[GitHub] [myfaces-tobago] bohmber merged pull request #378: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #378:
URL: https://github.com/apache/myfaces-tobago/pull/378


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #442: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #442:
URL: https://github.com/apache/myfaces-tobago/pull/442


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #375: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #375:
URL: https://github.com/apache/myfaces-tobago/pull/375


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #431: chore(deps-dev): bump prismjs from 1.22.0 to 1.23.0 in /tobago-example/tobago-example-demo/npm

[GitBox]

bohmber merged pull request #431:
URL: https://github.com/apache/myfaces-tobago/pull/431


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #453: chore(deps): bump quarkus.version from 1.11.2.Final to 1.11.3.Final

[GitBox]

bohmber merged pull request #453:
URL: https://github.com/apache/myfaces-tobago/pull/453


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #435: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-example/tobago-example-demo/npm

[GitBox]

bohmber merged pull request #435:
URL: https://github.com/apache/myfaces-tobago/pull/435


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #443: chore(deps-dev): bump ts-jest from 26.4.4 to 26.5.1 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #443:
URL: https://github.com/apache/myfaces-tobago/pull/443


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #452: chore(deps): bump animal-sniffer-maven-plugin from 1.19 to 1.20

[GitBox]

bohmber merged pull request #452:
URL: https://github.com/apache/myfaces-tobago/pull/452


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #453: chore(deps): bump quarkus.version from 1.11.2.Final to 1.11.3.Final

[GitBox]

dependabot[bot] opened a new pull request #453:
URL: https://github.com/apache/myfaces-tobago/pull/453


   Bumps `quarkus.version` from 1.11.2.Final to 1.11.3.Final.
   Updates `quarkus-bom` from 1.11.2.Final to 1.11.3.Final
   
   Release notes
   Sourced from https://github.com/quarkusio/quarkus/releases;>quarkus-bom's 
releases.
   
   1.11.3.Final
   Major changes
   Complete changelog
   
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14970;>#14970
 - Add quarkus-smallrye-opentracing to an integration test without Undertow
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14969;>#14969
 - Remove jcenter repository references in gradle projects
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14958;>#14958
 - Remove field that can cause GraalVM to fail
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14946;>#14946
 - Do not produce KubernetesClient if we have OpenShiftClient available
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14943;>#14943
 - Kubernetes clients all clash with one another
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14939;>#14939
 - Fix the native httpRoot  nonAppRoot issue
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14934;>#14934
 - Dev ui config edit crashes when I try to unset a property
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14929;>#14929
 - Mark Resteasy Qute with code starter
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14923;>#14923
 - Fix Undertow HTTP/2 issue
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14922;>#14922
 - Exclude jboss-logging-jdk
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14921;>#14921
 - Make sure getDefferredIdentity does not return null
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14911;>#14911
 - property quarkus.swagger-ui.always-include doesn't work on 
Native mode.
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14891;>#14891
 - Disable flaky test on Windows
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14850;>#14850
 - Resteasy Reactive Security Context Exception
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14819;>#14819
 - Dependencies with duplicate files detected. The dependencies 
[org.jboss.logging:jboss-logging::jar:3.4.1.Final(compile), 
org.jboss.logging:jboss-logging-spi::jar:2.1.2.GA(compile)] contain duplicate 
files, e.g. org/jboss/logging/MDC.class
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14811;>#14811
 - Undertow with TLS causes IllegalStateException: Request has already been 
read
   https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14707;>#14707
 - from version 1.11.0 Vault MicroProfile Config Source stopped working
   https://github-redirect.dependabot.com/quarkusio/quarkus/pull/14309;>#14309
 - Improve Config Console
   
   
   
   
   Commits
   
   https://github.com/quarkusio/quarkus/commit/8dc02652c058eeb92b0998293209509f2adb49ca;>8dc0265
 [RELEASE] - Bump version to 1.11.3.Final
   https://github.com/quarkusio/quarkus/commit/69e58e2d4c600481bf6869204e26a7984bcaba7b;>69e58e2
 Merge pull request https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14995;>#14995
 from gsmet/1.11.3-backports-2
   https://github.com/quarkusio/quarkus/commit/aa138c7a8dd4fe7f0cd2f0826603eed34b2746ef;>aa138c7
 Add quarkus-smallrye-opentracing to an integration test without Undertow
   https://github.com/quarkusio/quarkus/commit/558f9e2c92a9e03a9b8403e9f3d8bce3e0ab792c;>558f9e2
 Remove jcenter repository references
   https://github.com/quarkusio/quarkus/commit/88d86c0f977ae96d74382cbe02efbc33d8166fd6;>88d86c0
 Allow config editor to unset a property
   https://github.com/quarkusio/quarkus/commit/c9f05f8b8592629d8f15a30eb380c1b086b072d0;>c9f05f8
 Improve Config Console and moved Console Configs to Runtime Init.
   https://github.com/quarkusio/quarkus/commit/63c3da992ff287791f114d644ff5d87a0d52f433;>63c3da9
 Disable flaky tests on Windows
   https://github.com/quarkusio/quarkus/commit/dc86527abdd75e24170677fb537b0d6ab8869372;>dc86527
 Merge pull request https://github-redirect.dependabot.com/quarkusio/quarkus/issues/14975;>#14975
 from gsmet/1.11.3-backports-1
   https://github.com/quarkusio/quarkus/commit/eb93d464cba1096ddfd2fe429b99ea77db9e2b95;>eb93d46
 Document capabilities as a tool for conditional build steps
   https://github.com/quarkusio/quarkus/commit/b3f39a604f608c7e2e43a68ae5c0390888248164;>b3f39a6
 Do not produce KubernetesClient if we have OpenShiftClient available
   Additional commits viewable in https://github.com/quarkusio/quarkus/compare/1.11.2.Final...1.11.3.Final;>compare
 view
   
   
   
   
   Updates `quarkus-maven-plugin` from 1.11.2.Final to 1.11.3.Final
   
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a 

[GitHub] [myfaces-tobago] bohmber merged pull request #451: chore(deps-dev): bump typescript from 4.0.5 to 4.1.5 in /tobago-example/tobago-example-demo/npm

[GitBox]

bohmber merged pull request #451:
URL: https://github.com/apache/myfaces-tobago/pull/451


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #452: chore(deps): bump animal-sniffer-maven-plugin from 1.19 to 1.20

[GitBox]

dependabot[bot] opened a new pull request #452:
URL: https://github.com/apache/myfaces-tobago/pull/452


   Bumps 
[animal-sniffer-maven-plugin](https://github.com/mojohaus/animal-sniffer) from 
1.19 to 1.20.
   
   Release notes
   Sourced from https://github.com/mojohaus/animal-sniffer/releases;>animal-sniffer-maven-plugin's
 releases.
   
   1.20
   
   This release is now Java 8 minimum
    New features and improvements
   
   add some java8 sugar syntax usage (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/148;>#148)
 https://github.com/olamy;>@olamy
   mojo paremt 61 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/147;>#147)
 https://github.com/olamy;>@olamy
   
    Bug Fixes
   
   checking test code is disabled by default (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/143;>#143)
 https://github.com/jtnord;>@jtnord
   Typo fix in error message (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/137;>#137)
 https://github.com/gunnarmorling;>@gunnarmorling
   Fix NestMember requires ASM7 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/135;>#135)
 https://github.com/bradcupit;>@bradcupit
   Add LICENSE file (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/88;>#88)
 https://github.com/steven-sheehy;>@steven-sheehy
   Fix https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/5;>#5:
 fix false negatives when checking test classes (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/81;>#81)
 https://github.com/famod;>@famod
   
    Dependency updates
   
   Bump maven-common-artifact-filters from 3.1.0 to 3.1.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/140;>#140)
 https://github.com/dependabot;>@dependabot
   Bump maven-checkstyle-plugin from 3.1.1 to 3.1.2 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/141;>#141)
 https://github.com/dependabot;>@dependabot
   Bump ant from 1.9.15 to 1.10.9 in /animal-sniffer-ant-tasks (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/144;>#144)
 https://github.com/dependabot;>@dependabot
   Bump asm from 9.0 to 9.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/146;>#146)
 https://github.com/dependabot;>@dependabot
   Bump actions/cache from v2.1.3 to v2.1.4 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/145;>#145)
 https://github.com/dependabot;>@dependabot
   Bump release-drafter/release-drafter from v5.12.1 to v5.13.0 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/138;>#138)
 https://github.com/dependabot;>@dependabot
   upgrade mojo-parent 60 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/136;>#136)
 https://github.com/olamy;>@olamy
   Bump actions/cache from v2.1.2 to v2.1.3 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/133;>#133)
 https://github.com/dependabot;>@dependabot
   Bump ant from 1.9.4 to 1.9.15 in /animal-sniffer-ant-tasks (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/109;>#109)
 https://github.com/dependabot;>@dependabot
   Bump ant from 1.9.4 to 1.9.15 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/113;>#113)
 https://github.com/dependabot;>@dependabot
   Bump maven-surefire-plugin from 2.22.0 to 2.22.2 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/126;>#126)
 https://github.com/dependabot;>@dependabot
   Bump maven-compiler-plugin from 3.8.0 to 3.8.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/127;>#127)
 https://github.com/dependabot;>@dependabot
   Bump maven-project-info-reports-plugin from 3.0.0 to 3.1.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/128;>#128)
 https://github.com/dependabot;>@dependabot
   Bump maven-site-plugin from 3.9.0 to 3.9.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/129;>#129)
 https://github.com/dependabot;>@dependabot
   Bump junit from 3.8.1 to 4.13.1 in 
/animal-sniffer-maven-plugin/src/it/version-resolution (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/121;>#121)
 https://github.com/dependabot;>@dependabot
   Bump plexus-container-default from 1.0-alpha-9 to 2.1.0 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/94;>#94)
 https://github.com/dependabot;>@dependabot
   Bump junit from 4.13 to 4.13.1 in /animal-sniffer-enforcer-rule (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/116;>#116)
 https://github.com/dependabot;>@dependabot
   Bump plexus-utils from 1.5.6 to 3.3.0 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/117;>#117)
 https://github.com/dependabot;>@dependabot
   Bump enforcer-api from 1.0 to 1.4.1 (https://github-redirect.dependabot.com/mojohaus/animal-sniffer/issues/118;>#118)
 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #451: chore(deps-dev): bump typescript from 4.0.5 to 4.1.5 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #451:
URL: https://github.com/apache/myfaces-tobago/pull/451


   Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.0.5 to 
4.1.5.
   
   Release notes
   Sourced from https://github.com/Microsoft/TypeScript/releases;>typescript's 
releases.
   
   TypeScript 4.1.5
   This release contains a fix for https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42718;>an
 issue when language service plugins have no specified name.
   TypeScript 4.1.4
   This release contains fixes for a https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42712;>security
 risk involving language service plugin loading. More details are available 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639;>here.
   TypeScript 4.1.3
   For release notes, check out the https://devblogs.microsoft.com/typescript/announcing-typescript-4-1;>release
 announcement.
   For the complete list of fixed issues, check out the
   
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.0 (Beta).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.1 (RC).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.2%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.2 (Stable).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.3%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.3 (Stable).
   
   Downloads are available on:
   
   https://www.npmjs.com/package/typescript;>npm
   https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41;>Visual
 Studio 2017/2019 (https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017;>Select
 new version in project options)
   https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild;>NuGet 
package
   
   TypeScript 4.1
   For release notes, check out the https://devblogs.microsoft.com/typescript/announcing-typescript-4-1;>release
 announcement.
   For the complete list of fixed issues, check out the
   
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.0 (Beta).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.1 (RC).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.2%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.2 (Stable).
   
   Downloads are available on:
   
   https://www.npmjs.com/package/typescript;>npm
   https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41;>Visual
 Studio 2017/2019 (https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017;>Select
 new version in project options)
   https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild;>NuGet 
package
   
   TypeScript 4.1 RC
   For release notes, check out the https://devblogs.microsoft.com/typescript/announcing-typescript-4-1-rc;>release
 announcement.
   For the complete list of fixed issues, check out the
   
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.0 (Beta).
   https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+;>fixed
 issues query for TypeScript v4.1.1 (RC).
   
   Downloads are available on:
   
   https://www.npmjs.com/package/typescript;>npm
   https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41rc;>Visual
 Studio 2017/2019 (https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017;>Select
 new version in project options)
   https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild;>NuGet 
package
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/microsoft/TypeScript/commit/aace53f7d71af11e4b89dd074a1657964a22d0b4;>aace53f
 Bump version to 4.1.5 and LKG
   https://github.com/microsoft/TypeScript/commit/af0ad8089777ef8df16b0980b0972f1e214308fe;>af0ad80
 Handle if plugin doesnt specify name (https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/42720;>#42720)
   https://github.com/microsoft/TypeScript/commit/c329d68d4591d31d966ab64e0da579c95a1c5e1d;>c329d68
 Bump version to 4.1.4 and LKG
   https://github.com/microsoft/TypeScript/commit/7bc71732c1fd09d910433f7f020a2de312e9549f;>7bc7173
 Allow only package names as plugin names
   

Re: [VOTE] release of MyFaces Core 2.3-next-M5

[Bernd Bohmann]

Here is my +1

Regards

Bernd

On Thu, Feb 11, 2021 at 6:00 PM Vicente Rossello 
wrote:

> +1, tested.
>
>
> El jue., 11 feb. 2021 8:00, Thomas Andraschko 
> escribió:
>
>> +1
>>
>> Bill Lucy  schrieb am Do., 11. Feb. 2021, 00:46:
>>
>>> Thanks for running this Paul, looks good to me
>>>
>>> +1
>>>
>>> On Wed, Feb 10, 2021 at 3:45 PM Paul Nicolucci 
>>> wrote:
>>>
 Hi,

 I was running the needed tasks to get the 2.3-next-M5 release of
 Apache MyFaces core out.

 Please note that this vote concerns all of the following parts:
   1. Maven artifact group "org.apache.myfaces.core" v2.3-next-M5  [1]

 The artifacts were deployed on nexus repo [1] for binary and source
 packages.

 The release notes could be found at [4].

 Also the japicmp tool (similar to clirr) shows there are a few new API
 clases from 2.3-next-M4 to 2.3-next-M5. I've attached the results to
 this email as well (results.html).

 If any concerns with the above let me know.

 Please take a look at the "2.3-next-M5" artifacts and vote! (see [3])

 Please note: This vote is "majority approval" with a minimum of three
 +1 votes (see [2]).

 
 [ ] +1 for community members who have reviewed the bits
 [ ] +0
 [ ] -1 for fatal flaws that should cause these bits not to be released,
 and why..
 

 Thanks,
 Paul Nicolucci

 [1]
 *https://repository.apache.org/content/repositories/orgapachemyfaces-1182/*
 
 [2] *http://www.apache.org/foundation/voting.html#ReleaseVotes*
 
 [3]
 *https://repository.apache.org/content/repositories/orgapachemyfaces-1182/org/apache/myfaces/core/myfaces-core-assembly/*
 
 [4]
 https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10600=12348727

>>>

Re: Dependabot config for MyFaces Core?

[Bernd Bohmann]

In tobago there is npm inside as well and initial setup of dependabot makes
a lot of noise

On Thu, Feb 11, 2021 at 8:49 PM Bill Lucy  wrote:

> I agree that dependabot is nice for general guidance, even if that
> guidance is for dependencies we aren't providing at runtime.
>
> On Thu, Feb 11, 2021 at 11:36 AM Volodymyr Siedlecki <
> volodymyr.siedle...@ibm.com> wrote:
>
>> Lot of emails from dependabot, however.
>>
>>
>> - Original message -
>> From: "Volodymyr Siedlecki" 
>> To: dev@myfaces.apache.org
>> Cc:
>> Subject: [EXTERNAL] RE: Dependabot config for MyFaces Core?
>> Date: Wed, Feb 10, 2021 4:27 PM
>>
>> +1
>>
>> I peeked around the Tobago GitHub page, and the dependabot feature looked
>> pretty nice.
>> I think some automation would be good to have -- would be easier for us
>> to know which dependencies could/should be updated.
>>
>> Volodymyr
>>
>>
>>
>>
>> - Original message -
>> From: Bernd Bohmann 
>> To: MyFaces Development 
>> Cc:
>> Subject: [EXTERNAL] Re: Dependabot config for MyFaces Core?
>> Date: Wed, Feb 10, 2021 11:09 AM
>>
>> Maven plugins and Master pom updates as well?
>>
>> Of course we have dependencies. I don't want to go into this dependencies
>> or not dependencies discussion.
>> What I see is that many of the versions are outdated. I would take any
>> automated help!
>>
>> Regards
>>
>> Bernd
>>
>>
>>
>> On Wed, Feb 10, 2021 at 4:46 PM Thomas Andraschko <
>> andraschko.tho...@gmail.com> wrote:
>>
>> +0
>>
>> we dont have dependencies, only for testing and building
>> and IMO the bot is only nice to get updates for real dependencies, which
>> could contain fixes and security fixes
>>
>> Am Mi., 10. Feb. 2021 um 16:42 Uhr schrieb Bernd Bohmann <
>> bom...@apache.org>:
>>
>> Hello Team,
>>
>> any interest in adding dependabot configuration to MyFaces Core?
>>
>> I have added it to the Tobago and MyFaces Master Pom Projects.
>>
>>
>> https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically
>> 
>>
>> Regards
>>
>> Bernd
>>
>>
>>
>>
>>
>>

[GitHub] [myfaces-tobago] bohmber merged pull request #447: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #447:
URL: https://github.com/apache/myfaces-tobago/pull/447


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #445: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #445:
URL: https://github.com/apache/myfaces-tobago/pull/445


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #379: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #379:
URL: https://github.com/apache/myfaces-tobago/pull/379


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #373: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #373:
URL: https://github.com/apache/myfaces-tobago/pull/373


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #387: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #387:
URL: https://github.com/apache/myfaces-tobago/pull/387


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #450: build(themes): rebuild npm

[GitBox]

bohmber merged pull request #450:
URL: https://github.com/apache/myfaces-tobago/pull/450


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber opened a new pull request #450: build(themes): rebuild npm

[GitBox]

bohmber opened a new pull request #450:
URL: https://github.com/apache/myfaces-tobago/pull/450


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #448: chore(deps-dev): bump rollup from 2.37.1 to 2.38.5 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #448:
URL: https://github.com/apache/myfaces-tobago/pull/448


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #393: chore(deps-dev): bump rollup from 2.38.1 to 2.38.5 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #393:
URL: https://github.com/apache/myfaces-tobago/pull/393


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #386: chore(deps-dev): bump rollup from 2.37.1 to 2.38.5 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #386:
URL: https://github.com/apache/myfaces-tobago/pull/386


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #372: chore(deps-dev): bump rollup from 2.37.1 to 2.38.5 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #372:
URL: https://github.com/apache/myfaces-tobago/pull/372


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #371: chore(deps-dev): bump rollup from 2.37.1 to 2.38.5 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #371:
URL: https://github.com/apache/myfaces-tobago/pull/371


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #438: chore(deps-dev): bump @rollup/plugin-node-resolve from 11.1.0 to 11.1.1 in /tobago-example/tobago-example-demo/npm

[GitBox]

bohmber merged pull request #438:
URL: https://github.com/apache/myfaces-tobago/pull/438


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #441: chore(deps-dev): bump uglify-js from 3.12.4 to 3.12.7 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #441:
URL: https://github.com/apache/myfaces-tobago/pull/441


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #381: chore(deps): bump vanillajs-datepicker from 1.1.1 to 1.1.2 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #381:
URL: https://github.com/apache/myfaces-tobago/pull/381


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #377: chore(deps): bump vanillajs-datepicker from 1.1.1 to 1.1.2 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #377:
URL: https://github.com/apache/myfaces-tobago/pull/377


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #374: chore(deps): bump vanillajs-datepicker from 1.1.1 to 1.1.2 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #374:
URL: https://github.com/apache/myfaces-tobago/pull/374


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Comment Edited] (TRINIDAD-2567) Trinidad secret generation is not thread-safe

[Kyle Stiemann (Jira)]

[ 
https://issues.apache.org/jira/browse/TRINIDAD-2567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17283356#comment-17283356
 ] 

Kyle Stiemann edited comment on TRINIDAD-2567 at 2/11/21, 8:40 PM:
---

Thanks [~tandraschko], I'm not super worried about this getting fixed as the 
workaround was trivial for me. I really just wanted to document the issue so 
that if I ever run into it again (or if someone else does), the problem (and 
workaround) is googleable.


was (Author: stiemann...@gmail.com):
Thanks [~tandraschko], I'm not super worried about this getting fixed as the 
workaround was trivial for me. I really just wanted to document the issue so 
that if I ever run into it again (or if someone else does), the problem (and 
workaround) is in google.

> Trinidad secret generation is not thread-safe
> -
>
> Key: TRINIDAD-2567
> URL: https://issues.apache.org/jira/browse/TRINIDAD-2567
> Project: MyFaces Trinidad
>  Issue Type: Bug
>  Components: Components, Facelets, Infrastructure, Plugins
>Affects Versions: 2.2.1-core
>Reporter: Kyle Stiemann
>Priority: Minor
>
> Sending multiple requests in rapid succession to a Trinidad application that 
> has just started will cause multiple different secret keys to be generated. 
> If multiple {{POST}} s are sent, all but 1 will fail with a 
> {{ViewExpiredException}}. Trinidad generates the secret keys in 
> {{StateUtils}} somewhat like this:
> {code}
> private static SecretKey getSecret(ExternalContext ctx) {
>   SecretKey secretKey = (SecretKey) 
> ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
>   if (secretKey == null) {
> secretKey = 
> createSecretKey(KeyGenerator.getInstance(getAlgorithm(ctx)).generateKey().getEncoded());
> ctx.getApplicationMap().put(INIT_SECRET_KEY_CACHE, secretKey);
>   }
>   return secretKey;
> }
> {code}
> {{FormRenderer}} calls {{ViewHandler.writeState()}} which calls the 
> {{StateUtils.getSecret()}} method on each request. If more than 1 request 
> calls {{getSecret()}} before the secret key is set in 
> {{INIT_SECRET_KEY_CACHE}}, each call to {{getSecret()}} has the chance to see 
> a {{null}} value for {{INIT_SECRET_KEY_CACHE}}, generate a new secret key, 
> and replace any existing secret in {{INIT_SECRET_KEY_CACHE}}. Any view state 
> that was generated using the discarded secrets will be unusable and cause a 
> {{ViewExpiredException}}.
> h2. Workarounds
> The simplest workaround is to set values for the secret keys as 
> {{init-param}} s: 
> https://cwiki.apache.org/confluence/display/MYFACES2/Secure+Your+Application. 
> For example, in the {{web.xml}} (*note that the provided values are examples 
> and should not be used in a production application*):
> {code:xml}
> 
> org.apache.myfaces.SECRET
> 
> VEVTVF9LRVk=
> 
> 
> org.apache.myfaces.MAC_SECRET
> 
> VFJJTklEQURfVEVTVF9NQUNfU0VDUkVU
> 
> {code}
> h2. Potential Fixes
> # Save 1 generated key in the application scope using either 
> {{Map.putIfAbsent()}} or some other kind of synchronization. Use only the key 
> from the application scope to generate the {{SecretKey}} object. Even if 
> secret object caching is disabled, only 1 key would be used to generate the 
> secret object, so the application would still function.
> # Use {{Map.putIfAbsent()}} to ensure only 1 secret is ever cached in the 
> application. If secret caching is disabled, the application would still not 
> function (which is the same as the existing behavior).
> h2. Steps to Reproduce:
> # Create 1 WAR with a simple {{ping.xhtml}} endpoint:
> {code:xml}
>xmlns:h="http://java.sun.com/jsf/html;
>   xmlns="http://www.w3.org/1999/xhtml;>
> 
> 
> pong
> 
> 
> {code}
> # Create another Trinidad WAR with the following view and bean:
> *{{hello.xhtml}}:*
> {code:xml}
> 
>xmlns:tr="http://myfaces.apache.org/trinidad;
>   title="hello">
> 
>  required="true" value="#{helloBean.name}" />
> 
> 
> 
> 
> {code}
> *{{HelloBean.java}}:*
> {code:java}
> @ManagedBean
> @RequestScoped
> public final class HelloBean {
>   private String name;
>   public String getName() {
> return name;
>   }
>   public void setName(String name) {
> this.name = name;
>   }
> }
> {code}
> # Start up an app server like Tomcat with both WARs deployed.
> # Using a script:
> ## {{GET}} the {{ping.xhtml}} endpoint to cause the app server to initialize.
> ## {{GET}} the {{hello.xhtml}} endpoint to obtain the view state and session 
> id.
> ## Use the view state and session id to {{POST}} a name to the 
> {{hello.xhtml}} form.
> ## Repeat the {{GET}} and {{POST}} 5 times in rapid succession with different 
> sessions.
> Here's an example {{bash}} script which uses {{curl}} to execute the above 
> steps: 
> {code:sh}
> 

[jira] [Commented] (TRINIDAD-2567) Trinidad secret generation is not thread-safe

[Kyle Stiemann (Jira)]

[ 
https://issues.apache.org/jira/browse/TRINIDAD-2567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17283356#comment-17283356
 ] 

Kyle Stiemann commented on TRINIDAD-2567:
-

Thanks [~tandraschko], I'm not super worried about this getting fixed as the 
workaround was trivial for me. I really just wanted to document the issue so 
that if I ever run into it again (or if someone else does), the problem (and 
workaround) is in google.

> Trinidad secret generation is not thread-safe
> -
>
> Key: TRINIDAD-2567
> URL: https://issues.apache.org/jira/browse/TRINIDAD-2567
> Project: MyFaces Trinidad
>  Issue Type: Bug
>  Components: Components, Facelets, Infrastructure, Plugins
>Affects Versions: 2.2.1-core
>Reporter: Kyle Stiemann
>Priority: Minor
>
> Sending multiple requests in rapid succession to a Trinidad application that 
> has just started will cause multiple different secret keys to be generated. 
> If multiple {{POST}} s are sent, all but 1 will fail with a 
> {{ViewExpiredException}}. Trinidad generates the secret keys in 
> {{StateUtils}} somewhat like this:
> {code}
> private static SecretKey getSecret(ExternalContext ctx) {
>   SecretKey secretKey = (SecretKey) 
> ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
>   if (secretKey == null) {
> secretKey = 
> createSecretKey(KeyGenerator.getInstance(getAlgorithm(ctx)).generateKey().getEncoded());
> ctx.getApplicationMap().put(INIT_SECRET_KEY_CACHE, secretKey);
>   }
>   return secretKey;
> }
> {code}
> {{FormRenderer}} calls {{ViewHandler.writeState()}} which calls the 
> {{StateUtils.getSecret()}} method on each request. If more than 1 request 
> calls {{getSecret()}} before the secret key is set in 
> {{INIT_SECRET_KEY_CACHE}}, each call to {{getSecret()}} has the chance to see 
> a {{null}} value for {{INIT_SECRET_KEY_CACHE}}, generate a new secret key, 
> and replace any existing secret in {{INIT_SECRET_KEY_CACHE}}. Any view state 
> that was generated using the discarded secrets will be unusable and cause a 
> {{ViewExpiredException}}.
> h2. Workarounds
> The simplest workaround is to set values for the secret keys as 
> {{init-param}} s: 
> https://cwiki.apache.org/confluence/display/MYFACES2/Secure+Your+Application. 
> For example, in the {{web.xml}} (*note that the provided values are examples 
> and should not be used in a production application*):
> {code:xml}
> 
> org.apache.myfaces.SECRET
> 
> VEVTVF9LRVk=
> 
> 
> org.apache.myfaces.MAC_SECRET
> 
> VFJJTklEQURfVEVTVF9NQUNfU0VDUkVU
> 
> {code}
> h2. Potential Fixes
> # Save 1 generated key in the application scope using either 
> {{Map.putIfAbsent()}} or some other kind of synchronization. Use only the key 
> from the application scope to generate the {{SecretKey}} object. Even if 
> secret object caching is disabled, only 1 key would be used to generate the 
> secret object, so the application would still function.
> # Use {{Map.putIfAbsent()}} to ensure only 1 secret is ever cached in the 
> application. If secret caching is disabled, the application would still not 
> function (which is the same as the existing behavior).
> h2. Steps to Reproduce:
> # Create 1 WAR with a simple {{ping.xhtml}} endpoint:
> {code:xml}
>xmlns:h="http://java.sun.com/jsf/html;
>   xmlns="http://www.w3.org/1999/xhtml;>
> 
> 
> pong
> 
> 
> {code}
> # Create another Trinidad WAR with the following view and bean:
> *{{hello.xhtml}}:*
> {code:xml}
> 
>xmlns:tr="http://myfaces.apache.org/trinidad;
>   title="hello">
> 
>  required="true" value="#{helloBean.name}" />
> 
> 
> 
> 
> {code}
> *{{HelloBean.java}}:*
> {code:java}
> @ManagedBean
> @RequestScoped
> public final class HelloBean {
>   private String name;
>   public String getName() {
> return name;
>   }
>   public void setName(String name) {
> this.name = name;
>   }
> }
> {code}
> # Start up an app server like Tomcat with both WARs deployed.
> # Using a script:
> ## {{GET}} the {{ping.xhtml}} endpoint to cause the app server to initialize.
> ## {{GET}} the {{hello.xhtml}} endpoint to obtain the view state and session 
> id.
> ## Use the view state and session id to {{POST}} a name to the 
> {{hello.xhtml}} form.
> ## Repeat the {{GET}} and {{POST}} 5 times in rapid succession with different 
> sessions.
> Here's an example {{bash}} script which uses {{curl}} to execute the above 
> steps: 
> {code:sh}
> #!/bin/bash
> sendPost() {
>   ENCODED_VIEW_STATE="$(curl -s --cookie-jar /tmp/cookie-jar-$1 --cookie 
> /tmp/cookie-jar-$1 \
> 'http://localhost:8080/trinidad-2.2/faces/hello.xhtml' | \
> tr -d '\n' | sed 
> 's/.*name="javax.faces.ViewState".*value="\([^"][^"]*\)".*/\1/' | \
> sed -e 's|/|\%2F|g' -e 's/+/%2B/g' -e 's/=/%3D/g')"
>   curl 

[GitHub] [myfaces-tobago] bohmber merged pull request #370: chore(deps): bump vanillajs-datepicker from 1.1.1 to 1.1.2 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #370:
URL: https://github.com/apache/myfaces-tobago/pull/370


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #433: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #433:
URL: https://github.com/apache/myfaces-tobago/pull/433


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #429: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #429:
URL: https://github.com/apache/myfaces-tobago/pull/429


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #376: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #376:
URL: https://github.com/apache/myfaces-tobago/pull/376


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #389: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #389:
URL: https://github.com/apache/myfaces-tobago/pull/389


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #395: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #395:
URL: https://github.com/apache/myfaces-tobago/pull/395


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #439: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #439:
URL: https://github.com/apache/myfaces-tobago/pull/439


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #430: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #430:
URL: https://github.com/apache/myfaces-tobago/pull/430


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Dependabot config for MyFaces Core?

[Bill Lucy]

I agree that dependabot is nice for general guidance, even if that guidance
is for dependencies we aren't providing at runtime.

On Thu, Feb 11, 2021 at 11:36 AM Volodymyr Siedlecki <
volodymyr.siedle...@ibm.com> wrote:

> Lot of emails from dependabot, however.
>
>
> - Original message -
> From: "Volodymyr Siedlecki" 
> To: dev@myfaces.apache.org
> Cc:
> Subject: [EXTERNAL] RE: Dependabot config for MyFaces Core?
> Date: Wed, Feb 10, 2021 4:27 PM
>
> +1
>
> I peeked around the Tobago GitHub page, and the dependabot feature looked
> pretty nice.
> I think some automation would be good to have -- would be easier for us to
> know which dependencies could/should be updated.
>
> Volodymyr
>
>
>
>
> - Original message -
> From: Bernd Bohmann 
> To: MyFaces Development 
> Cc:
> Subject: [EXTERNAL] Re: Dependabot config for MyFaces Core?
> Date: Wed, Feb 10, 2021 11:09 AM
>
> Maven plugins and Master pom updates as well?
>
> Of course we have dependencies. I don't want to go into this dependencies
> or not dependencies discussion.
> What I see is that many of the versions are outdated. I would take any
> automated help!
>
> Regards
>
> Bernd
>
>
>
> On Wed, Feb 10, 2021 at 4:46 PM Thomas Andraschko <
> andraschko.tho...@gmail.com> wrote:
>
> +0
>
> we dont have dependencies, only for testing and building
> and IMO the bot is only nice to get updates for real dependencies, which
> could contain fixes and security fixes
>
> Am Mi., 10. Feb. 2021 um 16:42 Uhr schrieb Bernd Bohmann <
> bom...@apache.org>:
>
> Hello Team,
>
> any interest in adding dependabot configuration to MyFaces Core?
>
> I have added it to the Tobago and MyFaces Master Pom Projects.
>
>
> https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically
> 
>
> Regards
>
> Bernd
>
>
>
>
>
>

[GitHub] [myfaces-tobago] bohmber merged pull request #437: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #437:
URL: https://github.com/apache/myfaces-tobago/pull/437


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #446: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #446:
URL: https://github.com/apache/myfaces-tobago/pull/446


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #449: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #449:
URL: https://github.com/apache/myfaces-tobago/pull/449


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #388: chore(deps): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

bohmber merged pull request #388:
URL: https://github.com/apache/myfaces-tobago/pull/388


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #380: chore(deps): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

bohmber merged pull request #380:
URL: https://github.com/apache/myfaces-tobago/pull/380


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #367: chore(deps-dev): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-core/npm

[GitBox]

bohmber merged pull request #367:
URL: https://github.com/apache/myfaces-tobago/pull/367


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #390: chore(deps): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

bohmber merged pull request #390:
URL: https://github.com/apache/myfaces-tobago/pull/390


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #394: chore(deps-dev): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

bohmber merged pull request #394:
URL: https://github.com/apache/myfaces-tobago/pull/394


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #434: chore(deps): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

bohmber merged pull request #434:
URL: https://github.com/apache/myfaces-tobago/pull/434


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-trinidad] tandraschko merged pull request #2: Use Objects.equals(String,String) to avoid possible NullPointerException

[GitBox]

tandraschko merged pull request #2:
URL: https://github.com/apache/myfaces-trinidad/pull/2


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (TRINIDAD-2567) Trinidad secret generation is not thread-safe

[Thomas Andraschko (Jira)]

[ 
https://issues.apache.org/jira/browse/TRINIDAD-2567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17283189#comment-17283189
 ] 

Thomas Andraschko commented on TRINIDAD-2567:
-

Hi Kyle,

you may know that we dont have any active trinidad developers since years.
feel to to create a PR but even unsure if someone of us will do a release 

> Trinidad secret generation is not thread-safe
> -
>
> Key: TRINIDAD-2567
> URL: https://issues.apache.org/jira/browse/TRINIDAD-2567
> Project: MyFaces Trinidad
>  Issue Type: Bug
>  Components: Components, Facelets, Infrastructure, Plugins
>Affects Versions: 2.2.1-core
>Reporter: Kyle Stiemann
>Priority: Minor
>
> Sending multiple requests in rapid succession to a Trinidad application that 
> has just started will cause multiple different secret keys to be generated. 
> If multiple {{POST}} s are sent, all but 1 will fail with a 
> {{ViewExpiredException}}. Trinidad generates the secret keys in 
> {{StateUtils}} somewhat like this:
> {code}
> private static SecretKey getSecret(ExternalContext ctx) {
>   SecretKey secretKey = (SecretKey) 
> ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
>   if (secretKey == null) {
> secretKey = 
> createSecretKey(KeyGenerator.getInstance(getAlgorithm(ctx)).generateKey().getEncoded());
> ctx.getApplicationMap().put(INIT_SECRET_KEY_CACHE, secretKey);
>   }
>   return secretKey;
> }
> {code}
> {{FormRenderer}} calls {{ViewHandler.writeState()}} which calls the 
> {{StateUtils.getSecret()}} method on each request. If more than 1 request 
> calls {{getSecret()}} before the secret key is set in 
> {{INIT_SECRET_KEY_CACHE}}, each call to {{getSecret()}} has the chance to see 
> a {{null}} value for {{INIT_SECRET_KEY_CACHE}}, generate a new secret key, 
> and replace any existing secret in {{INIT_SECRET_KEY_CACHE}}. Any view state 
> that was generated using the discarded secrets will be unusable and cause a 
> {{ViewExpiredException}}.
> h2. Workarounds
> The simplest workaround is to set values for the secret keys as 
> {{init-param}} s: 
> https://cwiki.apache.org/confluence/display/MYFACES2/Secure+Your+Application. 
> For example, in the {{web.xml}} (*note that the provided values are examples 
> and should not be used in a production application*):
> {code:xml}
> 
> org.apache.myfaces.SECRET
> 
> VEVTVF9LRVk=
> 
> 
> org.apache.myfaces.MAC_SECRET
> 
> VFJJTklEQURfVEVTVF9NQUNfU0VDUkVU
> 
> {code}
> h2. Potential Fixes
> # Save 1 generated key in the application scope using either 
> {{Map.putIfAbsent()}} or some other kind of synchronization. Use only the key 
> from the application scope to generate the {{SecretKey}} object. Even if 
> secret object caching is disabled, only 1 key would be used to generate the 
> secret object, so the application would still function.
> # Use {{Map.putIfAbsent()}} to ensure only 1 secret is ever cached in the 
> application. If secret caching is disabled, the application would still not 
> function (which is the same as the existing behavior).
> h2. Steps to Reproduce:
> # Create 1 WAR with a simple {{ping.xhtml}} endpoint:
> {code:xml}
>xmlns:h="http://java.sun.com/jsf/html;
>   xmlns="http://www.w3.org/1999/xhtml;>
> 
> 
> pong
> 
> 
> {code}
> # Create another Trinidad WAR with the following view and bean:
> *{{hello.xhtml}}:*
> {code:xml}
> 
>xmlns:tr="http://myfaces.apache.org/trinidad;
>   title="hello">
> 
>  required="true" value="#{helloBean.name}" />
> 
> 
> 
> 
> {code}
> *{{HelloBean.java}}:*
> {code:java}
> @ManagedBean
> @RequestScoped
> public final class HelloBean {
>   private String name;
>   public String getName() {
> return name;
>   }
>   public void setName(String name) {
> this.name = name;
>   }
> }
> {code}
> # Start up an app server like Tomcat with both WARs deployed.
> # Using a script:
> ## {{GET}} the {{ping.xhtml}} endpoint to cause the app server to initialize.
> ## {{GET}} the {{hello.xhtml}} endpoint to obtain the view state and session 
> id.
> ## Use the view state and session id to {{POST}} a name to the 
> {{hello.xhtml}} form.
> ## Repeat the {{GET}} and {{POST}} 5 times in rapid succession with different 
> sessions.
> Here's an example {{bash}} script which uses {{curl}} to execute the above 
> steps: 
> {code:sh}
> #!/bin/bash
> sendPost() {
>   ENCODED_VIEW_STATE="$(curl -s --cookie-jar /tmp/cookie-jar-$1 --cookie 
> /tmp/cookie-jar-$1 \
> 'http://localhost:8080/trinidad-2.2/faces/hello.xhtml' | \
> tr -d '\n' | sed 
> 's/.*name="javax.faces.ViewState".*value="\([^"][^"]*\)".*/\1/' | \
> sed -e 's|/|\%2F|g' -e 's/+/%2B/g' -e 's/=/%3D/g')"
>   curl --cookie-jar /tmp/cookie-jar-$1 --cookie /tmp/cookie-jar-$1 \
> -d 
> 

[jira] [Commented] (TRINIDAD-2567) Trinidad secret generation is not thread-safe

[Kyle Stiemann (Jira)]

[ 
https://issues.apache.org/jira/browse/TRINIDAD-2567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17283183#comment-17283183
 ] 

Kyle Stiemann commented on TRINIDAD-2567:
-

This bug is particularly nasty when testing a Trinidad application since tests 
often send multiple requests rapidly or in parallel. Worse yet, if you attempt 
to debug the test or the Trinidad application, you will likely slow down the 
requests enough that the first request will cause the key to be generated and 
cached before any other request is sent/received. So the issue effectively does 
not show up when debugging. Similarly, if you run a single test, you will not 
see the issue as the key will be generated and cached correctly.

> Trinidad secret generation is not thread-safe
> -
>
> Key: TRINIDAD-2567
> URL: https://issues.apache.org/jira/browse/TRINIDAD-2567
> Project: MyFaces Trinidad
>  Issue Type: Bug
>  Components: Components, Facelets, Infrastructure, Plugins
>Affects Versions: 2.2.1-core
>Reporter: Kyle Stiemann
>Priority: Minor
>
> Sending multiple requests in rapid succession to a Trinidad application that 
> has just started will cause multiple different secret keys to be generated. 
> If multiple {{POST}} s are sent, all but 1 will fail with a 
> {{ViewExpiredException}}. Trinidad generates the secret keys in 
> {{StateUtils}} somewhat like this:
> {code}
> private static SecretKey getSecret(ExternalContext ctx) {
>   SecretKey secretKey = (SecretKey) 
> ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
>   if (secretKey == null) {
> secretKey = 
> createSecretKey(KeyGenerator.getInstance(getAlgorithm(ctx)).generateKey().getEncoded());
> ctx.getApplicationMap().put(INIT_SECRET_KEY_CACHE, secretKey);
>   }
>   return secretKey;
> }
> {code}
> {{FormRenderer}} calls {{ViewHandler.writeState()}} which calls the 
> {{StateUtils.getSecret()}} method on each request. If more than 1 request 
> calls {{getSecret()}} before the secret key is set in 
> {{INIT_SECRET_KEY_CACHE}}, each call to {{getSecret()}} has the chance to see 
> a {{null}} value for {{INIT_SECRET_KEY_CACHE}}, generate a new secret key, 
> and replace any existing secret in {{INIT_SECRET_KEY_CACHE}}. Any view state 
> that was generated using the discarded secrets will be unusable and cause a 
> {{ViewExpiredException}}.
> h2. Workarounds
> The simplest workaround is to set values for the secret keys as 
> {{init-param}} s: 
> https://cwiki.apache.org/confluence/display/MYFACES2/Secure+Your+Application. 
> For example, in the {{web.xml}} (*note that the provided values are examples 
> and should not be used in a production application*):
> {code:xml}
> 
> org.apache.myfaces.SECRET
> 
> VEVTVF9LRVk=
> 
> 
> org.apache.myfaces.MAC_SECRET
> 
> VFJJTklEQURfVEVTVF9NQUNfU0VDUkVU
> 
> {code}
> h2. Potential Fixes
> # Save 1 generated key in the application scope using either 
> {{Map.putIfAbsent()}} or some other kind of synchronization. Use only the key 
> from the application scope to generate the {{SecretKey}} object. Even if 
> secret object caching is disabled, only 1 key would be used to generate the 
> secret object, so the application would still function.
> # Use {{Map.putIfAbsent()}} to ensure only 1 secret is ever cached in the 
> application. If secret caching is disabled, the application would still not 
> function (which is the same as the existing behavior).
> h2. Steps to Reproduce:
> # Create 1 WAR with a simple {{ping.xhtml}} endpoint:
> {code:xml}
>xmlns:h="http://java.sun.com/jsf/html;
>   xmlns="http://www.w3.org/1999/xhtml;>
> 
> 
> pong
> 
> 
> {code}
> # Create another Trinidad WAR with the following view and bean:
> *{{hello.xhtml}}:*
> {code:xml}
> 
>xmlns:tr="http://myfaces.apache.org/trinidad;
>   title="hello">
> 
>  required="true" value="#{helloBean.name}" />
> 
> 
> 
> 
> {code}
> *{{HelloBean.java}}:*
> {code:java}
> @ManagedBean
> @RequestScoped
> public final class HelloBean {
>   private String name;
>   public String getName() {
> return name;
>   }
>   public void setName(String name) {
> this.name = name;
>   }
> }
> {code}
> # Start up an app server like Tomcat with both WARs deployed.
> # Using a script:
> ## {{GET}} the {{ping.xhtml}} endpoint to cause the app server to initialize.
> ## {{GET}} the {{hello.xhtml}} endpoint to obtain the view state and session 
> id.
> ## Use the view state and session id to {{POST}} a name to the 
> {{hello.xhtml}} form.
> ## Repeat the {{GET}} and {{POST}} 5 times in rapid succession with different 
> sessions.
> Here's an example {{bash}} script which uses {{curl}} to execute the above 
> steps: 
> {code:sh}
> #!/bin/bash
> sendPost() {
>   ENCODED_VIEW_STATE="$(curl -s --cookie-jar 

Re: [VOTE] release of MyFaces Core 2.3-next-M5

[Vicente Rossello]

+1, tested.


El jue., 11 feb. 2021 8:00, Thomas Andraschko 
escribió:

> +1
>
> Bill Lucy  schrieb am Do., 11. Feb. 2021, 00:46:
>
>> Thanks for running this Paul, looks good to me
>>
>> +1
>>
>> On Wed, Feb 10, 2021 at 3:45 PM Paul Nicolucci 
>> wrote:
>>
>>> Hi,
>>>
>>> I was running the needed tasks to get the 2.3-next-M5 release of Apache
>>> MyFaces core out.
>>>
>>> Please note that this vote concerns all of the following parts:
>>>   1. Maven artifact group "org.apache.myfaces.core" v2.3-next-M5  [1]
>>>
>>> The artifacts were deployed on nexus repo [1] for binary and source
>>> packages.
>>>
>>> The release notes could be found at [4].
>>>
>>> Also the japicmp tool (similar to clirr) shows there are a few new API
>>> clases from 2.3-next-M4 to 2.3-next-M5. I've attached the results to
>>> this email as well (results.html).
>>>
>>> If any concerns with the above let me know.
>>>
>>> Please take a look at the "2.3-next-M5" artifacts and vote! (see [3])
>>>
>>> Please note: This vote is "majority approval" with a minimum of three +1
>>> votes (see [2]).
>>>
>>> 
>>> [ ] +1 for community members who have reviewed the bits
>>> [ ] +0
>>> [ ] -1 for fatal flaws that should cause these bits not to be released,
>>> and why..
>>> 
>>>
>>> Thanks,
>>> Paul Nicolucci
>>>
>>> [1]
>>> *https://repository.apache.org/content/repositories/orgapachemyfaces-1182/*
>>> 
>>> [2] *http://www.apache.org/foundation/voting.html#ReleaseVotes*
>>> 
>>> [3]
>>> *https://repository.apache.org/content/repositories/orgapachemyfaces-1182/org/apache/myfaces/core/myfaces-core-assembly/*
>>> 
>>> [4]
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10600=12348727
>>>
>>

RE: Dependabot config for MyFaces Core?

[Volodymyr Siedlecki]

Lot of emails from dependabot, however.
 
- Original message -From: "Volodymyr Siedlecki" To: dev@myfaces.apache.orgCc:Subject: [EXTERNAL] RE: Dependabot config for MyFaces Core?Date: Wed, Feb 10, 2021 4:27 PM   

 

+1I peeked around the Tobago GitHub page, and the dependabot feature looked pretty nice.I think some automation would be good to have -- would be easier for us to know which dependencies could/should be updated.Volodymyr
 
 
- Original message -From: Bernd Bohmann To: MyFaces Development Cc:Subject: [EXTERNAL] Re: Dependabot config for MyFaces Core?Date: Wed, Feb 10, 2021 11:09 AM    
Maven plugins and Master pom updates as well?
 
Of course we have dependencies. I don't want to go into this dependencies or not dependencies discussion.
What I see is that many of the versions are outdated. I would take any automated help!
 
Regards
 
Bernd
 
  

On Wed, Feb 10, 2021 at 4:46 PM Thomas Andraschko  wrote:
+0 we dont have dependencies, only for testing and buildingand IMO the bot is only nice to get updates for real dependencies, which could contain fixes and security fixes 

Am Mi., 10. Feb. 2021 um 16:42 Uhr schrieb Bernd Bohmann :
Hello Team,
 
any interest in adding dependabot configuration to MyFaces Core?
 
I have added it to the Tobago and MyFaces Master Pom Projects.
 
https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically
 
Regards
 
Bernd 
 
 

[GitHub] [myfaces-tobago] bohmber merged pull request #396: docs: demo sync with master, update versions, API links

[GitBox]

bohmber merged pull request #396:
URL: https://github.com/apache/myfaces-tobago/pull/396


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber closed pull request #369: chore(deps): bump mojarra20.version from 2.0.11-04 to 2.1.3_01

[GitBox]

bohmber closed pull request #369:
URL: https://github.com/apache/myfaces-tobago/pull/369


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] commented on pull request #369: chore(deps): bump mojarra20.version from 2.0.11-04 to 2.1.3_01

[GitBox]

dependabot[bot] commented on pull request #369:
URL: https://github.com/apache/myfaces-tobago/pull/369#issuecomment-777618676


   OK, I won't notify you again about this release, but will get in touch when 
a new version is available.
   
   If you change your mind, just re-open this PR and I'll resolve any conflicts 
on it.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #449: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

dependabot[bot] opened a new pull request #449:
URL: https://github.com/apache/myfaces-tobago/pull/449


   Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.7.
   
   Release notes
   Sourced from https://github.com/sass/dart-sass/releases;>sass's releases.
   
   Dart Sass 1.32.7
   To install Sass 1.32.7, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1327;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.6
   To install Sass 1.32.6, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with   start and end 
set.
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1326;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.5
   To install Sass 1.32.5, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   Potentially breaking bug fix: When using 
@for with numbers that have   units, the iteration variable now 
matches the unit of the initial number. This   matches the behavior of Ruby 
Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw   unexpected exceptions.
   
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/sass/dart-sass/blob/master/CHANGELOG.md;>sass's 
changelog.
   
   1.32.7
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without
   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   1.32.6
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with
   start and end set.
   
   1.32.5
   
   Potentially breaking bug fix: When using 
@for with numbers that have
   units, the iteration variable now matches the unit of the initial number. 
This
   matches the behavior of Ruby Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple
   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw
   unexpected exceptions.
   
   
   Fix Electron support when nodeIntegration is disabled.
   
   
   
   
   
   Commits
   
   https://github.com/sass/dart-sass/commit/1df37b1ee97525f7a600160cb841331af51958c0;>1df37b1
 Allow the null safety release of stream_transform (https://github-redirect.dependabot.com/sass/dart-sass/issues/1223;>#1223)
   https://github.com/sass/dart-sass/commit/cebf71b39e077f6e5ffd55cc72412a2fb49d78fe;>cebf71b
 Revert Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
 (https://github-redirect.dependabot.com/sass/dart-sass/issues/1229;>#1229)
   https://github.com/sass/dart-sass/commit/4ea9fff2bbc1eeb825c3a4bbb99b60acb6c06923;>4ea9fff
 Let last !default value of https://github.com/forward;>@forward...with be 
commaless. (https://github-redirect.dependabot.com/sass/dart-sass/issues/1226;>#1226)
   https://github.com/sass/dart-sass/commit/8afc238db7b0d947d1ebb1d15f6eb96a0cf137b9;>8afc238
 Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
   https://github.com/sass/dart-sass/commit/2682992bd4e35eda5b97060b07c7ac9a49690b88;>2682992
 Split SassNumber into separate subclasses based on units (https://github-redirect.dependabot.com/sass/dart-sass/issues/1221;>#1221)
   https://github.com/sass/dart-sass/commit/e664ea8ee3bfb0eb717c1a8ca73ff86017837679;>e664ea8
 Merge pull request https://github-redirect.dependabot.com/sass/dart-sass/issues/1217;>#1217
 from Mstrodl/patch-5
   https://github.com/sass/dart-sass/commit/058cf0e4df2f948ebc1287140f183c71f59c2b53;>058cf0e
 Fix fuzzyAssertRange, RangeError takes ints as min/max
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #447: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

dependabot[bot] opened a new pull request #447:
URL: https://github.com/apache/myfaces-tobago/pull/447


   Bumps [eslint](https://github.com/eslint/eslint) from 7.17.0 to 7.19.0.
   
   Release notes
   Sourced from https://github.com/eslint/eslint/releases;>eslint's releases.
   
   v7.19.0
   
   https://github.com/eslint/eslint/commit/ce7f06121d9eb9cc2b3da24b4456b4d382e1413b;>ce7f061
 Update: add shadowed variable loc to message in no-shadow (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13646;>#13646)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/13841;>#13841)
 (t-mangoe)
   https://github.com/eslint/eslint/commit/c60e23ff306a14ca6eabcadb275ed27995fcc6e4;>c60e23f
 Update: fix let logic in for-in and for-of loops in 
no-extra-parens (https://github-redirect.dependabot.com/eslint/eslint/issues/14011;>#14011)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/d76e8f69bd791357c67ada7b5c55608acf29b622;>d76e8f6
 Fix: no-useless-rename invalid autofix with parenthesized identifiers (https://github-redirect.dependabot.com/eslint/eslint/issues/14032;>#14032)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/5800d921144ec330b6ee7cd03364434007331354;>5800d92
 Docs: Clarify stylistic rule update policy (https://github-redirect.dependabot.com/eslint/eslint/issues/14052;>#14052)
 (Brandon Mills)
   https://github.com/eslint/eslint/commit/0ccf6d200147437b338cadb34546451972befd75;>0ccf6d2
 Docs: remove configuring.md (https://github-redirect.dependabot.com/eslint/eslint/issues/14036;>#14036)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/65bb0abde56f72586036fff151aa2d13f1b7be6c;>65bb0ab
 Chore: Clean up new issue workflow (https://github-redirect.dependabot.com/eslint/eslint/issues/14040;>#14040)
 (Nicholas C. Zakas)
   https://github.com/eslint/eslint/commit/e1da90fc414a3c9c16f52db4a5bd81bd4f9532a4;>e1da90f
 Fix: nested indenting for offsetTernaryExpressions: true (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13971;>#13971)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/13972;>#13972)
 (Chris Brody)
   https://github.com/eslint/eslint/commit/1a078b9166f29cb3760435ddbc1a0da4a0974d4a;>1a078b9
 Update: check ternary : even if ? was reported in 
space-infix-ops (https://github-redirect.dependabot.com/eslint/eslint/issues/13963;>#13963)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/fb274226242eaebc1480fc9c901202986afc3c8a;>fb27422
 Fix: extend prefer-const fixer range to whole declaration (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13899;>#13899)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14033;>#14033)
 (Nitin Kumar)
   https://github.com/eslint/eslint/commit/e0b05c704f3ce6f549d14718236d22fe49fcb611;>e0b05c7
 Docs: add a correct example to no-unsafe-optional-chaining (refs https://github-redirect.dependabot.com/eslint/eslint/issues/14029;>#14029)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14050;>#14050)
 (armin yahya)
   https://github.com/eslint/eslint/commit/46e836d46442d2ec756038a2e12ba19b74394dbd;>46e836d
 Sponsors: Sync README with website (ESLint Jenkins)
   https://github.com/eslint/eslint/commit/3fc4fa485ca9ccd5e16dbc7e53ba31452d22dc4a;>3fc4fa4
 Docs: update configuring links (https://github-redirect.dependabot.com/eslint/eslint/issues/14038;>#14038)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/8561c2116ef89e53ebffb750066f1b00a4acdb76;>8561c21
 Docs: fix broken links in configuring/README.md (https://github-redirect.dependabot.com/eslint/eslint/issues/14046;>#14046)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/1c309ebca4a81a0faf397103dbc621019dea8c9c;>1c309eb
 Update: fix no-invalid-regexp false negatives with no flags specified (https://github-redirect.dependabot.com/eslint/eslint/issues/14018;>#14018)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/f6602d569427e9e2a4f3b5ca3fc3a8bffb28d15e;>f6602d5
 Docs: Reorganize Configuration Documentation (https://github-redirect.dependabot.com/eslint/eslint/issues/13837;>#13837)
 (klkhan)
   https://github.com/eslint/eslint/commit/c753b442ef67867a178ffc2ad29b4e0534f72469;>c753b44
 Sponsors: Sync README with website (ESLint Jenkins)
   https://github.com/eslint/eslint/commit/a4fdb7001aa41b9ad8bb92cc8a47b9135c94afc7;>a4fdb70
 Docs: Fixed Typo (https://github-redirect.dependabot.com/eslint/eslint/issues/14007;>#14007)
 (Yash Singh)
   https://github.com/eslint/eslint/commit/f7ca48165d025e01c38698352cff24d1de87cc8b;>f7ca481
 Docs: Explain why we disable lock files (refs https://github-redirect.dependabot.com/eslint/tsc-meetings/issues/234;>eslint/tsc-meetings#234)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14006;>#14006)
 (Brandon Mills)
   
   v7.18.0
   
   https://github.com/eslint/eslint/commit/e3264b26a625d926a1ea96df1c4b643af5c3797c;>e3264b2
 Upgrade: @eslint/eslintrc to improve error message for 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #445: chore(deps-dev): bump eslint from 7.17.0 to 7.19.0 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

dependabot[bot] opened a new pull request #445:
URL: https://github.com/apache/myfaces-tobago/pull/445


   Bumps [eslint](https://github.com/eslint/eslint) from 7.17.0 to 7.19.0.
   
