Skip to content

Sync branch 4.0.x with main to release 4.0.5 #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Nov 1, 2023

Conversation

ricardozanini
Copy link
Member

Many thanks for submitting your Pull Request ❤️!

What this PR does / why we need it:
This PR syncs the changes we made in the main to 4.0.x branch to keep the branch clean for the last fix/CVE upgrades.
This is a tentative to run on Java 1.8. It's possible that we might need to do a few adjustments.

Special notes for reviewers:

Additional information (if needed):

fjtirado and others added 25 commits October 20, 2023 10:59
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
We can rely on GitHub's dependabot to open PRs with version upgrades and CVEs fixes to avoid future problems.

Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.apache.commons:commons-lang3 from 3.9 to 3.13.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-lang3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Vishesh Ruparelia <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.4.8 to 1.4.9.
- [Commits](qos-ch/logback@v_1.4.8...v_1.4.9)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps org.thymeleaf:thymeleaf from 3.0.11.RELEASE to 3.1.2.RELEASE.

---
updated-dependencies:
- dependency-name: org.thymeleaf:thymeleaf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.0.86 to 1.0.87.
- [Release notes](https://github.com/networknt/json-schema-validator/releases)
- [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md)
- [Commits](networknt/json-schema-validator@1.0.86...1.0.87)

---
updated-dependencies:
- dependency-name: com.networknt:json-schema-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 3.0.0 to 5.6.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v3.0.0...v5.6.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [com.coveo:fmt-maven-plugin](https://github.com/coveooss/fmt-maven-plugin) from 2.9 to 2.13.
- [Release notes](https://github.com/coveooss/fmt-maven-plugin/releases)
- [Commits](spotify/fmt-maven-plugin@2.9.0...2.13.0)

---
updated-dependencies:
- dependency-name: com.coveo:fmt-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps `version.com.fasterxml.jackson` from 2.15.2 to 2.15.3.

Updates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.15.3
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](FasterXML/jackson-core@jackson-core-2.15.2...jackson-core-2.15.3)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.15.3
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.15.2 to 2.15.3
- [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.15.2...jackson-dataformats-text-2.15.3)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 2.22.0 to 3.1.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-2.22.0...surefire-3.1.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
Signed-off-by: Ricardo Zanini <[email protected]>
@ricardozanini ricardozanini mentioned this pull request Oct 20, 2023
2 tasks
@ricardozanini
Copy link
Member Author

@manick02 @cdavernas I brought everything from the latest 4.0.4 release. The changes are all related to CVEs and a small bug to cope with 0.8.

It's running and compiling fine with Java 1.8 as you can see in the CI.

@visheshruparelia @fjtirado if you wanna test this PR on your end, please.

Copy link
Contributor

@manick02 manick02 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

Copy link
Member

@cdavernas cdavernas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not my AOE, but I trust you @ricardozanini

@tsurdilo care to take a look?

Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
@ricardozanini
Copy link
Member Author

Including the PR to keep the Workflow constructor the same as we have in 4.0.4 to not break the API.

Signed-off-by: Francisco Javier Tirado Sarti <[email protected]>
@ricardozanini ricardozanini merged commit 074ea1f into serverlessworkflow:4.0.x Nov 1, 2023
@ricardozanini ricardozanini deleted the sync-4.0.5 branch November 1, 2023 13:53
@ricardozanini ricardozanini mentioned this pull request Nov 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants