svn commit: r1085222 - in /websites/production/commons/content/proper/commons-bcel: ./ apidocs/ apidocs/org/apache/bcel/ apidocs/org/apache/bcel/class-use/ apidocs/org/apache/bcel/classfile/ apidocs/o
Author: ggregory Date: Sat Jan 13 02:24:19 2024 New Revision: 1085222 Log: Site checkin for project Apache Commons BCEL [This commit notification would consist of 101 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.]
[Math] Change on branch "master": Commons » commons-math - Build # 662 - Fixed!
Commons » commons-math - Build # 662 - Fixed: Check console output at https://ci-builds.apache.org/job/Commons/job/commons-math/662/ to view the results.
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-beanutils]
dependabot[bot] opened a new pull request, #200: URL: https://github.com/apache/commons-beanutils/pull/200 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-beanutils]
dependabot[bot] opened a new pull request, #199: URL: https://github.com/apache/commons-beanutils/pull/199 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-beanutils]
dependabot[bot] opened a new pull request, #198: URL: https://github.com/apache/commons-beanutils/pull/198 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-validator]
dependabot[bot] opened a new pull request, #174: URL: https://github.com/apache/commons-validator/pull/174 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-validator]
dependabot[bot] opened a new pull request, #173: URL: https://github.com/apache/commons-validator/pull/173 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-validator]
dependabot[bot] opened a new pull request, #172: URL: https://github.com/apache/commons-validator/pull/172 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[statistics] Change on branch "master": Commons » commons-statistics - Build # 430 - Failure!
Commons » commons-statistics - Build # 430 - Failure: Check console output at https://ci-builds.apache.org/job/Commons/job/commons-statistics/430/ to view the results.
[GH] (commons-statistics): Workflow run "Java CI" is working again!
The GitHub Actions job "Java CI" on commons-statistics.git has succeeded. Run started by GitHub user asfgit (triggered by asfgit). Head commit for run: d6fb3cfeb4f41bdb092ee50e2f449060fcf84f3f / Alex Herbert Checkstyle: line length Report URL: https://github.com/apache/commons-statistics/actions/runs/7508230543 With regards, GitHub Actions via GitBox
[GH] (commons-statistics): Workflow run "Java CI" failed!
The GitHub Actions job "Java CI" on commons-statistics.git has failed. Run started by GitHub user asfgit (triggered by asfgit). Head commit for run: 6d4c4128c2d92fbd78f62876a8784cd13f72c6c1 / Alex Herbert Increase test tolerance for long sum vs double sum Report URL: https://github.com/apache/commons-statistics/actions/runs/7508164606 With regards, GitHub Actions via GitBox
Re: [PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-text]
codecov-commenter commented on PR #485: URL: https://github.com/apache/commons-text/pull/485#issuecomment-1889929823 ## [Codecov](https://app.codecov.io/gh/apache/commons-text/pull/485?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`7752487`)](https://app.codecov.io/gh/apache/commons-text/commit/775248705db28bf4268fbf4f93a8f6606fe88c3b?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 97.02% compared to head [(`85b49cf`)](https://app.codecov.io/gh/apache/commons-text/pull/485?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 97.02%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #485 +/- ## = Coverage 97.02% 97.02% Complexity 2343 2343 = Files86 86 Lines 5789 5789 Branches938 938 = Hits 5617 5617 Misses 94 94 Partials 78 78 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-text/pull/485?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-text]
codecov-commenter commented on PR #486: URL: https://github.com/apache/commons-text/pull/486#issuecomment-1889929499 ## [Codecov](https://app.codecov.io/gh/apache/commons-text/pull/486?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`7752487`)](https://app.codecov.io/gh/apache/commons-text/commit/775248705db28bf4268fbf4f93a8f6606fe88c3b?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 97.02% compared to head [(`bff9cf1`)](https://app.codecov.io/gh/apache/commons-text/pull/486?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 97.02%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #486 +/- ## = Coverage 97.02% 97.02% Complexity 2343 2343 = Files86 86 Lines 5789 5789 Branches938 938 = Hits 5617 5617 Misses 94 94 Partials 78 78 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-text/pull/486?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-text]
dependabot[bot] opened a new pull request, #486: URL: https://github.com/apache/commons-text/pull/486 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-text]
dependabot[bot] opened a new pull request, #487: URL: https://github.com/apache/commons-text/pull/487 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-text]
dependabot[bot] opened a new pull request, #485: URL: https://github.com/apache/commons-text/pull/485 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating
[PR] Bump org.slf4j:slf4j-jdk14 from 2.0.10 to 2.0.11 [commons-email]
dependabot[bot] opened a new pull request, #200: URL: https://github.com/apache/commons-email/pull/200 Bumps org.slf4j:slf4j-jdk14 from 2.0.10 to 2.0.11. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-jdk14=maven=2.0.10=2.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-email]
dependabot[bot] opened a new pull request, #199: URL: https://github.com/apache/commons-email/pull/199 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-email]
dependabot[bot] opened a new pull request, #198: URL: https://github.com/apache/commons-email/pull/198 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-email]
