveooss/fmt-maven-plugin/releases) - [Commits](spotify/fmt-maven-plugin@2.9.0...2.13.0) --- updated-dependencies: - dependency-name: com.coveo:fmt-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps `version.com.fasterxml.jackson` from 2.15.2 to 2.15.3. Updates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.15.3 - [Release notes](https://github.com/FasterXML/jackson-core/releases) - [Commits](FasterXML/jackson-core@jackson-core-2.15.2...jackson-core-2.15.3) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.15.3 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.15.2 to 2.15.3 - [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.15.2...jackson-dataformats-text-2.15.3) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 2.22.0 to 3.1.2. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-2.22.0...surefire-3.1.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
2897181
to
67a6634
Compare
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
@manick02 @cdavernas I brought everything from the latest 4.0.4 release. The changes are all related to CVEs and a small bug to cope with 0.8. It's running and compiling fine with Java 1.8 as you can see in the CI. @visheshruparelia @fjtirado if you wanna test this PR on your end, please. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not my AOE, but I trust you @ricardozanini
@tsurdilo care to take a look?
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Including the PR to keep the Workflow constructor the same as we have in 4.0.4 to not break the API. |
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Many thanks for submitting your Pull Request ❤️!
What this PR does / why we need it:
This PR syncs the changes we made in the main to 4.0.x branch to keep the branch clean for the last fix/CVE upgrades.
This is a tentative to run on Java 1.8. It's possible that we might need to do a few adjustments.
Special notes for reviewers:
Additional information (if needed):