Sync branch 4.0.x with main to release 4.0.5 #273
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ricardozanini
force-pushed
the
sync-4.0.5
branch
from
954191e to
2897181
Compare
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
We can rely on GitHub's dependabot to open PRs with version upgrades and CVEs fixes to avoid future problems. Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.apache.commons:commons-lang3 from 3.9 to 3.13.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-lang3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Vishesh Ruparelia <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.4.8 to 1.4.9. - [Commits](qos-ch/logback@v_1.4.8...v_1.4.9) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.thymeleaf:thymeleaf from 3.0.11.RELEASE to 3.1.2.RELEASE. --- updated-dependencies: - dependency-name: org.thymeleaf:thymeleaf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.0.86 to 1.0.87. - [Release notes](https://github.com/networknt/json-schema-validator/releases) - [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md) - [Commits](networknt/json-schema-validator@1.0.86...1.0.87) --- updated-dependencies: - dependency-name: com.networknt:json-schema-validator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 3.0.0 to 5.6.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.0.0...v5.6.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.coveo:fmt-maven-plugin](https://github.com/coveooss/fmt-maven-plugin) from 2.9 to 2.13. - [Release notes](https://github.com/coveooss/fmt-maven-plugin/releases) - [Commits](spotify/fmt-maven-plugin@2.9.0...2.13.0) --- updated-dependencies: - dependency-name: com.coveo:fmt-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps `version.com.fasterxml.jackson` from 2.15.2 to 2.15.3. Updates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.15.3 - [Release notes](https://github.com/FasterXML/jackson-core/releases) - [Commits](FasterXML/jackson-core@jackson-core-2.15.2...jackson-core-2.15.3) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.15.3 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.15.2 to 2.15.3 - [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.15.2...jackson-dataformats-text-2.15.3) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 2.22.0 to 3.1.2. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-2.22.0...surefire-3.1.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
ricardozanini
force-pushed
the
sync-4.0.5
branch
from
2897181 to
67a6634
Compare
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
|
@manick02 @cdavernas I brought everything from the latest 4.0.4 release. The changes are all related to CVEs and a small bug to cope with 0.8. It's running and compiling fine with Java 1.8 as you can see in the CI. @visheshruparelia @fjtirado if you wanna test this PR on your end, please. |
cdavernas
approved these changes
Oct 24, 2023
There was a problem hiding this comment.
Not my AOE, but I trust you @ricardozanini
@tsurdilo care to take a look?
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
|
Including the PR to keep the Workflow constructor the same as we have in 4.0.4 to not break the API. |
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
This was referenced Nov 1, 2023
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Many thanks for submitting your Pull Request ❤️!
What this PR does / why we need it:
This PR syncs the changes we made in the main to 4.0.x branch to keep the branch clean for the last fix/CVE upgrades.
This is a tentative to run on Java 1.8. It's possible that we might need to do a few adjustments.
Special notes for reviewers:
Additional information (if needed):