dependabot[bot] opened a new pull request, #197: URL: https://github.com/apache/commons-email/pull/197 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-bcel]
dependabot[bot] opened a new pull request, #259: URL: https://github.com/apache/commons-bcel/pull/259 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-bcel]
dependabot[bot] opened a new pull request, #258: URL: https://github.com/apache/commons-bcel/pull/258 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-bcel]
dependabot[bot] opened a new pull request, #257: URL: https://github.com/apache/commons-bcel/pull/257 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-rdf]
dependabot[bot] opened a new pull request, #183: URL: https://github.com/apache/commons-rdf/pull/183 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-rdf]
dependabot[bot] opened a new pull request, #181: URL: https://github.com/apache/commons-rdf/pull/181 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-rdf]
dependabot[bot] opened a new pull request, #182: URL: https://github.com/apache/commons-rdf/pull/182 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating
Re: [PR] Bump org.slf4j:slf4j-simple from 1.7.26 to 2.0.10 [commons-rdf]
dependabot[bot] commented on PR #179: URL: https://github.com/apache/commons-rdf/pull/179#issuecomment-1889806365 Superseded by #180. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.slf4j:slf4j-simple from 1.7.26 to 2.0.10 [commons-rdf]
dependabot[bot] closed pull request #179: Bump org.slf4j:slf4j-simple from 1.7.26 to 2.0.10 URL: https://github.com/apache/commons-rdf/pull/179 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.slf4j:slf4j-simple from 1.7.26 to 2.0.11 [commons-rdf]
dependabot[bot] opened a new pull request, #180: URL: https://github.com/apache/commons-rdf/pull/180 Bumps org.slf4j:slf4j-simple from 1.7.26 to 2.0.11. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-simple=maven=1.7.26=2.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-jxpath]
codecov-commenter commented on PR #102: URL: https://github.com/apache/commons-jxpath/pull/102#issuecomment-1889768922 ## [Codecov](https://app.codecov.io/gh/apache/commons-jxpath/pull/102?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`4249dd5`)](https://app.codecov.io/gh/apache/commons-jxpath/commit/4249dd50f305174f0b7fd61977bbf1775cb6f45c?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21% compared to head [(`8af0306`)](https://app.codecov.io/gh/apache/commons-jxpath/pull/102?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21%. > Report is 1 commits behind head on master. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #102 +/- ## = Coverage 69.21% 69.21% Complexity 3121 3121 = Files 152 152 Lines 9575 9575 Branches 2003 2003 = Hits 6627 6627 Misses 2155 2155 Partials793 793 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-jxpath/pull/102?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-jxpath]
codecov-commenter commented on PR #103: URL: https://github.com/apache/commons-jxpath/pull/103#issuecomment-1889766054 ## [Codecov](https://app.codecov.io/gh/apache/commons-jxpath/pull/103?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`4249dd5`)](https://app.codecov.io/gh/apache/commons-jxpath/commit/4249dd50f305174f0b7fd61977bbf1775cb6f45c?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21% compared to head [(`3a57029`)](https://app.codecov.io/gh/apache/commons-jxpath/pull/103?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21%. > Report is 1 commits behind head on master. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #103 +/- ## = Coverage 69.21% 69.21% Complexity 3121 3121 = Files 152 152 Lines 9575 9575 Branches 2003 2003 = Hits 6627 6627 Misses 2155 2155 Partials793 793 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-jxpath/pull/103?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-jxpath]
codecov-commenter commented on PR #101: URL: https://github.com/apache/commons-jxpath/pull/101#issuecomment-1889765486 ## [Codecov](https://app.codecov.io/gh/apache/commons-jxpath/pull/101?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`4249dd5`)](https://app.codecov.io/gh/apache/commons-jxpath/commit/4249dd50f305174f0b7fd61977bbf1775cb6f45c?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21% compared to head [(`43a0dd4`)](https://app.codecov.io/gh/apache/commons-jxpath/pull/101?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 69.21%. > Report is 1 commits behind head on master. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #101 +/- ## = Coverage 69.21% 69.21% Complexity 3121 3121 = Files 152 152 Lines 9575 9575 Branches 2003 2003 = Hits 6627 6627 Misses 2155 2155 Partials793 793 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-jxpath/pull/101?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-jxpath]
dependabot[bot] opened a new pull request, #103: URL: https://github.com/apache/commons-jxpath/pull/103 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-jxpath]
dependabot[bot] opened a new pull request, #102: URL: https://github.com/apache/commons-jxpath/pull/102 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-jxpath]
dependabot[bot] opened a new pull request, #101: URL: https://github.com/apache/commons-jxpath/pull/101 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-fileupload]
dependabot[bot] opened a new pull request, #263: URL: https://github.com/apache/commons-fileupload/pull/263 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-fileupload]
dependabot[bot] opened a new pull request, #262: URL: https://github.com/apache/commons-fileupload/pull/262 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-fileupload]
dependabot[bot] opened a new pull request, #264: URL: https://github.com/apache/commons-fileupload/pull/264 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean
[GH] (commons-vfs): Workflow run "Java CI" is working again!
The GitHub Actions job "Java CI" on commons-vfs.git has succeeded. Run started by GitHub user dependabot[bot] (triggered by garydgregory). Head commit for run: 4d739146ce28df73f8438b72b8179cfb4dcdb379 / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump github/codeql-action from 3.22.12 to 3.23.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e5f05b81d5b6ff8cfa111c80c22c5fd02a384118) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-vfs/actions/runs/7501646029 With regards, GitHub Actions via GitBox
[GH] (commons-imaging): Workflow run "Java CI" is working again!
The GitHub Actions job "Java CI" on commons-imaging.git has succeeded. Run started by GitHub user garydgregory (triggered by garydgregory). Head commit for run: ca3314f7e7686b74d3b514193779ece61b36d87a / Gary Gregory Merge pull request #350 from apache/dependabot/github_actions/actions/upload-artifact-4.1.0 Bump actions/upload-artifact from 4.0.0 to 4.1.0 Report URL: https://github.com/apache/commons-imaging/actions/runs/7505734735 With regards, GitHub Actions via GitBox
[GH] (commons-imaging): Workflow run "Java CI" failed!
The GitHub Actions job "Java CI" on commons-imaging.git has failed. Run started by GitHub user garydgregory (triggered by garydgregory). Head commit for run: daa80eb29710c336b48a0cc311a4c68d52cb5cbf / Gary Gregory Merge pull request #348 from apache/dependabot/github_actions/github/codeql-action-3.23.0 Bump github/codeql-action from 3.22.12 to 3.23.0 Report URL: https://github.com/apache/commons-imaging/actions/runs/7505732774 With regards, GitHub Actions via GitBox
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-exec]
dependabot[bot] opened a new pull request, #148: URL: https://github.com/apache/commons-exec/pull/148 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-exec]
dependabot[bot] opened a new pull request, #146: URL: https://github.com/apache/commons-exec/pull/146 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-exec]
dependabot[bot] opened a new pull request, #147: URL: https://github.com/apache/commons-exec/pull/147 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-imaging]
dependabot[bot] opened a new pull request, #349: URL: https://github.com/apache/commons-imaging/pull/349 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/upload-artifact from 4.0.0 to 4.1.0 [commons-imaging]
dependabot[bot] opened a new pull request, #350: URL: https://github.com/apache/commons-imaging/pull/350 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.1.0 What's Changed Add migrations docs by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/482;>actions/upload-artifact#482 Update README.md by https://github.com/samuelwine;>@samuelwine in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Support artifact-url output by https://github.com/konradpabjan;>@konradpabjan in https://redirect.github.com/actions/upload-artifact/pull/496;>actions/upload-artifact#496 Update readme to reflect new 500 artifact per job limit by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/upload-artifact/pull/497;>actions/upload-artifact#497 New Contributors https://github.com/samuelwine;>@samuelwine made their first contribution in https://redirect.github.com/actions/upload-artifact/pull/492;>actions/upload-artifact#492 Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0;>https://github.com/actions/upload-artifact/compare/v4...v4.1.0 Commits https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595;>1eb3cb2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/497;>#497 from actions/robherley/update-readme-limit https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95;>8688a86 Update readme to reflect new artifact/job limit https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8;>73d8b66 Support artifact-url output (https://redirect.github.com/actions/upload-artifact/issues/496;>#496) https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834;>c320f57 Update README.md (https://redirect.github.com/actions/upload-artifact/issues/492;>#492) https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa;>cf8714c Merge pull request https://redirect.github.com/actions/upload-artifact/issues/482;>#482 from actions/robherley/add-migration-docs https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab;>7f16e37 add migrations docs https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49;>3530730 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/468;>#468 from actions/robherley/misc-updates https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793;>6c139af update imports and old v4-beta references See full diff in https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact=github_actions=4.0.0=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-imaging]
dependabot[bot] opened a new pull request, #348: URL: https://github.com/apache/commons-imaging/pull/348 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[GH] (commons-vfs): Workflow run "Java CI" failed!
The GitHub Actions job "Java CI" on commons-vfs.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 4d739146ce28df73f8438b72b8179cfb4dcdb379 / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump github/codeql-action from 3.22.12 to 3.23.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e5f05b81d5b6ff8cfa111c80c22c5fd02a384118) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-vfs/actions/runs/7501646029 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "Java CI" is working again!
The GitHub Actions job "Java CI" on commons-configuration.git has succeeded. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 88276cad0ed510131f3782bc5b4ba069a457587a / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump slf4j.version from 2.0.10 to 2.0.11 Bumps `slf4j.version` from 2.0.10 to 2.0.11. Updates `org.slf4j:slf4j-api` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-ext` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-log4j12` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-nop` from 2.0.10 to 2.0.11 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-ext dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-log4j12 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-nop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505059928 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "Coverage" is working again!
The GitHub Actions job "Coverage" on commons-configuration.git has succeeded. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 88276cad0ed510131f3782bc5b4ba069a457587a / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump slf4j.version from 2.0.10 to 2.0.11 Bumps `slf4j.version` from 2.0.10 to 2.0.11. Updates `org.slf4j:slf4j-api` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-ext` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-log4j12` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-nop` from 2.0.10 to 2.0.11 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-ext dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-log4j12 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-nop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505059927 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "CodeQL" is working again!
The GitHub Actions job "CodeQL" on commons-configuration.git has succeeded. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 88276cad0ed510131f3782bc5b4ba069a457587a / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump slf4j.version from 2.0.10 to 2.0.11 Bumps `slf4j.version` from 2.0.10 to 2.0.11. Updates `org.slf4j:slf4j-api` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-ext` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-log4j12` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-nop` from 2.0.10 to 2.0.11 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-ext dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-log4j12 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-nop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505060069 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "Java CI" failed!
The GitHub Actions job "Java CI" on commons-configuration.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 5f05dfc2965bb63df0deca3e2c411e9b97144dec / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump spring.version from 5.3.31 to 6.1.3 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-beans` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-context` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-test` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-context dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505066849 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "Java CI" failed!
The GitHub Actions job "Java CI" on commons-configuration.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 5f05dfc2965bb63df0deca3e2c411e9b97144dec / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump spring.version from 5.3.31 to 6.1.3 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-beans` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-context` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-test` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-context dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505067138 With regards, GitHub Actions via GitBox
[GH] (commons-configuration): Workflow run "Coverage" failed!
The GitHub Actions job "Coverage" on commons-configuration.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 5f05dfc2965bb63df0deca3e2c411e9b97144dec / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump spring.version from 5.3.31 to 6.1.3 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-beans` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-context` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-test` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-context dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505066852 With regards, GitHub Actions via GitBox
Re: [PR] Bump spring.version from 5.3.31 to 6.1.2 [commons-configuration]
dependabot[bot] commented on PR #338: URL: https://github.com/apache/commons-configuration/pull/338#issuecomment-1889640504 Superseded by #346. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump spring.version from 5.3.31 to 6.1.3 [commons-configuration]
dependabot[bot] opened a new pull request, #346: URL: https://github.com/apache/commons-configuration/pull/346 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 Release notes Sourced from https://github.com/spring-projects/spring-framework/releases;>org.springframework:spring-core's releases. v6.1.3 :star: New Features Perform checks for bean validation constraints in HandlerMethod only when needed https://redirect.github.com/spring-projects/spring-framework/issues/32007;>#32007 Exclude URI query from remaining WebClient checkpoints https://redirect.github.com/spring-projects/spring-framework/pull/31992;>#31992 Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor https://redirect.github.com/spring-projects/spring-framework/issues/31967;>#31967 Introduce processInjection() in CommonAnnotationBeanPostProcessor https://redirect.github.com/spring-projects/spring-framework/issues/31956;>#31956 Make maximum length of SpEL expressions in an ApplicationContext configurable https://redirect.github.com/spring-projects/spring-framework/issues/31952;>#31952 JdkClientHttpRequest may block indefinitely https://redirect.github.com/spring-projects/spring-framework/issues/31911;>#31911 Allow Propagation.NOT\_SUPPORTED with @TransactionalEventListener https://redirect.github.com/spring-projects/spring-framework/issues/31907;>#31907 Review HibernateJpaVendorAdapter to align dialect to use for recent Hibernate versions https://redirect.github.com/spring-projects/spring-framework/issues/31896;>#31896 Improve method validation support for containers with constraints on container elements https://redirect.github.com/spring-projects/spring-framework/issues/31887;>#31887 Method validation is not triggered when constraints are applied to the elements of a List https://redirect.github.com/spring-projects/spring-framework/issues/31870;>#31870 Use standard String comparison in ExtendedBeanInfo.PropertyDescriptorComparator https://redirect.github.com/spring-projects/spring-framework/issues/31866;>#31866 Detect Jetty 12 max length exceeded message for MaxUploadSizeExceededException https://redirect.github.com/spring-projects/spring-framework/issues/31850;>#31850 Ensure that Observation is stopped and Scope is closed in doReceiveAndExecute() https://redirect.github.com/spring-projects/spring-framework/pull/31798;>#31798 Support the use of @Resource in test classes in AOT mode https://redirect.github.com/spring-projects/spring-framework/issues/31733;>#31733 Add support for configuring sslContext in StandardWebSocketClient https://redirect.github.com/spring-projects/spring-framework/issues/30680;>#30680 Refine allocations for improved memory profile when creating a large amount of proxy instances https://redirect.github.com/spring-projects/spring-framework/issues/30499;>#30499 Check ResponseStatusException reason as MessageSource code for ProblemDetail https://redirect.github.com/spring-projects/spring-framework/pull/30300;>#30300 SpringValidatorAdapter fails in getRejectedValue if ValueExtractor used in property path to unwrap a container type https://redirect.github.com/spring-projects/spring-framework/issues/29043;>#29043 Add CORS support for Private Network Access https://redirect.github.com/spring-projects/spring-framework/issues/28546;>#28546 Introduce NoOpTaskScheduler for disabling @Scheduled tasks in test setups https://redirect.github.com/spring-projects/spring-framework/issues/28073;>#28073 MvcUriComponentsBuilder should resolve property placeholders in request mapping paths https://redirect.github.com/spring-projects/spring-framework/issues/26795;>#26795 Allow SockJsUrlInfo to be overridden in SockJsClient https://redirect.github.com/spring-projects/spring-framework/issues/25888;>#25888 Extending abstract class does not expose parameter annotations https://redirect.github.com/spring-projects/spring-framework/issues/25788;>#25788 DatabasePopulatorConfigUtils should only set a populator if matching scripts are defined https://redirect.github.com/spring-projects/spring-framework/issues/23405;>#23405 @annotation pointcut is not matched with complex hierarchy and generics against classes compiled by Eclipse [SPR-17310] https://redirect.github.com/spring-projects/spring-framework/issues/21843;>#21843 Allow registration of application event listeners in a functional way [SPR-16872] https://redirect.github.com/spring-projects/spring-framework/issues/21411;>#21411 Allow CronTrigger to resume from specified timestamp [SPR-14909] https://redirect.github.com/spring-projects/spring-framework/issues/19475;>#19475 :lady_beetle: Bug Fixes Using a URI variable for port in WebClient causes an IllegalStateException https://redirect.github.com/spring-projects/spring-framework/issues/32003;>#32003 [spring-tx]
[GH] (commons-configuration): Workflow run "CodeQL" failed!
The GitHub Actions job "CodeQL" on commons-configuration.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 5f05dfc2965bb63df0deca3e2c411e9b97144dec / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump spring.version from 5.3.31 to 6.1.3 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-beans` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-context` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-test` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-context dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505067135 With regards, GitHub Actions via GitBox
[PR] Bump slf4j.version from 2.0.10 to 2.0.11 [commons-configuration]
dependabot[bot] opened a new pull request, #345: URL: https://github.com/apache/commons-configuration/pull/345 Bumps `slf4j.version` from 2.0.10 to 2.0.11. Updates `org.slf4j:slf4j-api` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-ext` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-log4j12` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-nop` from 2.0.10 to 2.0.11 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GH] (commons-configuration): Workflow run "Coverage" failed!
The GitHub Actions job "Coverage" on commons-configuration.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 5f05dfc2965bb63df0deca3e2c411e9b97144dec / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump spring.version from 5.3.31 to 6.1.3 Bumps `spring.version` from 5.3.31 to 6.1.3. Updates `org.springframework:spring-core` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-beans` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-context` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) Updates `org.springframework:spring-test` from 5.3.31 to 6.1.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v6.1.3) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework:spring-context dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-configuration/actions/runs/7505067134 With regards, GitHub Actions via GitBox
Re: [PR] Bump spring.version from 5.3.31 to 6.1.2 [commons-configuration]
dependabot[bot] closed pull request #338: Bump spring.version from 5.3.31 to 6.1.2 URL: https://github.com/apache/commons-configuration/pull/338 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-daemon]
codecov-commenter commented on PR #129: URL: https://github.com/apache/commons-daemon/pull/129#issuecomment-1889608717 ## [Codecov](https://app.codecov.io/gh/apache/commons-daemon/pull/129?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`bbda1bf`)](https://app.codecov.io/gh/apache/commons-daemon/commit/bbda1bf325d8fe7e7a8588b16756bca7254f21e3?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 0.49% compared to head [(`7426b80`)](https://app.codecov.io/gh/apache/commons-daemon/pull/129?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 0.49%. Additional details and impacted files ```diff @@ Coverage Diff@@ ## master#129 +/- ## Coverage 0.49% 0.49% Complexity1 1 Files 5 5 Lines 406 406 Branches 66 66 Hits 2 2 Misses 404 404 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-daemon/pull/129?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-daemon]
codecov-commenter commented on PR #130: URL: https://github.com/apache/commons-daemon/pull/130#issuecomment-1889608392 ## [Codecov](https://app.codecov.io/gh/apache/commons-daemon/pull/130?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`bbda1bf`)](https://app.codecov.io/gh/apache/commons-daemon/commit/bbda1bf325d8fe7e7a8588b16756bca7254f21e3?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 0.49% compared to head [(`63b4df8`)](https://app.codecov.io/gh/apache/commons-daemon/pull/130?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 0.49%. Additional details and impacted files ```diff @@ Coverage Diff@@ ## master#130 +/- ## Coverage 0.49% 0.49% Complexity1 1 Files 5 5 Lines 406 406 Branches 66 66 Hits 2 2 Misses 404 404 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-daemon/pull/130?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-daemon]
dependabot[bot] opened a new pull request, #130: URL: https://github.com/apache/commons-daemon/pull/130 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-daemon]
dependabot[bot] opened a new pull request, #129: URL: https://github.com/apache/commons-daemon/pull/129 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
Re: [PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-configuration]
codecov-commenter commented on PR #344: URL: https://github.com/apache/commons-configuration/pull/344#issuecomment-1889586645 ## [Codecov](https://app.codecov.io/gh/apache/commons-configuration/pull/344?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`1371b90`)](https://app.codecov.io/gh/apache/commons-configuration/commit/1371b9058664c871a4a5eab7a418b16bb4a02408?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 89.09% compared to head [(`efb7d77`)](https://app.codecov.io/gh/apache/commons-configuration/pull/344?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 89.10%. Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #344 +/- ## + Coverage 89.09% 89.10% +0.01% - Complexity 3536 3537 +1 Files 183 183 Lines 9635 9635 Branches 1192 1192 + Hits 8584 8585 +1 Misses 772 772 + Partials279 278 -1 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-configuration/pull/344?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-configuration]
codecov-commenter commented on PR #343: URL: https://github.com/apache/commons-configuration/pull/343#issuecomment-1889587056 ## [Codecov](https://app.codecov.io/gh/apache/commons-configuration/pull/343?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`1371b90`)](https://app.codecov.io/gh/apache/commons-configuration/commit/1371b9058664c871a4a5eab7a418b16bb4a02408?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 89.09% compared to head [(`edde93a`)](https://app.codecov.io/gh/apache/commons-configuration/pull/343?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 89.09%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #343 +/- ## = Coverage 89.09% 89.09% - Complexity 3536 3537+1 = Files 183 183 Lines 9635 9635 Branches 1192 1192 = Hits 8584 8584 Misses 772 772 Partials279 279 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-configuration/pull/343?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-configuration]
dependabot[bot] opened a new pull request, #344: URL: https://github.com/apache/commons-configuration/pull/344 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-configuration]
dependabot[bot] opened a new pull request, #343: URL: https://github.com/apache/commons-configuration/pull/343 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-codec]
dependabot[bot] opened a new pull request, #231: URL: https://github.com/apache/commons-codec/pull/231 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
Re: [PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-codec]
codecov-commenter commented on PR #231: URL: https://github.com/apache/commons-codec/pull/231#issuecomment-1889505783 ## [Codecov](https://app.codecov.io/gh/apache/commons-codec/pull/231?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`73813dc`)](https://app.codecov.io/gh/apache/commons-codec/commit/73813dcfdd17069df2db8939b701416c5b037b9d?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 92.09% compared to head [(`4a9e20b`)](https://app.codecov.io/gh/apache/commons-codec/pull/231?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 92.09%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #231 +/- ## = Coverage 92.09% 92.09% Complexity 1746 1746 = Files67 67 Lines 4602 4602 Branches712 712 = Hits 4238 4238 Misses 251 251 Partials113 113 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-codec/pull/231?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-codec]
codecov-commenter commented on PR #230: URL: https://github.com/apache/commons-codec/pull/230#issuecomment-1889505518 ## [Codecov](https://app.codecov.io/gh/apache/commons-codec/pull/230?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`73813dc`)](https://app.codecov.io/gh/apache/commons-codec/commit/73813dcfdd17069df2db8939b701416c5b037b9d?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 92.09% compared to head [(`9b947c9`)](https://app.codecov.io/gh/apache/commons-codec/pull/230?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 92.09%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #230 +/- ## = Coverage 92.09% 92.09% Complexity 1746 1746 = Files67 67 Lines 4602 4602 Branches712 712 = Hits 4238 4238 Misses 251 251 Partials113 113 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-codec/pull/230?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-codec]
dependabot[bot] opened a new pull request, #230: URL: https://github.com/apache/commons-codec/pull/230 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[GH] (commons-lang): Workflow run "Java CI" is working again!
The GitHub Actions job "Java CI" on commons-lang.git has succeeded. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: fb07bdc5a1812d33a2e851df1ad0e54693e76d4a / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump actions/cache from 3.3.2 to 3.3.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-lang/actions/runs/7503931453 With regards, GitHub Actions via GitBox
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-lang]
dependabot[bot] opened a new pull request, #1158: URL: https://github.com/apache/commons-lang/pull/1158 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-lang]
dependabot[bot] opened a new pull request, #1157: URL: https://github.com/apache/commons-lang/pull/1157 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-csv]
dependabot[bot] opened a new pull request, #381: URL: https://github.com/apache/commons-csv/pull/381 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-csv]
dependabot[bot] opened a new pull request, #380: URL: https://github.com/apache/commons-csv/pull/380 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-collections]
dependabot[bot] opened a new pull request, #441: URL: https://github.com/apache/commons-collections/pull/441 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-collections]
dependabot[bot] opened a new pull request, #440: URL: https://github.com/apache/commons-collections/pull/440 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-pool]
dependabot[bot] opened a new pull request, #269: URL: https://github.com/apache/commons-pool/pull/269 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-pool]
dependabot[bot] opened a new pull request, #270: URL: https://github.com/apache/commons-pool/pull/270 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-jexl]
dependabot[bot] opened a new pull request, #218: URL: https://github.com/apache/commons-jexl/pull/218 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-jexl]
dependabot[bot] opened a new pull request, #217: URL: https://github.com/apache/commons-jexl/pull/217 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-bsf]
dependabot[bot] opened a new pull request, #114: URL: https://github.com/apache/commons-bsf/pull/114 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-bsf]
dependabot[bot] opened a new pull request, #113: URL: https://github.com/apache/commons-bsf/pull/113 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[GH] (commons-crypto): Workflow run "Java Cross Test" is working again!
The GitHub Actions job "Java Cross Test" on commons-crypto.git has succeeded. Run started by GitHub user garydgregory (triggered by garydgregory). Head commit for run: 26d0950ac6e3aa8540ea7dd4f67a266fb8d92a72 / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump actions/cache from 3.3.2 to 3.3.3 (#289) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Report URL: https://github.com/apache/commons-crypto/actions/runs/7501744374 With regards, GitHub Actions via GitBox
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-skin]
dependabot[bot] opened a new pull request, #100: URL: https://github.com/apache/commons-skin/pull/100 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-skin]
dependabot[bot] opened a new pull request, #99: URL: https://github.com/apache/commons-skin/pull/99 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
[PR] Bump org.apache.tomcat:tomcat-catalina from 9.0.79 to 9.0.83 in /commons-jcs3-jcache-extras [commons-jcs]
dependabot[bot] opened a new pull request, #201: URL: https://github.com/apache/commons-jcs/pull/201 Bumps org.apache.tomcat:tomcat-catalina from 9.0.79 to 9.0.83. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat:tomcat-catalina=maven=9.0.79=9.0.83)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/commons-jcs/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-parent]
dependabot[bot] opened a new pull request, #352: URL: https://github.com/apache/commons-parent/pull/352 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-parent]
dependabot[bot] opened a new pull request, #351: URL: https://github.com/apache/commons-parent/pull/351 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-vfs]
dependabot[bot] opened a new pull request, #467: URL: https://github.com/apache/commons-vfs/pull/467 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-vfs]
dependabot[bot] opened a new pull request, #466: URL: https://github.com/apache/commons-vfs/pull/466 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[GH] (commons-crypto): Workflow run "Java Cross Test" failed!
The GitHub Actions job "Java Cross Test" on commons-crypto.git has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]). Head commit for run: 3bb38d120338ecfc3832b3ee4983ec9bb47da739 / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump actions/cache from 3.3.2 to 3.3.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Report URL: https://github.com/apache/commons-crypto/actions/runs/7501408100 With regards, GitHub Actions via GitBox
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-crypto]
dependabot[bot] opened a new pull request, #290: URL: https://github.com/apache/commons-crypto/pull/290 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-crypto]
dependabot[bot] opened a new pull request, #289: URL: https://github.com/apache/commons-crypto/pull/289 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
[PR] Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 [commons-logging]
dependabot[bot] opened a new pull request, #197: URL: https://github.com/apache/commons-logging/pull/197 Bumps org.slf4j:slf4j-api from 2.0.10 to 2.0.11. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-api=maven=2.0.10=2.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-logging]
dependabot[bot] opened a new pull request, #196: URL: https://github.com/apache/commons-logging/pull/196 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md;>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases;>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. https://redirect.github.com/github/codeql-action/pull/2079;>#2079 3.23.0 - 08 Jan 2024 We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. https://redirect.github.com/github/codeql-action/pull/2031;>#2031 The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see https://github.com/github/codeql-action/blob/main/#2227---16-nov-2023;>the corresponding changelog entry for CodeQL Action version 2.22.7. https://redirect.github.com/github/codeql-action/pull/2009;>#2009 3.22.12 - 22 Dec 2023 Update default CodeQL bundle version to 2.15.5. https://redirect.github.com/github/codeql-action/pull/2047;>#2047 3.22.11 - 13 Dec 2023 [v3+ only] The CodeQL Action now runs on Node.js v20. https://redirect.github.com/github/codeql-action/pull/2006;>#2006 2.22.10 - 12 Dec 2023 Update default CodeQL bundle version to 2.15.4. https://redirect.github.com/github/codeql-action/pull/2016;>#2016 2.22.9 - 07 Dec 2023 No user facing changes. 2.22.8 - 23 Nov 2023 Update default CodeQL bundle version to 2.15.3. https://redirect.github.com/github/codeql-action/pull/2001;>#2001 2.22.7 - 16 Nov 2023 Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. https://redirect.github.com/github/codeql-action/pull/1993;>#1993 If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace github/codeql-action/*@v2 by github/codeql-action/*@v2.22.7 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 2.22.6 - 14 Nov 2023 Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a https://github.com/actions/setup-python;>setup-python step to your code scanning workflow before the step that invokes github/codeql-action/init. Update default CodeQL bundle version to 2.15.2. https://redirect.github.com/github/codeql-action/pull/1978;>#1978 2.22.5 - 27 Oct 2023 No user facing changes. ... (truncated) Commits https://github.com/github/codeql-action/commit/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118;>e5f05b8 Merge pull request https://redirect.github.com/github/codeql-action/issues/2066;>#2066 from github/update-v3.23.0-fd55bb0b0 https://github.com/github/codeql-action/commit/48e7b8b751b457ccde050d587c85ce3defc30555;>48e7b8b Update changelog for v3.23.0 https://github.com/github/codeql-action/commit/fd55bb0b00b5802fdceb93f76b498f105e0edbe1;>fd55bb0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2065;>#2065 from github/henrymercer/further-run-queries-cleanup https://github.com/github/codeql-action/commit/838a0229829cd641a4a60fc3c95e12a673b5fcdb;>838a022 Clean up
[PR] Bump actions/cache from 3.3.2 to 3.3.3 [commons-logging]
dependabot[bot] opened a new pull request, #195: URL: https://github.com/apache/commons-logging/pull/195 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v3.3.3 What's Changed Cache v3.3.3 by https://github.com/robherley;>@robherley in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 New Contributors https://github.com/robherley;>@robherley made their first contribution in https://redirect.github.com/actions/cache/pull/1302;>actions/cache#1302 Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3;>https://github.com/actions/cache/compare/v3...v3.3.3 Changelog Sourced from https://github.com/actions/cache/blob/main/RELEASES.md;>actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 - node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (https://redirect.github.com/actions/cache/issues/624;>issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (https://redirect.github.com/actions/cache/issues/689;>issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (https://redirect.github.com/actions/cache/pull/834;>PR) 3.0.6 Fixed https://redirect.github.com/actions/cache/issues/809;>#809 - zstd -d: no such file or directory error Fixed https://redirect.github.com/actions/cache/issues/833;>#833 - cache doesn't work with github workspace directory 3.0.7 Fixed https://redirect.github.com/actions/cache/issues/810;>#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues https://redirect.github.com/actions/cache/issues/888;>#888 and https://redirect.github.com/actions/cache/issues/891;>#891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes. 3.0.9 Enhanced the warning message for cache unavailablity in case of GHES. 3.0.10 Fix a bug with sorting inputs. Update definition for restore-keys in README.md ... (truncated) Commits https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c;>e12d46a Merge pull request https://redirect.github.com/actions/cache/issues/1302;>#1302 from actions/robherley/v3.3.3 https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951;>1baebfc licensed https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd;>eb94f1a cache v3.3.3 See full diff in https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache=github_actions=3.3.2=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
Re: [PR] Bump github/codeql-action from 3.22.12 to 3.23.0 [commons-dbutils]
codecov-commenter commented on PR #229: URL: https://github.com/apache/commons-dbutils/pull/229#issuecomment-1888750954 ## [Codecov](https://app.codecov.io/gh/apache/commons-dbutils/pull/229?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Comparison is base [(`f84bbbf`)](https://app.codecov.io/gh/apache/commons-dbutils/commit/f84bbbf04c5d69dde165abe3e9f366acf097df24?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 62.68% compared to head [(`9d823da`)](https://app.codecov.io/gh/apache/commons-dbutils/pull/229?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) 62.68%. Additional details and impacted files ```diff @@Coverage Diff@@ ## master #229 +/- ## = Coverage 62.68% 62.68% Complexity 413 413 = Files39 39 Lines 1383 1383 Branches104 104 = Hits867 867 Misses 467 467 Partials 49 49 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/commons-dbutils/pull/229?src=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org