   Release notes
   Sourced from https://github.com/eslint/eslint/releases;>eslint's releases.
   
   v7.19.0
   
   https://github.com/eslint/eslint/commit/ce7f06121d9eb9cc2b3da24b4456b4d382e1413b;>ce7f061
 Update: add shadowed variable loc to message in no-shadow (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13646;>#13646)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/13841;>#13841)
 (t-mangoe)
   https://github.com/eslint/eslint/commit/c60e23ff306a14ca6eabcadb275ed27995fcc6e4;>c60e23f
 Update: fix let logic in for-in and for-of loops in 
no-extra-parens (https://github-redirect.dependabot.com/eslint/eslint/issues/14011;>#14011)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/d76e8f69bd791357c67ada7b5c55608acf29b622;>d76e8f6
 Fix: no-useless-rename invalid autofix with parenthesized identifiers (https://github-redirect.dependabot.com/eslint/eslint/issues/14032;>#14032)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/5800d921144ec330b6ee7cd03364434007331354;>5800d92
 Docs: Clarify stylistic rule update policy (https://github-redirect.dependabot.com/eslint/eslint/issues/14052;>#14052)
 (Brandon Mills)
   https://github.com/eslint/eslint/commit/0ccf6d200147437b338cadb34546451972befd75;>0ccf6d2
 Docs: remove configuring.md (https://github-redirect.dependabot.com/eslint/eslint/issues/14036;>#14036)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/65bb0abde56f72586036fff151aa2d13f1b7be6c;>65bb0ab
 Chore: Clean up new issue workflow (https://github-redirect.dependabot.com/eslint/eslint/issues/14040;>#14040)
 (Nicholas C. Zakas)
   https://github.com/eslint/eslint/commit/e1da90fc414a3c9c16f52db4a5bd81bd4f9532a4;>e1da90f
 Fix: nested indenting for offsetTernaryExpressions: true (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13971;>#13971)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/13972;>#13972)
 (Chris Brody)
   https://github.com/eslint/eslint/commit/1a078b9166f29cb3760435ddbc1a0da4a0974d4a;>1a078b9
 Update: check ternary : even if ? was reported in 
space-infix-ops (https://github-redirect.dependabot.com/eslint/eslint/issues/13963;>#13963)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/fb274226242eaebc1480fc9c901202986afc3c8a;>fb27422
 Fix: extend prefer-const fixer range to whole declaration (fixes https://github-redirect.dependabot.com/eslint/eslint/issues/13899;>#13899)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14033;>#14033)
 (Nitin Kumar)
   https://github.com/eslint/eslint/commit/e0b05c704f3ce6f549d14718236d22fe49fcb611;>e0b05c7
 Docs: add a correct example to no-unsafe-optional-chaining (refs https://github-redirect.dependabot.com/eslint/eslint/issues/14029;>#14029)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14050;>#14050)
 (armin yahya)
   https://github.com/eslint/eslint/commit/46e836d46442d2ec756038a2e12ba19b74394dbd;>46e836d
 Sponsors: Sync README with website (ESLint Jenkins)
   https://github.com/eslint/eslint/commit/3fc4fa485ca9ccd5e16dbc7e53ba31452d22dc4a;>3fc4fa4
 Docs: update configuring links (https://github-redirect.dependabot.com/eslint/eslint/issues/14038;>#14038)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/8561c2116ef89e53ebffb750066f1b00a4acdb76;>8561c21
 Docs: fix broken links in configuring/README.md (https://github-redirect.dependabot.com/eslint/eslint/issues/14046;>#14046)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/1c309ebca4a81a0faf397103dbc621019dea8c9c;>1c309eb
 Update: fix no-invalid-regexp false negatives with no flags specified (https://github-redirect.dependabot.com/eslint/eslint/issues/14018;>#14018)
 (Milos Djermanovic)
   https://github.com/eslint/eslint/commit/f6602d569427e9e2a4f3b5ca3fc3a8bffb28d15e;>f6602d5
 Docs: Reorganize Configuration Documentation (https://github-redirect.dependabot.com/eslint/eslint/issues/13837;>#13837)
 (klkhan)
   https://github.com/eslint/eslint/commit/c753b442ef67867a178ffc2ad29b4e0534f72469;>c753b44
 Sponsors: Sync README with website (ESLint Jenkins)
   https://github.com/eslint/eslint/commit/a4fdb7001aa41b9ad8bb92cc8a47b9135c94afc7;>a4fdb70
 Docs: Fixed Typo (https://github-redirect.dependabot.com/eslint/eslint/issues/14007;>#14007)
 (Yash Singh)
   https://github.com/eslint/eslint/commit/f7ca48165d025e01c38698352cff24d1de87cc8b;>f7ca481
 Docs: Explain why we disable lock files (refs https://github-redirect.dependabot.com/eslint/tsc-meetings/issues/234;>eslint/tsc-meetings#234)
 (https://github-redirect.dependabot.com/eslint/eslint/issues/14006;>#14006)
 (Brandon Mills)
   
   v7.18.0
   
   https://github.com/eslint/eslint/commit/e3264b26a625d926a1ea96df1c4b643af5c3797c;>e3264b2
 Upgrade: @eslint/eslintrc to improve error message for 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #444: chore(deps-dev): bump ajv and ajv-keywords in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

dependabot[bot] opened a new pull request #444:
URL: https://github.com/apache/myfaces-tobago/pull/444


   Bumps [ajv](https://github.com/ajv-validator/ajv) and 
[ajv-keywords](https://github.com/epoberezkin/ajv-keywords). These dependencies 
needed to be updated together.
   Updates `ajv` from 6.12.6 to 7.1.0
   
   Release notes
   Sourced from https://github.com/ajv-validator/ajv/releases;>ajv's 
releases.
   
   v7.1.0
   Support for JSON Type Definition RFC 8927 - a simple schema language 
provided as an alternative to JSON Schema.
   See these docs:
   
   an https://github.com/ajv-validator/ajv/blob/master/docs/json-type-definition.md;>informal
 document in Ajv repo
   https://datatracker.ietf.org/doc/rfc8927/;>RFC8927
   https://github.com/ajv-validator/ajv#choosing-schema-language;>choosing 
schema language - comparison with JSON Schema
   
   Allow : in keyword names (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1421;>#1421,
 https://github.com/teq0;>@teq0)
   v7.0.4
   Fix: duplicate functions in standalone validation code with mutually 
recursive schemas (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1361;>#1361)
   Fix: reference resolution when base URI change was not applied (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1414;>#1414)
   v7.0.3
   Fixes:
   
   oneOf error type (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1368;>#1368,
 https://github.com/G-Rath;>@G-Rath)
   remove multiple imports (rollup/plugins#745)
   
   Docs:
   
   Using in ES5 (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1364;>#1364,
 https://github.com/aladdin-add;>@aladdin-add)
   Option strictTypes: false has to be used with json-schema-secure schema 
(https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1373;>#1373)
   
   v7.0.2
   Remove duplicate functions from standalone validation code (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1361;>#1361)
   v7.0.1
   Update error message for maxLength/minLength 
keywords
   v7.0.0
   Please note: this document covers the changes from v6.12.6.
   The main changes
   
   support of JSON Schema draft-2019-09 features: https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#unevaluatedproperties;>unevaluatedProperties
 and https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#unevaluateditems;>unevaluatedItems,
 https://github.com/ajv-validator/ajv/blob/master/docs/validation.md#extending-recursive-schemas;>dynamic
 recursive references and other https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#json-schema-draft-2019-09;>additional
 keywords.
   comprehensive support for https://github.com/ajv-validator/ajv/blob/master/docs/standalone.md;>standalone
 validation code - compiling one or multiple schemas to standalone modules 
with one or multiple exports.
   to reduce the mistakes in JSON schemas and unexpected validation 
results, https://github.com/ajv-validator/ajv/blob/master/docs/strict-mode.md;>strict
 mode is added - it prohibits ignored or ambiguous JSON Schema elements. 
See https://github.com/ajv-validator/ajv/blob/master/docs/strict-mode.md;>Strict
 mode and https://github.com/ajv-validator/ajv/blob/master/docs/api.md;>Options 
for more details
   to make code injection from untrusted schemas impossible, https://github.com/ajv-validator/ajv/blob/master/docs/codegen.md;>code 
generation is fully re-written to be type-level safe against code 
injection.
   to simplify Ajv extensions, the new keyword API that is used by 
pre-defined keywords is available to user-defined keywords - it is much easier 
to define any keywords now, especially with subschemas.
   schemas are compiled to ES6 code (ES5 code generation is supported with 
an option).
   to improve reliability and maintainability the code is migrated to 
TypeScript.
   separate Ajv classes from draft-07 and draft-2019-09 support with 
different default imports (see https://github.com/ajv-validator/ajv#usage;>Getting started or https://github.com/ajv-validator/ajv/releases/tag/v7.0.0-beta.5;>v7.0.0-beta.5
 for the details).
   
   Please note:
   
   the support for JSON-Schema draft-04 is removed - if you have schemas 
using id attributes you have to replace them with $id 
(or continue using version 6 that will be supported until 02/28/2021).
   all formats are separated to https://github.com/ajv-validator/ajv-formats;>ajv-formats package - 
they have to be explicitly added if you use them.
   Ajv instance can only be created with new keyword, as Ajv 
is now ES6 class.
   browser bundles are automatically published to ajv-dist package (but 
still available on cdnjs.com).
   order of schema keyword validation changed - keywords that apply to all 
types (allOf etc.) are now validated first, before the keywords that apply to 
specific data types. You can still define custom keywords that apply to all 
types AND are validated after 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #448: chore(deps-dev): bump rollup from 2.37.1 to 2.38.5 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

dependabot[bot] opened a new pull request #448:
URL: https://github.com/apache/myfaces-tobago/pull/448


   Bumps [rollup](https://github.com/rollup/rollup) from 2.37.1 to 2.38.5.
   
   Release notes
   Sourced from https://github.com/rollup/rollup/releases;>rollup's releases.
   
   v2.38.5
   2021-02-05
   Bug Fixes
   
   Prevent invalid code when simplifying assignments and delcarations (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   Prevent behaviour-changing line-breaks when simplifying assignments in 
return statements (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   Slightly improve white-space rendering when simplifying certain 
expressions (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3951;>#3951:
 Wrap simplified assignments if necessary (https://github.com/lukastaegert;>@lukastaegert)
   
   v2.38.4
   2021-02-02
   Bug Fixes
   
   Do not change logic when tree-shaking declarations in if statements or 
loops (https://github-redirect.dependabot.com/rollup/rollup/issues/3947;>#3947)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3947;>#3947:
 Do not tear apart declarations in loop or if bodies (https://github.com/lukastaegert;>@lukastaegert)
   
   v2.38.3
   2021-02-01
   Bug Fixes
   
   Prevent an unexpected live-binding when default exporting a synthetic 
named export (https://github-redirect.dependabot.com/rollup/rollup/issues/3946;>#3946)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3945;>#3945:
 Upgrade chokidar and fsevents for Apple M1 compatibility (https://github.com/threepointone;>@threepointone)
   https://github-redirect.dependabot.com/rollup/rollup/pull/3946;>#3946:
 Make sure default exports snapshot synthetic named exports (https://github.com/lukastaegert;>@lukastaegert)
   
   v2.38.2
   2021-01-31
   Bug Fixes
   
   Do not generate invalid code for partially tree-shaken declarations in 
for loops (https://github-redirect.dependabot.com/rollup/rollup/issues/3943;>#3943)
   Always include function bodies of functions in side-effect-free modules 
(https://github-redirect.dependabot.com/rollup/rollup/issues/3944;>#3944)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3943;>#3943:
 Do not partially tree-shake unused declarations in for loops (https://github.com/lukastaegert;>@lukastaegert)
   https://github-redirect.dependabot.com/rollup/rollup/pull/3944;>#3944:
 Correctly include functions with side effects from side-effect-free modules 
(https://github.com/lukastaegert;>@lukastaegert)
   
   v2.38.1
   2021-01-28
   Bug Fixes
   
   Fix internal error when resolving a missing entry point in the browser 
build (https://github-redirect.dependabot.com/rollup/rollup/issues/3935;>#3935)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3935;>#3935:
 fix: remove isolated resolve() for compat with browser distribution (https://github.com/cmorten;>@cmorten and https://github.com/lukastaegert;>@lukastaegert)
   https://github-redirect.dependabot.com/rollup/rollup/pull/3936;>#3936:
 Ensure test after() callback is always executed (https://github.com/Benjamin-Dobell;>@Benjamin-Dobell)
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/rollup/rollup/blob/master/CHANGELOG.md;>rollup's 
changelog.
   
   2.38.5
   2021-02-05
   Bug Fixes
   
   Prevent invalid code when simplifying assignments and delcarations (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   Prevent behaviour-changing line-breaks when simplifying assignments in 
return statements (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   Slightly improve white-space rendering when simplifying certain 
expressions (https://github-redirect.dependabot.com/rollup/rollup/issues/3951;>#3951)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3951;>#3951:
 Wrap simplified assignments if necessary (https://github.com/lukastaegert;>@lukastaegert)
   
   2.38.4
   2021-02-02
   Bug Fixes
   
   Do not change logic when tree-shaking declarations in if statements or 
loops (https://github-redirect.dependabot.com/rollup/rollup/issues/3947;>#3947)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3947;>#3947:
 Do not tear apart declarations in loop or if bodies (https://github.com/lukastaegert;>@lukastaegert)
   
   2.38.3
   2021-02-01
   Bug Fixes
   
   Prevent an unexpected live-binding when default exporting a synthetic 
named export (https://github-redirect.dependabot.com/rollup/rollup/issues/3946;>#3946)
   
   Pull Requests
   
   https://github-redirect.dependabot.com/rollup/rollup/pull/3945;>#3945:
 Upgrade chokidar and fsevents for Apple M1 compatibility 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #442: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

dependabot[bot] opened a new pull request #442:
URL: https://github.com/apache/myfaces-tobago/pull/442


   Bumps [clean-css-cli](https://github.com/jakubpawlowicz/clean-css-cli) from 
4.3.0 to 5.0.1.
   
   Changelog
   Sourced from https://github.com/jakubpawlowicz/clean-css-cli/blob/master/History.md;>clean-css-cli's
 changelog.
   
   https://github.com/jakubpawlowicz/clean-css-cli/compare/v5.0.0...v5.0.1;>5.0.1
 / 2021-02-11
   
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/54;>#54
 - rebasing is still on if output option is used.
   
   https://github.com/jakubpawlowicz/clean-css-cli/compare/4.3...v5.0.0;>5.0.0
 / 2021-02-10
   
   Adds --batch-suffix option to specify what gets appended to 
output filename in batch mode.
   Bumps clean-css dependency to 5.0.
   Bumps commander dependency to 7.0.
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/18;>#18
 - allows batch processing of input files.
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/36;>#36
 - automatically creates missing output directories.
   
   
   
   
   Commits
   
   https://github.com/jakubpawlowicz/clean-css-cli/commit/02fd8930a858268c3b8de9d09062d44ee1a41a7a;>02fd893
 Version 5.0.1.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/0e15a2614bc22404a4e17e51d44ad49a899f566c;>0e15a26
 Fixes https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/54;>#54
 - rebasing is still on if output option is used.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/417b248ceb25072f1e0989b9b181307c9a87e72e;>417b248
 Version 5.0.0.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/5a51baf90e1616c397e122cf47a0d0a53b100038;>5a51baf
 Adds extra test covering --batch and --output used 
together.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/6f9c9f98ae2134bfeb7186f342dcccdb462ecc15;>6f9c9f9
 Adds FAQ section on new --batch option.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/1daac06d132be55a9db6642a203153f02ba9c710;>1daac06
 Removes Twitter mention in package.json.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/144efb542961e1ad380a9ca6fd69e038ddfc6f23;>144efb5
 Updates an example of dealing with CLI module interface.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/ff1be03a4ecf42fdbda8a15526559b5a58271d5d;>ff1be03
 Updates info on clean-css-cli v5 not doing rebasing by default.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/3ea1242bee7eed6396b1c97d3eb9b47c96f47c8f;>3ea1242
 Reorders version summaries in README.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/4c17387faa67c33e989df3c04effce22c0706c5f;>4c17387
 Removes link to Twitter profile as we won't be using it anymore.
   Additional commits viewable in https://github.com/jakubpawlowicz/clean-css-cli/compare/v4.3.0...v5.0.1;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clean-css-cli=npm_and_yarn=4.3.0=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #441: chore(deps-dev): bump uglify-js from 3.12.4 to 3.12.7 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

dependabot[bot] opened a new pull request #441:
URL: https://github.com/apache/myfaces-tobago/pull/441


   Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.12.4 to 3.12.7.
   
   Release notes
   Sourced from https://github.com/mishoo/UglifyJS/releases;>uglify-js's 
releases.
   
   v3.12.7
    
   v3.12.6
    
   v3.12.5
    
   
   
   
   Commits
   
   https://github.com/mishoo/UglifyJS/commit/5c84dfa1517c89018cf61b9e356224b08f393052;>5c84dfa
 v3.12.7
   https://github.com/mishoo/UglifyJS/commit/5359900b78fdf3006dafc13a206332d2fb2b1ea4;>5359900
 enhance compress on arrow and async functions (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4616;>#4616)
   https://github.com/mishoo/UglifyJS/commit/739fa266f80802f75838cc4053e615b27abcf361;>739fa26
 fix corner case in pure_getters (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4615;>#4615)
   https://github.com/mishoo/UglifyJS/commit/da24dfb59ea9c67d98f39daab4299b75c15978ea;>da24dfb
 fix corner cases with function inlining (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4613;>#4613)
   https://github.com/mishoo/UglifyJS/commit/a2f27c7640fee2c981b49ee484a37e1721622bb3;>a2f27c7
 fix corner cases in templates (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4610;>#4610)
   https://github.com/mishoo/UglifyJS/commit/3c556b8689346f8256781455c0e1b2f00975570f;>3c556b8
 fix corner case in arguments (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4609;>#4609)
   https://github.com/mishoo/UglifyJS/commit/7110c6923b8ef82f295f5d9ff9d42d2f88432810;>7110c69
 fix corner case in templates (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4607;>#4607)
   https://github.com/mishoo/UglifyJS/commit/b27b6807cb01b6068cecda435b6b6b2a2ef5af07;>b27b680
 fix corner case in collapse_vars (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4605;>#4605)
   https://github.com/mishoo/UglifyJS/commit/ba6e29d6fd8df2434cb372b94c7aaccb68bc272f;>ba6e29d
 introduce templates (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4603;>#4603)
   https://github.com/mishoo/UglifyJS/commit/d4685640a00a0c998041c96ec197e613bd67b7b3;>d468564
 support template literals (https://github-redirect.dependabot.com/mishoo/UglifyJS/issues/4601;>#4601)
   Additional commits viewable in https://github.com/mishoo/UglifyJS/compare/v3.12.4...v3.12.7;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uglify-js=npm_and_yarn=3.12.4=3.12.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #446: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-charlotteville/npm

[GitBox]

dependabot[bot] opened a new pull request #446:
URL: https://github.com/apache/myfaces-tobago/pull/446


   Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.7.
   
   Release notes
   Sourced from https://github.com/sass/dart-sass/releases;>sass's releases.
   
   Dart Sass 1.32.7
   To install Sass 1.32.7, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1327;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.6
   To install Sass 1.32.6, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with   start and end 
set.
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1326;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.5
   To install Sass 1.32.5, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   Potentially breaking bug fix: When using 
@for with numbers that have   units, the iteration variable now 
matches the unit of the initial number. This   matches the behavior of Ruby 
Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw   unexpected exceptions.
   
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/sass/dart-sass/blob/master/CHANGELOG.md;>sass's 
changelog.
   
   1.32.7
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without
   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   1.32.6
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with
   start and end set.
   
   1.32.5
   
   Potentially breaking bug fix: When using 
@for with numbers that have
   units, the iteration variable now matches the unit of the initial number. 
This
   matches the behavior of Ruby Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple
   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw
   unexpected exceptions.
   
   
   Fix Electron support when nodeIntegration is disabled.
   
   
   
   
   
   Commits
   
   https://github.com/sass/dart-sass/commit/1df37b1ee97525f7a600160cb841331af51958c0;>1df37b1
 Allow the null safety release of stream_transform (https://github-redirect.dependabot.com/sass/dart-sass/issues/1223;>#1223)
   https://github.com/sass/dart-sass/commit/cebf71b39e077f6e5ffd55cc72412a2fb49d78fe;>cebf71b
 Revert Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
 (https://github-redirect.dependabot.com/sass/dart-sass/issues/1229;>#1229)
   https://github.com/sass/dart-sass/commit/4ea9fff2bbc1eeb825c3a4bbb99b60acb6c06923;>4ea9fff
 Let last !default value of https://github.com/forward;>@forward...with be 
commaless. (https://github-redirect.dependabot.com/sass/dart-sass/issues/1226;>#1226)
   https://github.com/sass/dart-sass/commit/8afc238db7b0d947d1ebb1d15f6eb96a0cf137b9;>8afc238
 Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
   https://github.com/sass/dart-sass/commit/2682992bd4e35eda5b97060b07c7ac9a49690b88;>2682992
 Split SassNumber into separate subclasses based on units (https://github-redirect.dependabot.com/sass/dart-sass/issues/1221;>#1221)
   https://github.com/sass/dart-sass/commit/e664ea8ee3bfb0eb717c1a8ca73ff86017837679;>e664ea8
 Merge pull request https://github-redirect.dependabot.com/sass/dart-sass/issues/1217;>#1217
 from Mstrodl/patch-5
   https://github.com/sass/dart-sass/commit/058cf0e4df2f948ebc1287140f183c71f59c2b53;>058cf0e
 Fix fuzzyAssertRange, RangeError takes ints as min/max
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #443: chore(deps-dev): bump ts-jest from 26.4.4 to 26.5.1 in /tobago-theme/tobago-theme-standard/npm

[GitBox]

dependabot[bot] opened a new pull request #443:
URL: https://github.com/apache/myfaces-tobago/pull/443


   Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 26.4.4 to 26.5.1.
   
   Changelog
   Sourced from https://github.com/kulshekhar/ts-jest/blob/master/CHANGELOG.md;>ts-jest's 
changelog.
   
   https://github.com/kulshekhar/ts-jest/compare/v26.5.0...v26.5.1;>26.5.1
 (2021-02-09)
   Features
   
   config: support typed config options for jest config 
typescript (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2336;>#2336)
 (https://github.com/kulshekhar/ts-jest/commit/f4f5d3205d1c80e545a32c02c6a66e7e91386f7f;>f4f5d32)
   presets: add typing for presets entry 
point (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2341;>#2341)
 (https://github.com/kulshekhar/ts-jest/commit/e12b004dcc5848d5ae0638e885147c54e11cc72b;>e12b004),
 closes https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2325;>#2325
   
   https://github.com/kulshekhar/ts-jest/compare/v27.0.0-next.4...v27.0.0-next.5;>27.0.0-next.5
 (2021-02-04)
   Features
   
   compiler: allow custom transformers to access internal 
Program (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2299;>#2299)
 (https://github.com/kulshekhar/ts-jest/commit/387964faed14ce24d2cf8170a04eee244d69b8b9;>387964f)
   
   BREAKING CHANGES
   ts-jest custom AST transformer function signature has 
changed to
   import type { TsCompilerInstance } from 'ts-jest/dist/types'
   export function factory(compilerInstance: TsCompilerInstance) {
   //...
   }
   
   
   
   
   Commits
   
   https://github.com/kulshekhar/ts-jest/commit/1965e205908f818d4f2f2e8f074c8ff271af5dd3;>1965e20
 chore(release): 26.5.1 (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2342;>#2342)
   https://github.com/kulshekhar/ts-jest/commit/e12b004dcc5848d5ae0638e885147c54e11cc72b;>e12b004
 feat(presets): add typing for presets entry point (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2341;>#2341)
   https://github.com/kulshekhar/ts-jest/commit/f4f5d3205d1c80e545a32c02c6a66e7e91386f7f;>f4f5d32
 feat(config): support typed config options for jest config typescript (https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2336;>#2336)
   https://github.com/kulshekhar/ts-jest/commit/b8d5d2090567f23947d9efd87f5f869b16bf2e8a;>b8d5d20
 fix: reduce size of node_modules when adding ts-jest 
(https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2309;>#2309)
   https://github.com/kulshekhar/ts-jest/commit/0c555c250774a7fd9e356cf20a3d8b693cd82fd3;>0c555c2
 feat(config): introduce exclude to exclude files from diagnostics 
(https://github-redirect.dependabot.com/kulshekhar/ts-jest/issues/2308;>#2308)
   See full diff in https://github.com/kulshekhar/ts-jest/compare/v26.4.4...v26.5.1;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ts-jest=npm_and_yarn=26.4.4=26.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #437: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

dependabot[bot] opened a new pull request #437:
URL: https://github.com/apache/myfaces-tobago/pull/437


   Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.7.
   
   Release notes
   Sourced from https://github.com/sass/dart-sass/releases;>sass's releases.
   
   Dart Sass 1.32.7
   To install Sass 1.32.7, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1327;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.6
   To install Sass 1.32.6, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with   start and end 
set.
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1326;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.5
   To install Sass 1.32.5, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   Potentially breaking bug fix: When using 
@for with numbers that have   units, the iteration variable now 
matches the unit of the initial number. This   matches the behavior of Ruby 
Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw   unexpected exceptions.
   
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/sass/dart-sass/blob/master/CHANGELOG.md;>sass's 
changelog.
   
   1.32.7
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without
   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   1.32.6
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with
   start and end set.
   
   1.32.5
   
   Potentially breaking bug fix: When using 
@for with numbers that have
   units, the iteration variable now matches the unit of the initial number. 
This
   matches the behavior of Ruby Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple
   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw
   unexpected exceptions.
   
   
   Fix Electron support when nodeIntegration is disabled.
   
   
   
   
   
   Commits
   
   https://github.com/sass/dart-sass/commit/1df37b1ee97525f7a600160cb841331af51958c0;>1df37b1
 Allow the null safety release of stream_transform (https://github-redirect.dependabot.com/sass/dart-sass/issues/1223;>#1223)
   https://github.com/sass/dart-sass/commit/cebf71b39e077f6e5ffd55cc72412a2fb49d78fe;>cebf71b
 Revert Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
 (https://github-redirect.dependabot.com/sass/dart-sass/issues/1229;>#1229)
   https://github.com/sass/dart-sass/commit/4ea9fff2bbc1eeb825c3a4bbb99b60acb6c06923;>4ea9fff
 Let last !default value of https://github.com/forward;>@forward...with be 
commaless. (https://github-redirect.dependabot.com/sass/dart-sass/issues/1226;>#1226)
   https://github.com/sass/dart-sass/commit/8afc238db7b0d947d1ebb1d15f6eb96a0cf137b9;>8afc238
 Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
   https://github.com/sass/dart-sass/commit/2682992bd4e35eda5b97060b07c7ac9a49690b88;>2682992
 Split SassNumber into separate subclasses based on units (https://github-redirect.dependabot.com/sass/dart-sass/issues/1221;>#1221)
   https://github.com/sass/dart-sass/commit/e664ea8ee3bfb0eb717c1a8ca73ff86017837679;>e664ea8
 Merge pull request https://github-redirect.dependabot.com/sass/dart-sass/issues/1217;>#1217
 from Mstrodl/patch-5
   https://github.com/sass/dart-sass/commit/058cf0e4df2f948ebc1287140f183c71f59c2b53;>058cf0e
 Fix fuzzyAssertRange, RangeError takes ints as min/max
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #440: chore(deps-dev): bump ajv and ajv-keywords in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

dependabot[bot] opened a new pull request #440:
URL: https://github.com/apache/myfaces-tobago/pull/440


   Bumps [ajv](https://github.com/ajv-validator/ajv) and 
[ajv-keywords](https://github.com/epoberezkin/ajv-keywords). These dependencies 
needed to be updated together.
   Updates `ajv` from 6.12.6 to 7.1.0
   
   Release notes
   Sourced from https://github.com/ajv-validator/ajv/releases;>ajv's 
releases.
   
   v7.1.0
   Support for JSON Type Definition RFC 8927 - a simple schema language 
provided as an alternative to JSON Schema.
   See these docs:
   
   an https://github.com/ajv-validator/ajv/blob/master/docs/json-type-definition.md;>informal
 document in Ajv repo
   https://datatracker.ietf.org/doc/rfc8927/;>RFC8927
   https://github.com/ajv-validator/ajv#choosing-schema-language;>choosing 
schema language - comparison with JSON Schema
   
   Allow : in keyword names (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1421;>#1421,
 https://github.com/teq0;>@teq0)
   v7.0.4
   Fix: duplicate functions in standalone validation code with mutually 
recursive schemas (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1361;>#1361)
   Fix: reference resolution when base URI change was not applied (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1414;>#1414)
   v7.0.3
   Fixes:
   
   oneOf error type (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1368;>#1368,
 https://github.com/G-Rath;>@G-Rath)
   remove multiple imports (rollup/plugins#745)
   
   Docs:
   
   Using in ES5 (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1364;>#1364,
 https://github.com/aladdin-add;>@aladdin-add)
   Option strictTypes: false has to be used with json-schema-secure schema 
(https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1373;>#1373)
   
   v7.0.2
   Remove duplicate functions from standalone validation code (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1361;>#1361)
   v7.0.1
   Update error message for maxLength/minLength 
keywords
   v7.0.0
   Please note: this document covers the changes from v6.12.6.
   The main changes
   
   support of JSON Schema draft-2019-09 features: https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#unevaluatedproperties;>unevaluatedProperties
 and https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#unevaluateditems;>unevaluatedItems,
 https://github.com/ajv-validator/ajv/blob/master/docs/validation.md#extending-recursive-schemas;>dynamic
 recursive references and other https://github.com/ajv-validator/ajv/blob/master/docs/json-schema.md#json-schema-draft-2019-09;>additional
 keywords.
   comprehensive support for https://github.com/ajv-validator/ajv/blob/master/docs/standalone.md;>standalone
 validation code - compiling one or multiple schemas to standalone modules 
with one or multiple exports.
   to reduce the mistakes in JSON schemas and unexpected validation 
results, https://github.com/ajv-validator/ajv/blob/master/docs/strict-mode.md;>strict
 mode is added - it prohibits ignored or ambiguous JSON Schema elements. 
See https://github.com/ajv-validator/ajv/blob/master/docs/strict-mode.md;>Strict
 mode and https://github.com/ajv-validator/ajv/blob/master/docs/api.md;>Options 
for more details
   to make code injection from untrusted schemas impossible, https://github.com/ajv-validator/ajv/blob/master/docs/codegen.md;>code 
generation is fully re-written to be type-level safe against code 
injection.
   to simplify Ajv extensions, the new keyword API that is used by 
pre-defined keywords is available to user-defined keywords - it is much easier 
to define any keywords now, especially with subschemas.
   schemas are compiled to ES6 code (ES5 code generation is supported with 
an option).
   to improve reliability and maintainability the code is migrated to 
TypeScript.
   separate Ajv classes from draft-07 and draft-2019-09 support with 
different default imports (see https://github.com/ajv-validator/ajv#usage;>Getting started or https://github.com/ajv-validator/ajv/releases/tag/v7.0.0-beta.5;>v7.0.0-beta.5
 for the details).
   
   Please note:
   
   the support for JSON-Schema draft-04 is removed - if you have schemas 
using id attributes you have to replace them with $id 
(or continue using version 6 that will be supported until 02/28/2021).
   all formats are separated to https://github.com/ajv-validator/ajv-formats;>ajv-formats package - 
they have to be explicitly added if you use them.
   Ajv instance can only be created with new keyword, as Ajv 
is now ES6 class.
   browser bundles are automatically published to ajv-dist package (but 
still available on cdnjs.com).
   order of schema keyword validation changed - keywords that apply to all 
types (allOf etc.) are now validated first, before the keywords that apply to 
specific data types. You can still define custom keywords that apply to all 
types AND are validated after 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #438: chore(deps-dev): bump @rollup/plugin-node-resolve from 11.1.0 to 11.1.1 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #438:
URL: https://github.com/apache/myfaces-tobago/pull/438


   Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins) from 
11.1.0 to 11.1.1.
   
   Commits
   
   https://github.com/rollup/plugins/commit/e09c8cf10e6211db9b44ef75ac9a72a4968c1465;>e09c8cf
 chore(release): node-resolve v11.1.1
   https://github.com/rollup/plugins/commit/4a1b9daf90519375b3d20a18e3e4e5b4e0a7c9cd;>4a1b9da
 chore(release): alias v3.1.2
   https://github.com/rollup/plugins/commit/ab36ab633bc9de6564f3cfb748021000b5cd65a2;>ab36ab6
 chore(release): html v0.2.2
   https://github.com/rollup/plugins/commit/809b76a86add59bd4d5394b0f6b47a9935e2e8b2;>809b76a
 chore(release): html v0.2.1
   https://github.com/rollup/plugins/commit/ce65c12ff95c8c554726a8e1f17e827c5d2bf327;>ce65c12
 chore(html): run build before publish
   https://github.com/rollup/plugins/commit/181b929e5eb867afcf206491cce91bce7ea3e054;>181b929
 fix(typescript): fix plugin type declarations (https://github-redirect.dependabot.com/rollup/plugins/issues/647;>#647)
   https://github.com/rollup/plugins/commit/d9fb47d756470966b6b01bac2c2110b1f76b3cd2;>d9fb47d
 fix(commonjs): correctly replace shorthand require (https://github-redirect.dependabot.com/rollup/plugins/issues/764;>#764)
   https://github.com/rollup/plugins/commit/03e32d2d0b342e00968cf4c9e0bc6fcf359581c0;>03e32d2
 feat(legacy): normalize exports paths (https://github-redirect.dependabot.com/rollup/plugins/issues/775;>#775)
   https://github.com/rollup/plugins/commit/2711aa8d0c29dfb3e08b86823cec864f3c8f7cc4;>2711aa8
 fix(typescript): only emit tsbuildinfo file when there is something to emit 
(...
   https://github.com/rollup/plugins/commit/6b4b7b6748d5c043b6b56d02b39eb4c7e29c78ac;>6b4b7b6
 docs(babel): add usage with commonjs. fixes https://github-redirect.dependabot.com/rollup/plugins/issues/622;>#622
   Additional commits viewable in https://github.com/rollup/plugins/compare/commonjs-v11.1.0...node-resolve-v11.1.1;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@rollup/plugin-node-resolve=npm_and_yarn=11.1.0=11.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #439: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

dependabot[bot] opened a new pull request #439:
URL: https://github.com/apache/myfaces-tobago/pull/439


   Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.7.
   
   Release notes
   Sourced from https://github.com/sass/dart-sass/releases;>sass's releases.
   
   Dart Sass 1.32.7
   To install Sass 1.32.7, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1327;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.6
   To install Sass 1.32.6, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with   start and end 
set.
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1326;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.5
   To install Sass 1.32.5, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   Potentially breaking bug fix: When using 
@for with numbers that have   units, the iteration variable now 
matches the unit of the initial number. This   matches the behavior of Ruby 
Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw   unexpected exceptions.
   
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/sass/dart-sass/blob/master/CHANGELOG.md;>sass's 
changelog.
   
   1.32.7
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without
   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   1.32.6
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with
   start and end set.
   
   1.32.5
   
   Potentially breaking bug fix: When using 
@for with numbers that have
   units, the iteration variable now matches the unit of the initial number. 
This
   matches the behavior of Ruby Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple
   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw
   unexpected exceptions.
   
   
   Fix Electron support when nodeIntegration is disabled.
   
   
   
   
   
   Commits
   
   https://github.com/sass/dart-sass/commit/1df37b1ee97525f7a600160cb841331af51958c0;>1df37b1
 Allow the null safety release of stream_transform (https://github-redirect.dependabot.com/sass/dart-sass/issues/1223;>#1223)
   https://github.com/sass/dart-sass/commit/cebf71b39e077f6e5ffd55cc72412a2fb49d78fe;>cebf71b
 Revert Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
 (https://github-redirect.dependabot.com/sass/dart-sass/issues/1229;>#1229)
   https://github.com/sass/dart-sass/commit/4ea9fff2bbc1eeb825c3a4bbb99b60acb6c06923;>4ea9fff
 Let last !default value of https://github.com/forward;>@forward...with be 
commaless. (https://github-redirect.dependabot.com/sass/dart-sass/issues/1226;>#1226)
   https://github.com/sass/dart-sass/commit/8afc238db7b0d947d1ebb1d15f6eb96a0cf137b9;>8afc238
 Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
   https://github.com/sass/dart-sass/commit/2682992bd4e35eda5b97060b07c7ac9a49690b88;>2682992
 Split SassNumber into separate subclasses based on units (https://github-redirect.dependabot.com/sass/dart-sass/issues/1221;>#1221)
   https://github.com/sass/dart-sass/commit/e664ea8ee3bfb0eb717c1a8ca73ff86017837679;>e664ea8
 Merge pull request https://github-redirect.dependabot.com/sass/dart-sass/issues/1217;>#1217
 from Mstrodl/patch-5
   https://github.com/sass/dart-sass/commit/058cf0e4df2f948ebc1287140f183c71f59c2b53;>058cf0e
 Fix fuzzyAssertRange, RangeError takes ints as min/max
   

[GitHub] [myfaces-tobago] bohmber merged pull request #427: chore(deps): bump build-helper-maven-plugin from 1.9.1 to 3.2.0

[GitBox]

bohmber merged pull request #427:
URL: https://github.com/apache/myfaces-tobago/pull/427


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #436: chore(deps-dev): bump postcss-cli from 8.2.0 to 8.3.1 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #436:
URL: https://github.com/apache/myfaces-tobago/pull/436


   Bumps [postcss-cli](https://github.com/postcss/postcss-cli) from 8.2.0 to 
8.3.1.
   
   Changelog
   Sourced from https://github.com/postcss/postcss-cli/blob/master/CHANGELOG.md;>postcss-cli's
 changelog.
   
   8.3.1 / 2020-12-12
   
   Ensure paths are not interpreted as numbers (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/360;>#360)
   Better errors for incorrect postcss version (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/361;>#361,
 https://github-redirect.dependabot.com/postcss/postcss-cli/pull/362;>#362)
   
   8.3.0 / 2020-11-17
   
   Exit on EOF/^D (https://github-redirect.dependabot.com/postcss/postcss-cli/pull/358;>#358)
   
   
   
   
   Commits
   
   https://github.com/postcss/postcss-cli/commit/35545bdb384d0e75ffa4385de960968f4a6cd28d;>35545bd
 8.3.1
   https://github.com/postcss/postcss-cli/commit/f25d3de608f9e1990b3d6bc2edf2d6c008f7c8fb;>f25d3de
 Fix PostCSS CLI logo not loading (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/363;>#363)
   https://github.com/postcss/postcss-cli/commit/96b6521da8b8fb0349a853e432be4e4e272da4a2;>96b6521
 Error when using unsupported PostCSS version (fix https://github-redirect.dependabot.com/postcss/postcss-cli/issues/361;>#361)
 (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/362;>#362)
   https://github.com/postcss/postcss-cli/commit/4b9b66d5338b925ec6b52e2fd4bb1e5901038fbc;>4b9b66d
 Cast to string before passing input globs to slash
   https://github.com/postcss/postcss-cli/commit/453aaec22c02064693ec8ee4d704a33ead27b97a;>453aaec
 Update dependency prettier to ~2.2.0 (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/359;>#359)
   https://github.com/postcss/postcss-cli/commit/1e7bf403f352caf67b45d48870e29900e6b9aa9e;>1e7bf40
 8.3.0
   https://github.com/postcss/postcss-cli/commit/b19fbdc07718dfad6d8cd501219be6bb2705960b;>b19fbdc
 Exit watch process on EOF / Ctrl-D (https://github-redirect.dependabot.com/postcss/postcss-cli/issues/358;>#358)
   See full diff in https://github.com/postcss/postcss-cli/compare/8.2.0...8.3.1;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=postcss-cli=npm_and_yarn=8.2.0=8.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #433: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-roxborough/npm

[GitBox]

dependabot[bot] opened a new pull request #433:
URL: https://github.com/apache/myfaces-tobago/pull/433


   Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.1.3 to 
4.1.5.
   
   Release notes
   Sourced from https://github.com/Microsoft/TypeScript/releases;>typescript's 
releases.
   
   TypeScript 4.1.5
   This release contains a fix for https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42718;>an
 issue when language service plugins have no specified name.
   TypeScript 4.1.4
   This release contains fixes for a https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42712;>security
 risk involving language service plugin loading. More details are available 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639;>here.
   
   
   
   Commits
   
   https://github.com/microsoft/TypeScript/commit/aace53f7d71af11e4b89dd074a1657964a22d0b4;>aace53f
 Bump version to 4.1.5 and LKG
   https://github.com/microsoft/TypeScript/commit/af0ad8089777ef8df16b0980b0972f1e214308fe;>af0ad80
 Handle if plugin doesnt specify name (https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/42720;>#42720)
   https://github.com/microsoft/TypeScript/commit/c329d68d4591d31d966ab64e0da579c95a1c5e1d;>c329d68
 Bump version to 4.1.4 and LKG
   https://github.com/microsoft/TypeScript/commit/7bc71732c1fd09d910433f7f020a2de312e9549f;>7bc7173
 Allow only package names as plugin names
   See full diff in https://github.com/Microsoft/TypeScript/compare/v4.1.3...v4.1.5;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript=npm_and_yarn=4.1.3=4.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #434: chore(deps): bump bootstrap from 5.0.0-beta1 to 5.0.0-beta2 in /tobago-theme/tobago-theme-scarborough/npm

[GitBox]

dependabot[bot] opened a new pull request #434:
URL: https://github.com/apache/myfaces-tobago/pull/434


   Bumps [bootstrap](https://github.com/twbs/bootstrap) from 5.0.0-beta1 to 
5.0.0-beta2.
   
   Release notes
   Sourced from https://github.com/twbs/bootstrap/releases;>bootstrap's 
releases.
   
   v5.0.0-beta2
   Highlights
   
   Dropdowns:
   
   Updated dropdown plugin to add 
data-bs-popper=static via JS to the 
.dropdown-menu when the trigger has add 
data-bs-display=static and 
data-bs-popper=none when in navbars.
   Modified several selectors to separate our positioning styles from the 
Popper.js styles.
   
   
   Navbars:
   
   Added a new .navbar-nav-scroll class to enable vertical 
scrolling when a collapsed navbar is opened. It's customizable via Sass and a 
CSS variable. https://getbootstrap.com/docs/5.0/components/navbar/#scrolling;>Read more 
in the docs.
   We've re-added flex-grow to the 
.navbar-collapse to restore the flexbox behaviors from v4 and 
prevent some content from being inadvertently squished.
   
   
   Forms:
   
   Removed vertical-align from .form-select
   Form validation mixin updated with additional parameters
   Fixed validation icon placement in .form-select
   Checkboxes and radio buttons are aligned better in input groups
   
   
   Buttons:
   
   Added variables for tinting and shading button state colors
   Suppressed the default focus outline for buttons in Chromium
   
   
   Toasts:
   
   Added word-break to .toast-body
   Added a live example to the docs to trigger a real toast
   
   
   Carousels:
   
   Updated docs examples to use buttons wherever 
possible instead of a elements.
   CSS selectors changed for using buttons as 
indicators (from .carousel-indicators li to 
.carousel-indicators [data-bs-target]).
   
   
   Bundles:
   
   Added our helpers to the utilities CSS bundle
   
   
   JavaScript:
   
   Dropdown now emits events on the .dropdown-toggle instead 
of the .dropdown.
   Restored the offset option for dropdowns.
   Fixed modal toggling when clicking on 
data-bs-toggle=modal.
   We now build our base component as a separate .js file.
   We now prevent getSelector from returning URLs as selector 
which caused errors in dropdown and scrollspy plugins.
   Refactored components to use a utility function to define jQuery 
plugins
   
   
   
    Features
   
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32037;>#32037:
 Add .navbar-nav-scroll for vertical scrolling of navbar 
content
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32317;>#32317:
 Add variables for modifying button state colours.
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32376;>#32376:
 Support Popper virtual elements
   
   ⚡ Performance Improvements
   
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32348;>#32348:
 Use box shadows instead of linear gradients to colorize tables
   
    CSS
   
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/31757;>#31757:
 Extended Form validation states capabilities
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32037;>#32037:
 Add .navbar-nav-scroll for vertical scrolling of navbar 
content
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32317;>#32317:
 Add variables for modifying button state colours.
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32318;>#32318:
 Remove vertical-align from .form-select
   https://github-redirect.dependabot.com/twbs/bootstrap/issues/32324;>#32324:
 Add helpers to utilities bundle
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/twbs/bootstrap/commit/e50c11b8c6434b6d68ea5897771e4d35fe12f5c3;>e50c11b
 Release v5.0.0-beta2 (https://github-redirect.dependabot.com/twbs/bootstrap/issues/32467;>#32467)
   https://github.com/twbs/bootstrap/commit/2bb42a9176e7ea361aa1ab0050da5be6a5cb56ea;>2bb42a9
 docs(scroll offset): improve a11y for sticky header (https://github-redirect.dependabot.com/twbs/bootstrap/issues/33027;>#33027)
   https://github.com/twbs/bootstrap/commit/2ab6dbd2d696d403c6914d820a3847542d468df1;>2ab6dbd
 Downgrade karma to v6.0.4. (https://github-redirect.dependabot.com/twbs/bootstrap/issues/33030;>#33030)
   https://github.com/twbs/bootstrap/commit/f7088e5d28d019f9876b71333185120b811ecb08;>f7088e5
 Add function type for popperConfig option (https://github-redirect.dependabot.com/twbs/bootstrap/issues/32882;>#32882)
   https://github.com/twbs/bootstrap/commit/29e0c9dfa1c4324e4e2a8cf0b66e27b9e72f09a5;>29e0c9d
 Dropdown — Change the selector to check the use of Popper (https://github-redirect.dependabot.com/twbs/bootstrap/issues/33003;>#33003)
   https://github.com/twbs/bootstrap/commit/91d3da1f3dca3127d50b81928c01d4bd63054269;>91d3da1
 fix(navbar): ensure .navbar-collapse behaves as intended (https://github-redirect.dependabot.com/twbs/bootstrap/issues/33022;>#33022)
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #435: chore(deps-dev): bump clean-css-cli from 4.3.0 to 5.0.1 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #435:
URL: https://github.com/apache/myfaces-tobago/pull/435


   Bumps [clean-css-cli](https://github.com/jakubpawlowicz/clean-css-cli) from 
4.3.0 to 5.0.1.
   
   Changelog
   Sourced from https://github.com/jakubpawlowicz/clean-css-cli/blob/master/History.md;>clean-css-cli's
 changelog.
   
   https://github.com/jakubpawlowicz/clean-css-cli/compare/v5.0.0...v5.0.1;>5.0.1
 / 2021-02-11
   
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/54;>#54
 - rebasing is still on if output option is used.
   
   https://github.com/jakubpawlowicz/clean-css-cli/compare/4.3...v5.0.0;>5.0.0
 / 2021-02-10
   
   Adds --batch-suffix option to specify what gets appended to 
output filename in batch mode.
   Bumps clean-css dependency to 5.0.
   Bumps commander dependency to 7.0.
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/18;>#18
 - allows batch processing of input files.
   Fixed issue https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/36;>#36
 - automatically creates missing output directories.
   
   
   
   
   Commits
   
   https://github.com/jakubpawlowicz/clean-css-cli/commit/02fd8930a858268c3b8de9d09062d44ee1a41a7a;>02fd893
 Version 5.0.1.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/0e15a2614bc22404a4e17e51d44ad49a899f566c;>0e15a26
 Fixes https://github-redirect.dependabot.com/jakubpawlowicz/clean-css-cli/issues/54;>#54
 - rebasing is still on if output option is used.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/417b248ceb25072f1e0989b9b181307c9a87e72e;>417b248
 Version 5.0.0.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/5a51baf90e1616c397e122cf47a0d0a53b100038;>5a51baf
 Adds extra test covering --batch and --output used 
together.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/6f9c9f98ae2134bfeb7186f342dcccdb462ecc15;>6f9c9f9
 Adds FAQ section on new --batch option.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/1daac06d132be55a9db6642a203153f02ba9c710;>1daac06
 Removes Twitter mention in package.json.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/144efb542961e1ad380a9ca6fd69e038ddfc6f23;>144efb5
 Updates an example of dealing with CLI module interface.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/ff1be03a4ecf42fdbda8a15526559b5a58271d5d;>ff1be03
 Updates info on clean-css-cli v5 not doing rebasing by default.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/3ea1242bee7eed6396b1c97d3eb9b47c96f47c8f;>3ea1242
 Reorders version summaries in README.
   https://github.com/jakubpawlowicz/clean-css-cli/commit/4c17387faa67c33e989df3c04effce22c0706c5f;>4c17387
 Removes link to Twitter profile as we won't be using it anymore.
   Additional commits viewable in https://github.com/jakubpawlowicz/clean-css-cli/compare/v4.3.0...v5.0.1;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clean-css-cli=npm_and_yarn=4.3.0=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #432: chore(deps-dev): bump autoprefixer from 10.0.2 to 10.2.4 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #432:
URL: https://github.com/apache/myfaces-tobago/pull/432


   Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.0.2 to 
10.2.4.
   
   Release notes
   Sourced from https://github.com/postcss/autoprefixer/releases;>autoprefixer's 
releases.
   
   10.2.4
   
   Fixed browser names in npx autoprefixer --info.
   
   10.2.3
   
   Fixed PostCSS 8 support.
   
   10.2.2
   
   Fixed PostCSS 8 plugins compatibility.
   
   10.2.1
   
   Fixed transition-property warnings (by https://github.com/Sheraff;>@Sheraff).
   
   10.2 “Sub rosa”
   
   Autoprefixer 10.2 now has built-in TypeScript definitions. You do not 
need @types/autoprefixer anymore.
   Thanks to https://github.com/Semigradsky;>@Semigradsky and 
DefinitelyTyped’s contributors.
   https://github.com/Sheraff;>@Sheraff also 
improved docs.
   10.1 “Pula”
   
   Autoprefixer 10.1 improved min-resolution support.
   https://github.com/infusion;>@infusion added 
dpcm unit support and num2fraction with https://github.com/infusion/Fraction.js/;>Fraction.js, which uses 
Farey Sequences as a rational approximation (more precise) and simplifies the 
fraction using continued fractions to ɛ 0.001 afterward.
   /* input */
   @media (min-resolution: 113.38dpcm) {
 …
   }
   /* output */
   https://github.com/media;>@media 
(-webkit-min-device-pixel-ratio: 3),
   (min--moz-device-pixel-ratio: 3),
   (-o-min-device-pixel-ratio: 3/1),
   (min-resolution: 113.38dpcm) {
   …
   }
   
   10.0.4
   
   Fixed Cannot read property 'proxyOf' of undefined error (by 
https://github.com/igorkamyshev;>@igorkamyshev).
   
   10.0.3
   
   Fixed substract to subtract value for 
mask-composite (by https://github.com/crankysparrow;>@crankysparrow).
   
   
   
   
   Changelog
   Sourced from https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md;>autoprefixer's
 changelog.
   
   10.2.4
   
   Fixed browser names in npx autoprefixer --info.
   
   10.2.3
   
   Fixed PostCSS 8 support.
   
   10.2.2
   
   Fixed PostCSS 8 plugins compatibility.
   
   10.2.1
   
   Fixed transition-property warnings (by https://github.com/Sheraff;>@Sheraff).
   
   10.2 “Sub rosa”
   
   Added TypeScript definitions (by Dmitry Semigradsky).
   Fixed docs (by Florian Pellet).
   
   10.1 “Pula”
   
   Added dpcm unit support to min-resolution: 
2dppx (by Robert Eisele).
   Fixed rational approximation in min-resolution (by Robert 
Eisele).
   
   10.0.4
   
   Fixed Cannot read property 'proxyOf' of undefined error (by 
Igor Kamyshev).
   
   10.0.3
   
   Fixed substract to subtract value for 
mask-composite (by Michelle Enos).
   
   
   
   
   Commits
   
   https://github.com/postcss/autoprefixer/commit/61f71e9a8613b0c90357472d58fdcce26324ef4f;>61f71e9
 Release 10.2.4 version
   https://github.com/postcss/autoprefixer/commit/92747e324bb16edda46bba62e8a828a64e9c1bef;>92747e3
 Update dependencies
   https://github.com/postcss/autoprefixer/commit/76d8cdb87a8eaa37846e5b3ed72410995769bd80;>76d8cdb
 Add more browser names in --info
   https://github.com/postcss/autoprefixer/commit/7276fd23e221aea0468dfadcfc9a9303e2ee9fa9;>7276fd2
 Fix test coverage
   https://github.com/postcss/autoprefixer/commit/1b506649f35a6378d7e23643e60f86f6df4155c1;>1b50664
 Release 10.2.3 version
   https://github.com/postcss/autoprefixer/commit/5d52463998e114ebfabff239b555c035eaffe721;>5d52463
 Fix clone for PostCSS 8
   https://github.com/postcss/autoprefixer/commit/ee657801bcacd5bd0a037477487f2d39bfb5cc18;>ee65780
 Release 10.2.2 version
   https://github.com/postcss/autoprefixer/commit/8476c1d7fb72d8977403bb75f02d41611fbaf272;>8476c1d
 Move from Once event to OnceExit
   https://github.com/postcss/autoprefixer/commit/c3b166b8e2fd78a3fadd749944d2591abed0b8e0;>c3b166b
 Update dependencies
   https://github.com/postcss/autoprefixer/commit/d6b42f108ccf87d068dde353f9ed57235dc166f2;>d6b42f1
 Release 10.2.1 version
   Additional commits viewable in https://github.com/postcss/autoprefixer/compare/10.0.2...10.2.4;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=autoprefixer=npm_and_yarn=10.0.2=10.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #431: chore(deps-dev): bump prismjs from 1.22.0 to 1.23.0 in /tobago-example/tobago-example-demo/npm

[GitBox]

dependabot[bot] opened a new pull request #431:
URL: https://github.com/apache/myfaces-tobago/pull/431


   Bumps [prismjs](https://github.com/PrismJS/prism) from 1.22.0 to 1.23.0.
   
   Release notes
   Sourced from https://github.com/PrismJS/prism/releases;>prismjs's 
releases.
   
   v1.23.0
   New components
   
   Apex (https://github-redirect.dependabot.com/PrismJS/prism/issues/2622;>#2622)
 https://github.com/PrismJS/prism/commit/f0e2b70e;>f0e2b70e
   DataWeave (https://github-redirect.dependabot.com/PrismJS/prism/issues/2659;>#2659)
 https://github.com/PrismJS/prism/commit/0803525b;>0803525b
   PromQL (https://github-redirect.dependabot.com/PrismJS/prism/issues/2628;>#2628)
 https://github.com/PrismJS/prism/commit/8831c706;>8831c706
   
   Updated components
   
   Fixed multiple vulnerable regexes (https://github-redirect.dependabot.com/PrismJS/prism/issues/2584;>#2584)
 https://github.com/PrismJS/prism/commit/c2f6a644;>c2f6a644
   Apache Configuration
   
   Update directive-flag to match = (https://github-redirect.dependabot.com/PrismJS/prism/issues/2612;>#2612)
 https://github.com/PrismJS/prism/commit/00bf00e3;>00bf00e3
   
   
   C-like
   
   Made all comments greedy (https://github-redirect.dependabot.com/PrismJS/prism/issues/2680;>#2680)
 https://github.com/PrismJS/prism/commit/0a3932fe;>0a3932fe
   
   
   C
   
   Better class name and macro name detection (https://github-redirect.dependabot.com/PrismJS/prism/issues/2585;>#2585)
 https://github.com/PrismJS/prism/commit/129faf5c;>129faf5c
   
   
   Content-Security-Policy
   
   Added missing directives and keywords (https://github-redirect.dependabot.com/PrismJS/prism/issues/2664;>#2664)
 https://github.com/PrismJS/prism/commit/f1541342;>f1541342
   Do not highlight directive names with adjacent hyphens (https://github-redirect.dependabot.com/PrismJS/prism/issues/2662;>#2662)
 https://github.com/PrismJS/prism/commit/a7ccc16d;>a7ccc16d
   
   
   CSS
   
   Better HTML style attribute tokenization (https://github-redirect.dependabot.com/PrismJS/prism/issues/2569;>#2569)
 https://github.com/PrismJS/prism/commit/b04cbafe;>b04cbafe
   
   
   Java
   
   Improved package and class name detection (https://github-redirect.dependabot.com/PrismJS/prism/issues/2599;>#2599)
 https://github.com/PrismJS/prism/commit/0889bc7c;>0889bc7c
   Added Java 15 keywords (https://github-redirect.dependabot.com/PrismJS/prism/issues/2567;>#2567)
 https://github.com/PrismJS/prism/commit/73f81c89;>73f81c89
   
   
   Java stack trace
   
   Added support stack frame element class loaders and modules (https://github-redirect.dependabot.com/PrismJS/prism/issues/2658;>#2658)
 https://github.com/PrismJS/prism/commit/0bb4f096;>0bb4f096
   
   
   Julia
   
   Removed constants that are not exported by default (https://github-redirect.dependabot.com/PrismJS/prism/issues/2601;>#2601)
 https://github.com/PrismJS/prism/commit/093c8175;>093c8175
   
   
   Kotlin
   
   Added support for backticks in function names (https://github-redirect.dependabot.com/PrismJS/prism/issues/2489;>#2489)
 https://github.com/PrismJS/prism/commit/a5107d5c;>a5107d5c
   
   
   Latte
   
   Fixed exponential backtracking (https://github-redirect.dependabot.com/PrismJS/prism/issues/2682;>#2682)
 https://github.com/PrismJS/prism/commit/89f1e182;>89f1e182
   
   
   Markdown
   
   Improved URL tokenization (https://github-redirect.dependabot.com/PrismJS/prism/issues/2678;>#2678)
 https://github.com/PrismJS/prism/commit/2af3e2c2;>2af3e2c2
   Added support for YAML front matter (https://github-redirect.dependabot.com/PrismJS/prism/issues/2634;>#2634)
 https://github.com/PrismJS/prism/commit/5cf9cfbc;>5cf9cfbc
   
   
   PHP
   
   Added support for PHP 7.4 + other major improvements (https://github-redirect.dependabot.com/PrismJS/prism/issues/2566;>#2566)
 https://github.com/PrismJS/prism/commit/38808e64;>38808e64
   Added support for PHP 8.0 features (https://github-redirect.dependabot.com/PrismJS/prism/issues/2591;>#2591)
 https://github.com/PrismJS/prism/commit/df922d90;>df922d90
   Removed C-like dependency (https://github-redirect.dependabot.com/PrismJS/prism/issues/2619;>#2619)
 https://github.com/PrismJS/prism/commit/89ebb0b7;>89ebb0b7
   Fixed exponential backtracking (https://github-redirect.dependabot.com/PrismJS/prism/issues/2684;>#2684)
 https://github.com/PrismJS/prism/commit/37b9c9a1;>37b9c9a1
   
   
   Sass (Scss)
   
   Added support for Sass modules (https://github-redirect.dependabot.com/PrismJS/prism/issues/2643;>#2643)
 https://github.com/PrismJS/prism/commit/deb238a6;>deb238a6
   
   
   Scheme
   
   Fixed number pattern (https://github-redirect.dependabot.com/PrismJS/prism/issues/2648;>#2648)
 https://github.com/PrismJS/prism/commit/e01ecd00;>e01ecd00
   Fixed function and function-like false positives (https://github-redirect.dependabot.com/PrismJS/prism/issues/2611;>#2611)
 https://github.com/PrismJS/prism/commit/7951ca24;>7951ca24
   
   
   Shell session
   
   Fixed 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #429: chore(deps-dev): bump typescript from 4.1.3 to 4.1.5 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

dependabot[bot] opened a new pull request #429:
URL: https://github.com/apache/myfaces-tobago/pull/429


   Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.1.3 to 
4.1.5.
   
   Release notes
   Sourced from https://github.com/Microsoft/TypeScript/releases;>typescript's 
releases.
   
   TypeScript 4.1.5
   This release contains a fix for https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42718;>an
 issue when language service plugins have no specified name.
   TypeScript 4.1.4
   This release contains fixes for a https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42712;>security
 risk involving language service plugin loading. More details are available 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639;>here.
   
   
   
   Commits
   
   https://github.com/microsoft/TypeScript/commit/aace53f7d71af11e4b89dd074a1657964a22d0b4;>aace53f
 Bump version to 4.1.5 and LKG
   https://github.com/microsoft/TypeScript/commit/af0ad8089777ef8df16b0980b0972f1e214308fe;>af0ad80
 Handle if plugin doesnt specify name (https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/42720;>#42720)
   https://github.com/microsoft/TypeScript/commit/c329d68d4591d31d966ab64e0da579c95a1c5e1d;>c329d68
 Bump version to 4.1.4 and LKG
   https://github.com/microsoft/TypeScript/commit/7bc71732c1fd09d910433f7f020a2de312e9549f;>7bc7173
 Allow only package names as plugin names
   See full diff in https://github.com/Microsoft/TypeScript/compare/v4.1.3...v4.1.5;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript=npm_and_yarn=4.1.3=4.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #430: chore(deps-dev): bump sass from 1.32.4 to 1.32.7 in /tobago-theme/tobago-theme-speyside/npm

[GitBox]

dependabot[bot] opened a new pull request #430:
URL: https://github.com/apache/myfaces-tobago/pull/430


   Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.7.
   
   Release notes
   Sourced from https://github.com/sass/dart-sass/releases;>sass's releases.
   
   Dart Sass 1.32.7
   To install Sass 1.32.7, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1327;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.6
   To install Sass 1.32.6, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with   start and end 
set.
   
   See the https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1326;>full 
changelog for changes in earlier releases.
   Dart Sass 1.32.5
   To install Sass 1.32.5, download one of the packages below and https://katiek2.github.io/path-doc/;>add it to your PATH, or see https://sass-lang.com/install;>the Sass website for full installation 
instructions.
   Changes
   
   Potentially breaking bug fix: When using 
@for with numbers that have   units, the iteration variable now 
matches the unit of the initial number. This   matches the behavior of Ruby 
Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw   unexpected exceptions.
   
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/sass/dart-sass/blob/master/CHANGELOG.md;>sass's 
changelog.
   
   1.32.7
   
   
   Allow the null safety release of stream_transform.
   
   
   Allow @forward...with to take arguments that have a 
!default flag without
   a trailing comma.
   
   
   Improve the performance of unitless and single-unit numbers.
   
   
   1.32.6
   Node JS API
   
   Fix Electron support when nodeIntegration is disabled.
   
   Dart API
   
   All range checks for SassColor constructors now throw 
RangeErrors with
   start and end set.
   
   1.32.5
   
   Potentially breaking bug fix: When using 
@for with numbers that have
   units, the iteration variable now matches the unit of the initial number. 
This
   matches the behavior of Ruby Sass and LibSass.
   
   Node JS API
   
   
   Fix a few infrequent errors when calling render() with 
fiber multiple
   times simultaneously.
   
   
   Avoid possible mangled error messages when custom functions or importers 
throw
   unexpected exceptions.
   
   
   Fix Electron support when nodeIntegration is disabled.
   
   
   
   
   
   Commits
   
   https://github.com/sass/dart-sass/commit/1df37b1ee97525f7a600160cb841331af51958c0;>1df37b1
 Allow the null safety release of stream_transform (https://github-redirect.dependabot.com/sass/dart-sass/issues/1223;>#1223)
   https://github.com/sass/dart-sass/commit/cebf71b39e077f6e5ffd55cc72412a2fb49d78fe;>cebf71b
 Revert Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
 (https://github-redirect.dependabot.com/sass/dart-sass/issues/1229;>#1229)
   https://github.com/sass/dart-sass/commit/4ea9fff2bbc1eeb825c3a4bbb99b60acb6c06923;>4ea9fff
 Let last !default value of https://github.com/forward;>@forward...with be 
commaless. (https://github-redirect.dependabot.com/sass/dart-sass/issues/1226;>#1226)
   https://github.com/sass/dart-sass/commit/8afc238db7b0d947d1ebb1d15f6eb96a0cf137b9;>8afc238
 Limit the version of source_span (https://github-redirect.dependabot.com/sass/dart-sass/issues/1227;>#1227)
   https://github.com/sass/dart-sass/commit/2682992bd4e35eda5b97060b07c7ac9a49690b88;>2682992
 Split SassNumber into separate subclasses based on units (https://github-redirect.dependabot.com/sass/dart-sass/issues/1221;>#1221)
   https://github.com/sass/dart-sass/commit/e664ea8ee3bfb0eb717c1a8ca73ff86017837679;>e664ea8
 Merge pull request https://github-redirect.dependabot.com/sass/dart-sass/issues/1217;>#1217
 from Mstrodl/patch-5
   https://github.com/sass/dart-sass/commit/058cf0e4df2f948ebc1287140f183c71f59c2b53;>058cf0e
 Fix fuzzyAssertRange, RangeError takes ints as min/max
   

[GitHub] [myfaces-tobago] bohmber merged pull request #428: Master dependabot

[GitBox]

bohmber merged pull request #428:
URL: https://github.com/apache/myfaces-tobago/pull/428


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber opened a new pull request #428: Master dependabot

[GitBox]

bohmber opened a new pull request #428:
URL: https://github.com/apache/myfaces-tobago/pull/428


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #427: chore(deps): bump build-helper-maven-plugin from 1.9.1 to 3.2.0

[GitBox]

dependabot[bot] opened a new pull request #427:
URL: https://github.com/apache/myfaces-tobago/pull/427


   Bumps 
[build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin)
 from 1.9.1 to 3.2.0.
   
   Release notes
   Sourced from https://github.com/mojohaus/build-helper-maven-plugin/releases;>build-helper-maven-plugin's
 releases.
   
   build-helper-maven-plugin-3.2.0
   Changelog: https://github.com/mojohaus/build-helper-maven-plugin/milestone/6?closed=1;>https://github.com/mojohaus/build-helper-maven-plugin/milestone/6?closed=1
   build-helper-maven-plugin-3.1.0
   Changelog: https://github.com/mojohaus/build-helper-maven-plugin/issues?q=is%3Aissue+milestone%3A3.1.0+is%3Aclosed;>https://github.com/mojohaus/build-helper-maven-plugin/issues?q=is%3Aissue+milestone%3A3.1.0+is%3Aclosed
   
   
   
   Commits
   
   https://github.com/mojohaus/build-helper-maven-plugin/commit/46de6e1643feeb0eab7df3d8ed310c2a9040e307;>46de6e1
 [maven-release-plugin] prepare release build-helper-maven-plugin-3.2.0
   https://github.com/mojohaus/build-helper-maven-plugin/commit/2728bdcc4c8826259b10a106f8f8c5f6da56d8a5;>2728bdc
 Remove unused private fields
   https://github.com/mojohaus/build-helper-maven-plugin/commit/a5b414f8a28a084ce9b7e0b548ee05e668abd0b4;>a5b414f
 Remove description of missing parameter
   https://github.com/mojohaus/build-helper-maven-plugin/commit/9f3d182e72af4ca4bb1fdf0a42be64c5345df616;>9f3d182
 Merge pull request https://github-redirect.dependabot.com/mojohaus/build-helper-maven-plugin/issues/32;>#32
 from JeneJasper/master
   https://github.com/mojohaus/build-helper-maven-plugin/commit/0fd59ecd7bdb9e881fdba9c9469466dc5ce94347;>0fd59ec
 Set a property based on the maven.build.timestamp
   https://github.com/mojohaus/build-helper-maven-plugin/commit/e55760938b7f1f0b23e509fd01ce92967fae2c4b;>e557609
 Merge pull request https://github-redirect.dependabot.com/mojohaus/build-helper-maven-plugin/issues/92;>#92
 from mojohaus/issue/48
   https://github.com/mojohaus/build-helper-maven-plugin/commit/bfb998d5526b5d81e57db6a64d34e6adf5a931cd;>bfb998d
 cosmetic: remove unused import
   https://github.com/mojohaus/build-helper-maven-plugin/commit/777b05823915f5be64a907c957f67de1c510ea84;>777b058
 Fixes https://github-redirect.dependabot.com/mojohaus/build-helper-maven-plugin/issues/93;>#93
 Add profile to avoid showing warnings for maven plugin plugin goals...
   https://github.com/mojohaus/build-helper-maven-plugin/commit/f9585af3718ae940b7115af102e0a11b17cd8077;>f9585af
 Merge pull request https://github-redirect.dependabot.com/mojohaus/build-helper-maven-plugin/issues/76;>#76
 from gmatheu/site_regex-properties_value
   https://github.com/mojohaus/build-helper-maven-plugin/commit/933dccfd6493d515a311127eeefd39464ebbf239;>933dccf
 [Issue https://github-redirect.dependabot.com/mojohaus/build-helper-maven-plugin/issues/48;>#48]
 detect root project location also in special cases:
   Additional commits viewable in https://github.com/mojohaus/build-helper-maven-plugin/compare/build-helper-maven-plugin-1.9.1...build-helper-maven-plugin-3.2.0;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.codehaus.mojo:build-helper-maven-plugin=maven=1.9.1=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #426: chore(deps): bump geronimo-jcdi_2.0_spec from 1.0.1 to 1.3

[GitBox]

bohmber merged pull request #426:
URL: https://github.com/apache/myfaces-tobago/pull/426


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #425: chore(deps): bump meecrowave.version from 1.2.8 to 1.2.10

[GitBox]

bohmber merged pull request #425:
URL: https://github.com/apache/myfaces-tobago/pull/425


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #424: chore(deps): bump download-maven-plugin from 1.4.0 to 1.6.1

[GitBox]

bohmber merged pull request #424:
URL: https://github.com/apache/myfaces-tobago/pull/424


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #423: chore(deps): bump junit-platform-surefire-provider from 1.2.0 to 1.3.2

[GitBox]

bohmber merged pull request #423:
URL: https://github.com/apache/myfaces-tobago/pull/423


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #425: chore(deps): bump meecrowave.version from 1.2.8 to 1.2.10

[GitBox]

dependabot[bot] opened a new pull request #425:
URL: https://github.com/apache/myfaces-tobago/pull/425


   Bumps `meecrowave.version` from 1.2.8 to 1.2.10.
   Updates `meecrowave-core` from 1.2.8 to 1.2.10
   
   Commits
   
   https://github.com/apache/openwebbeans-meecrowave/commit/db9ceb9b914a9f5729726a7a66cd0df05717dc61;>db9ceb9
 [maven-release-plugin] prepare release meecrowave-1.2.10
   https://github.com/apache/openwebbeans-meecrowave/commit/e1d9d29772fe8abe06e933fa34900d040fd8fd79;>e1d9d29
 doclint=none
   https://github.com/apache/openwebbeans-meecrowave/commit/9e6650a3a0fb9c66689a9fcbd33763cba69dc76f;>9e6650a
 [MEECROWAVE-271] owb 2.0.20
   https://github.com/apache/openwebbeans-meecrowave/commit/6eb8ed5b2e8abda3417408ed94a7ea3ceb6607d8;>6eb8ed5
 another cxf workard for authorization_code flow 
(oauth2-require-user-to-start...
   https://github.com/apache/openwebbeans-meecrowave/commit/a050f92f60fe63ad96181003100572e1875eb6a4;>a050f92
 dropping cxf workaround since cxf 3.2 is released since a lot time now + 
addi...
   https://github.com/apache/openwebbeans-meecrowave/commit/2c22183b8c799b1ec988c402c5ef24ccb8f2250c;>2c22183
 [MEECROWAVE-270] forward CanSupportPublicClients for authorization_code 
flow
   https://github.com/apache/openwebbeans-meecrowave/commit/fe4c087a2a972d86d933c5edd67df7e4633964cd;>fe4c087
 excluding classes which shouldn't be scanned in oauth2 module
   https://github.com/apache/openwebbeans-meecrowave/commit/7be50368035c8d14266e9441397349b45d166ad3;>7be5036
 ensure oauth2 module can run in classloader proxy mode
   https://github.com/apache/openwebbeans-meecrowave/commit/bd2f4941372d65403e27d7d245fd81bedd730395;>bd2f494
 make it simpler to customize the jwt by making the callbacks in 
oauth2configu...
   https://github.com/apache/openwebbeans-meecrowave/commit/279d2fd1eea662f4e25f94a2104c08e71f113b99;>279d2fd
 minor updated to build on java 11 and upgrade jbake for the doc
   Additional commits viewable in https://github.com/apache/openwebbeans-meecrowave/compare/meecrowave-1.2.8...meecrowave-1.2.10;>compare
 view
   
   
   
   
   Updates `meecrowave-maven-plugin` from 1.2.8 to 1.2.10
   
   Commits
   
   https://github.com/apache/openwebbeans-meecrowave/commit/db9ceb9b914a9f5729726a7a66cd0df05717dc61;>db9ceb9
 [maven-release-plugin] prepare release meecrowave-1.2.10
   https://github.com/apache/openwebbeans-meecrowave/commit/e1d9d29772fe8abe06e933fa34900d040fd8fd79;>e1d9d29
 doclint=none
   https://github.com/apache/openwebbeans-meecrowave/commit/9e6650a3a0fb9c66689a9fcbd33763cba69dc76f;>9e6650a
 [MEECROWAVE-271] owb 2.0.20
   https://github.com/apache/openwebbeans-meecrowave/commit/6eb8ed5b2e8abda3417408ed94a7ea3ceb6607d8;>6eb8ed5
 another cxf workard for authorization_code flow 
(oauth2-require-user-to-start...
   https://github.com/apache/openwebbeans-meecrowave/commit/a050f92f60fe63ad96181003100572e1875eb6a4;>a050f92
 dropping cxf workaround since cxf 3.2 is released since a lot time now + 
addi...
   https://github.com/apache/openwebbeans-meecrowave/commit/2c22183b8c799b1ec988c402c5ef24ccb8f2250c;>2c22183
 [MEECROWAVE-270] forward CanSupportPublicClients for authorization_code 
flow
   https://github.com/apache/openwebbeans-meecrowave/commit/fe4c087a2a972d86d933c5edd67df7e4633964cd;>fe4c087
 excluding classes which shouldn't be scanned in oauth2 module
   https://github.com/apache/openwebbeans-meecrowave/commit/7be50368035c8d14266e9441397349b45d166ad3;>7be5036
 ensure oauth2 module can run in classloader proxy mode
   https://github.com/apache/openwebbeans-meecrowave/commit/bd2f4941372d65403e27d7d245fd81bedd730395;>bd2f494
 make it simpler to customize the jwt by making the callbacks in 
oauth2configu...
   https://github.com/apache/openwebbeans-meecrowave/commit/279d2fd1eea662f4e25f94a2104c08e71f113b99;>279d2fd
 minor updated to build on java 11 and upgrade jbake for the doc
   Additional commits viewable in https://github.com/apache/openwebbeans-meecrowave/compare/meecrowave-1.2.8...meecrowave-1.2.10;>compare
 view
   
   
   
   
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #426: chore(deps): bump geronimo-jcdi_2.0_spec from 1.0.1 to 1.3

[GitBox]

dependabot[bot] opened a new pull request #426:
URL: https://github.com/apache/myfaces-tobago/pull/426


   Bumps geronimo-jcdi_2.0_spec from 1.0.1 to 1.3.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.geronimo.specs:geronimo-jcdi_2.0_spec=maven=1.0.1=1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #422: chore(deps): bump guava from 29.0-jre to 30.1-jre

[GitBox]

bohmber merged pull request #422:
URL: https://github.com/apache/myfaces-tobago/pull/422


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #421: chore(deps-dev): bump junit-jupiter from 1.15.1 to 1.15.2

[GitBox]

bohmber merged pull request #421:
URL: https://github.com/apache/myfaces-tobago/pull/421


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #420: chore(deps): bump maven-clean-plugin from 2.6.1 to 3.1.0

[GitBox]

bohmber merged pull request #420:
URL: https://github.com/apache/myfaces-tobago/pull/420


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] bohmber merged pull request #419: chore(deps-dev): bump testcontainers from 1.15.1 to 1.15.2

[GitBox]

bohmber merged pull request #419:
URL: https://github.com/apache/myfaces-tobago/pull/419


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #424: chore(deps): bump download-maven-plugin from 1.4.0 to 1.6.1

[GitBox]

dependabot[bot] opened a new pull request #424:
URL: https://github.com/apache/myfaces-tobago/pull/424


   Bumps 
[download-maven-plugin](https://github.com/maven-download-plugin/maven-download-plugin)
 from 1.4.0 to 1.6.1.
   
   Release notes
   Sourced from https://github.com/maven-download-plugin/maven-download-plugin/releases;>download-maven-plugin's
 releases.
   
   Offline mode and nonProxy
   Respects offline mode and nonProxy host configuration
   Thread-safe
   Now the plugin is thread-safe (for the cost of Java 8+) and supports 
custom HTTP headers
   Works behind https proxies
   No release notes provided.
   1.5.0
   No release notes provided.
   
   
   
   Commits
   
   https://github.com/maven-download-plugin/maven-download-plugin/commit/ca7a17d27f6b9612d4be12baee36dcf994010549;>ca7a17d
 Release 1.6.1
   https://github.com/maven-download-plugin/maven-download-plugin/commit/1ecbc648f015fe81f5de6664b01ded163d1a6b13;>1ecbc64
 https://github-redirect.dependabot.com/maven-download-plugin/maven-download-plugin/issues/174;>#174
 Respect nonProxy host configuration
   https://github.com/maven-download-plugin/maven-download-plugin/commit/42e401f18166b70ec7084bacdfbce8f98bbb15ae;>42e401f
 https://github-redirect.dependabot.com/maven-download-plugin/maven-download-plugin/issues/24;>#24
 Respect offline mode
   https://github.com/maven-download-plugin/maven-download-plugin/commit/6bd077744b1da45ab52bcdd1bdf7d25cb71f7803;>6bd0777
 https://github-redirect.dependabot.com/maven-download-plugin/maven-download-plugin/issues/170;>#170
 fix broken link in ITs
   https://github.com/maven-download-plugin/maven-download-plugin/commit/4ecfdec7a69f5e79271e538cbdca2911b6867c61;>4ecfdec
 Bump junit from 4.12 to 4.13.1
   https://github.com/maven-download-plugin/maven-download-plugin/commit/4afb8d29b4a0a035b228831b4e07fbdc767a4ef3;>4afb8d2
 fix broken link in ITs
   https://github.com/maven-download-plugin/maven-download-plugin/commit/c1bd6053c866f062c1372f9ca937812a782f40d3;>c1bd605
 https://github-redirect.dependabot.com/maven-download-plugin/maven-download-plugin/issues/167;>#167
 Lower log level for redundant entries
   https://github.com/maven-download-plugin/maven-download-plugin/commit/e5d69ae0285a99d6d1722e55642e6285a95432a4;>e5d69ae
 bump to 1.6.1-SNAPSHOT
   https://github.com/maven-download-plugin/maven-download-plugin/commit/ad80a584a92662b423bde6cca78173c182c45049;>ad80a58
 Release 1.6.0
   https://github.com/maven-download-plugin/maven-download-plugin/commit/e7a3c9d7cdbf1c206d4cf9844fec380eadb54651;>e7a3c9d
 use a map instead of a list for headers parameter
   Additional commits viewable in https://github.com/maven-download-plugin/maven-download-plugin/compare/1.4.0...1.6.1;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.googlecode.maven-download-plugin:download-maven-plugin=maven=1.4.0=1.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #419: chore(deps-dev): bump testcontainers from 1.15.1 to 1.15.2

[GitBox]

dependabot[bot] opened a new pull request #419:
URL: https://github.com/apache/myfaces-tobago/pull/419


   Bumps 
[testcontainers](https://github.com/testcontainers/testcontainers-java) from 
1.15.1 to 1.15.2.
   
   Release notes
   Sourced from https://github.com/testcontainers/testcontainers-java/releases;>testcontainers's
 releases.
   
   1.15.2
   What's Changed
   
   What 1984 means to you? To us, this number means PR https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/1984;>#1984,
 one of the oldest PRs we had open and... finally merged!  Thanks to an 
amazing contribution by https://github.com/seglo;>@seglo, we now provide an 
example of testing Kafka clusters where multiple KafkaContainers 
are connected into one network. Try it!
   Another old PR is https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3180;>#3180
 by https://github.com/oussamabadr;>@oussamabadr. 
Those of you who run Selenium tests with Testcontainers will appreciate this 
newly added option to use (scrollable!) MP4 format instead of FLV.
   The connection with Ryuk (our watchdog sidecar container) now sets the 
socket timeout and retries the failures - helps with some rare networking edge 
cases. (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3682;>#3682)
 https://github.com/diegolovison;>@diegolovison
   The logs consumer no longer adds extra new lines thanks to https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3752;>#3752
 by https://github.com/perlun;>@perlun
   Locally built images no longer get affected by the 
hub.image.name.prefix setting! (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3666;>#3666)
 https://github.com/reda-alaoui;>@reda-alaoui
   Jackson dependency is now forced to an older version to help with 
NoClassDefFoundError 
(com/fasterxml/jackson/annotation/JsonMerge).
   
   And more!
    Features  Enhancements
   
   Switch to Presto image hosted on GHCR (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3667;>#3667)
 https://github.com/findepi;>@findepi
   Implement getDatabaseName() in CockroachContainer (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3778;>#3778)
 https://github.com/croemmich;>@croemmich
   Make recorder .flv videos scrollable (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/512;>#512)
 (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3180;>#3180)
 https://github.com/oussamabadr;>@oussamabadr
   Support HTTP headers on HttpWaitStrategy (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/2549;>#2549)
 https://github.com/renatomefi;>@renatomefi
   Show port mappings in HttpWaitStrategy (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/2341;>#2341)
 https://github.com/aguibert;>@aguibert
   Support newer versions of CockroachDB by changing the docker command (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3608;>#3608)
 https://github.com/giger85;>@giger85
   Improve logging for port listener (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3736;>#3736)
 https://github.com/artjomka;>@artjomka
   couchbase: wait until all services are part of the config (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3003;>#3003)
 https://github.com/daschl;>@daschl
   Support Ryuk socket timeout (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3682;>#3682)
 https://github.com/diegolovison;>@diegolovison
   Add init command parameter to Vault container (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3188;>#3188)
 https://github.com/tandrup;>@tandrup
   Startables#deepStart with varargs (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3261;>#3261)
 https://github.com/jochenchrist;>@jochenchrist
   
    Bug Fixes
   
   Remove extra newlines in container log output (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3752;>#3752)
 https://github.com/perlun;>@perlun
   Fix handling of locally built images when used with 
hub.image.name.prefix (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3666;>#3666)
 https://github.com/reda-alaoui;>@reda-alaoui
   
    Documentation
   
   Kafka cluster example (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/1984;>#1984,
 https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3758;>#3758)
 https://github.com/seglo;>@seglo
   Documentation PostGIS JDBC url sample version update (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3606;>#3606)
 https://github.com/aulea;>@aulea
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #422: chore(deps): bump guava from 29.0-jre to 30.1-jre

[GitBox]

dependabot[bot] opened a new pull request #422:
URL: https://github.com/apache/myfaces-tobago/pull/422


   Bumps [guava](https://github.com/google/guava) from 29.0-jre to 30.1-jre.
   
   Release notes
   Sourced from https://github.com/google/guava/releases;>guava's releases.
   
   30.1
   Maven
   dependency
 groupIdcom.google.guava/groupId
 artifactIdguava/artifactId
 version30.1-jre/version
 !-- or, for Android: --
 version30.1-android/version
   /dependency
   
   Javadoc
   
   http://guava.dev/releases/30.1-jre/api/docs/;>30.1-jre
   http://guava.dev/releases/30.1-android/api/docs/;>30.1-android
   
   JDiff
   
   http://guava.dev/releases/30.1-jre/api/diffs/;>30.1-jre vs. 
30.0-jre
   http://guava.dev/releases/30.1-android/api/diffs/;>30.1-android 
vs. 30.0-android
   http://guava.dev/releases/30.1-android/api/androiddiffs/;>30.1-android 
vs. 30.1-jre
   
   Changelog
   
   If you use guava-android in an Android project (as opposed to from a 
Java VM), you will need to https://developer.android.com/studio/write/java8-support.html#supported_features;>enable
 desugaring of Java 8 language features if you have not already 
done so. (And if you are releasing an Android library, then anyone who 
uses that library will also have to enable desugaring.) We expect for nearly 
all Android projects to have already enabled desugaring. But if this causes 
problems for you, please let us know on [issue https://github-redirect.dependabot.com/google/guava/issues/5358;>#5358](https://github-redirect.dependabot.com/google/guava/issues/5358;>google/guava#5358).
 The purpose of this change is to detect potential problems for users now so 
that we can plan to use Java 8 language features in our implementation later 
this year.
   Introduced a warning log message when running guava-android 
under a Java 7 VM. (Android VMs are unaffected, aside from the need to use 
desugaring, described in the previous bullet.) This warning is not 
guaranteed to be logged when running under Java 7, so please don't 
rely on it as your only warning about future problems. If the warning 
itself causes you trouble, you can eliminate it by silencing the 
logger for com.google.common.base.MoreObjects$ToStringHelper 
(which is used only for this warning). This warning prepares for https://github-redirect.dependabot.com/google/guava/issues/5269;>removing 
support for Java 7 in 2021. Please report any problems. We have tried to 
make the warning as safe as possible, but anytime a common library logs, there 
is the potential for https://stackoverflow.com/a/41017717/28465;>NullPointerException
 or even https://stackoverflow.com/a/48009613/284
 65">deadlock. (To be clear, Guava will not log under Java 8 or 
Android, but it may log under Java 7.) (dc52e6e385)
   base: Deprecated 
StandardSystemProperty.JAVA_EXT_DIRS. We do not plan to remove the 
API, but note that, under recent versions of Java, that property always has a 
value of null. (38abf07772)
   net: Added HttpHeaders constants for 
Origin-Isolation and X-Request-ID. (a48fb4f724, 
8319d201cd)
   reflect: Added ClassInfo.isTopLevel(). 
(410627262b)
   util.concurrent: Added 
ClosingFuture.submitAsync(AsyncClosingCallable). (c5e2d8d5cb)
   
   30.0
   Maven
   dependency
 groupIdcom.google.guava/groupId
 artifactIdguava/artifactId
 version30.0-jre/version
 !-- or, for Android: --
 version30.0-android/version
   /dependency
   
   Javadoc
   
   http://guava.dev/releases/30.0-jre/api/docs/;>30.0-jre
   http://guava.dev/releases/30.0-android/api/docs/;>30.0-android
   
   
   
   ... (truncated)
   
   
   Commits
   
   See full diff in https://github.com/google/guava/commits;>compare view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.guava:guava=maven=29.0-jre=30.1-jre)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same 

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #423: chore(deps): bump junit-platform-surefire-provider from 1.2.0 to 1.3.2

[GitBox]

dependabot[bot] opened a new pull request #423:
URL: https://github.com/apache/myfaces-tobago/pull/423


   Bumps 
[junit-platform-surefire-provider](https://github.com/junit-team/junit5) from 
1.2.0 to 1.3.2.
   
   Commits
   
   See full diff in https://github.com/junit-team/junit5/commits;>compare view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.platform:junit-platform-surefire-provider=maven=1.2.0=1.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #421: chore(deps-dev): bump junit-jupiter from 1.15.1 to 1.15.2

[GitBox]

dependabot[bot] opened a new pull request #421:
URL: https://github.com/apache/myfaces-tobago/pull/421


   Bumps [junit-jupiter](https://github.com/testcontainers/testcontainers-java) 
from 1.15.1 to 1.15.2.
   
   Release notes
   Sourced from https://github.com/testcontainers/testcontainers-java/releases;>junit-jupiter's
 releases.
   
   1.15.2
   What's Changed
   
   What 1984 means to you? To us, this number means PR https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/1984;>#1984,
 one of the oldest PRs we had open and... finally merged!  Thanks to an 
amazing contribution by https://github.com/seglo;>@seglo, we now provide an 
example of testing Kafka clusters where multiple KafkaContainers 
are connected into one network. Try it!
   Another old PR is https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3180;>#3180
 by https://github.com/oussamabadr;>@oussamabadr. 
Those of you who run Selenium tests with Testcontainers will appreciate this 
newly added option to use (scrollable!) MP4 format instead of FLV.
   The connection with Ryuk (our watchdog sidecar container) now sets the 
socket timeout and retries the failures - helps with some rare networking edge 
cases. (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3682;>#3682)
 https://github.com/diegolovison;>@diegolovison
   The logs consumer no longer adds extra new lines thanks to https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3752;>#3752
 by https://github.com/perlun;>@perlun
   Locally built images no longer get affected by the 
hub.image.name.prefix setting! (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3666;>#3666)
 https://github.com/reda-alaoui;>@reda-alaoui
   Jackson dependency is now forced to an older version to help with 
NoClassDefFoundError 
(com/fasterxml/jackson/annotation/JsonMerge).
   
   And more!
    Features  Enhancements
   
   Switch to Presto image hosted on GHCR (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3667;>#3667)
 https://github.com/findepi;>@findepi
   Implement getDatabaseName() in CockroachContainer (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3778;>#3778)
 https://github.com/croemmich;>@croemmich
   Make recorder .flv videos scrollable (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/512;>#512)
 (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3180;>#3180)
 https://github.com/oussamabadr;>@oussamabadr
   Support HTTP headers on HttpWaitStrategy (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/2549;>#2549)
 https://github.com/renatomefi;>@renatomefi
   Show port mappings in HttpWaitStrategy (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/2341;>#2341)
 https://github.com/aguibert;>@aguibert
   Support newer versions of CockroachDB by changing the docker command (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3608;>#3608)
 https://github.com/giger85;>@giger85
   Improve logging for port listener (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3736;>#3736)
 https://github.com/artjomka;>@artjomka
   couchbase: wait until all services are part of the config (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3003;>#3003)
 https://github.com/daschl;>@daschl
   Support Ryuk socket timeout (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3682;>#3682)
 https://github.com/diegolovison;>@diegolovison
   Add init command parameter to Vault container (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3188;>#3188)
 https://github.com/tandrup;>@tandrup
   Startables#deepStart with varargs (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3261;>#3261)
 https://github.com/jochenchrist;>@jochenchrist
   
    Bug Fixes
   
   Remove extra newlines in container log output (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3752;>#3752)
 https://github.com/perlun;>@perlun
   Fix handling of locally built images when used with 
hub.image.name.prefix (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3666;>#3666)
 https://github.com/reda-alaoui;>@reda-alaoui
   
    Documentation
   
   Kafka cluster example (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/1984;>#1984,
 https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3758;>#3758)
 https://github.com/seglo;>@seglo
   Documentation PostGIS JDBC url sample version update (https://github-redirect.dependabot.com/testcontainers/testcontainers-java/issues/3606;>#3606)
 https://github.com/aulea;>@aulea
   

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #420: chore(deps): bump maven-clean-plugin from 2.6.1 to 3.1.0

[GitBox]

dependabot[bot] opened a new pull request #420:
URL: https://github.com/apache/myfaces-tobago/pull/420


   Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) 
from 2.6.1 to 3.1.0.
   
   Commits
   
   https://github.com/apache/maven-clean-plugin/commit/8ac2ccfb71422dee2588b7ab25f34c6a7a85c8cc;>8ac2ccf
 [maven-release-plugin] prepare release maven-clean-plugin-3.1.0
   https://github.com/apache/maven-clean-plugin/commit/98988457297d772417a4486ead881ef061c7e939;>9898845
 Fixed JavaDoc issues.
   https://github.com/apache/maven-clean-plugin/commit/34fe513e59c28e14a4b5a4a3904822433b9323b5;>34fe513
 [MCLEAN-85] - Upgrade maven-shared-utils to 3.2.1
   https://github.com/apache/maven-clean-plugin/commit/f472d8df28016d656bc5e9243f9d8e2c5639f278;>f472d8d
 [MCLEAN-84] - Lift JDK minimum to JDK 7
   https://github.com/apache/maven-clean-plugin/commit/e93f1e7bdcbebaf4fe46c7fe702ccf468f8ae09e;>e93f1e7
 [MCLEAN-84] - Lift JDK minimum to JDK 7
   https://github.com/apache/maven-clean-plugin/commit/48b7e893a8dff19a8efd78b46b8b628b6bed5897;>48b7e89
 [MCLEAN-83] - Upgrade mave-surefire/failsafe-plugin 2.21.0
   https://github.com/apache/maven-clean-plugin/commit/a9ecc43bad0be05c27d653f702a7e5f5b87fc580;>a9ecc43
 [MNGSITE-332] - Changed download templates of plugins not to reference .md5 
a...
   https://github.com/apache/maven-clean-plugin/commit/15df23c5e06442c25544702ed687f60d0d58c2bc;>15df23c
 [MCLEAN-83] - Upgrade mave-surefire/failsafe-plugin 2.21.0
   https://github.com/apache/maven-clean-plugin/commit/05512afff435506feb74713742956b5d0cd4ab88;>05512af
 [MCLEAN-81] - Upgrade parent to 31
   https://github.com/apache/maven-clean-plugin/commit/0666d811db83356a419bfdd1b872e4a1d96f928d;>0666d81
 [MCLEAN-80] Upgrade maven-shared-utils to 3.2.0
   Additional commits viewable in https://github.com/apache/maven-clean-plugin/compare/maven-clean-plugin-2.6.1...maven-clean-plugin-3.1.0;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-clean-plugin=maven=2.6.1=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   
   
   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org