dependabot[bot] opened a new pull request, #5268:
URL: https://github.com/apache/eventmesh/pull/5268

   Bumps 
[com.rabbitmq:amqp-client](https://github.com/rabbitmq/rabbitmq-java-client) 
from 5.22.0 to 5.33.0.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/rabbitmq/rabbitmq-java-client/releases";>com.rabbitmq:amqp-client's
 releases</a>.</em></p>
   <blockquote>
   <h2>5.33.0</h2>
   <h1>Changes between 5.32.0 and 5.33.0</h1>
   <p>This is a maintenance release with bug fixes and dependency upgrades. It 
introduces minor breaking changes compared to 5.32.0 (see below for details). 
All users are encouraged to upgrade.</p>
   <p>The RabbitMQ team normally maintain strict backward compatibility in 
minor versions. However, this release includes exceptional breaking changes 
that were necessary to patch security gaps and enforce secure-by-default 
behavior.</p>
   <p>Breaking changes:</p>
   <ul>
   <li>Hostname verification is now enabled by default as soon as TLS is 
used.</li>
   <li><code>ConnectionFactory#useSslProtocol()</code> now utilizes the JVM's 
default <code>SSLContext</code>, which validates the server certificate.
   <ul>
   <li>Note: This should primarily affect test environments, as 
<code>useSslProtocol()</code> was never intended for production use.</li>
   <li>Action required: For test or development environments where certificate 
validation needs to be disabled, users can now explicitly switch to the new 
<code>ConnectionFactory#useTlsWithNoVerification()</code> method.</li>
   </ul>
   </li>
   <li>JSON-RPC support classes now introduce an &quot;allowlist&quot;. This 
change only impacts installations that explicitly utilize these classes.</li>
   </ul>
   <h2>Harden RPC support classes</h2>
   <p>GitHub PR: <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2002";>#2002</a></p>
   <h2>Enable hostname verification by default</h2>
   <p>GitHub issue: <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2005";>#2005</a></p>
   <h2>Introduce helper for dev/test TLS setup</h2>
   <p>GitHub PR: <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2001";>#2001</a></p>
   <h2>Enforce inbound frame max more strictly</h2>
   <p>GitHub PRs: <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/1995";>#1995</a>
 <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/1998";>#1998</a></p>
   <h2>Bump dependencies</h2>
   <p>GitHub issue: <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/1991";>#1991</a></p>
   <h1>Dependency</h1>
   <h2>Maven</h2>
   <pre lang="xml"><code>&lt;dependency&gt;
     &lt;groupId&gt;com.rabbitmq&lt;/groupId&gt;
     &lt;artifactId&gt;amqp-client&lt;/artifactId&gt;
     &lt;version&gt;5.33.0&lt;/version&gt;
   &lt;/dependency&gt;
   </code></pre>
   <h2>Gradle</h2>
   <pre lang="groovy"><code>compile 'com.rabbitmq:amqp-client:5.33.0'
   &lt;/tr&gt;&lt;/table&gt; 
   </code></pre>
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/a6ff07ecf96c1f001d611ea9b88ed8b6e045aa61";><code>a6ff07e</code></a>
 [maven-release-plugin] prepare release v5.33.0</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/a3cbc200936a02cf321ab0f1ae311718a34c13c0";><code>a3cbc20</code></a>
 Set release version to 5.33.0</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/7c33063f7f11433f620df70873b611cb4b2cd830";><code>7c33063</code></a>
 Recommend against replacing SocketConfigurator</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/43263bc7cd4717e8b1ce073e61d6bf35accdb8b7";><code>43263bc</code></a>
 Merge pull request <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2001";>#2001</a>
 from rabbitmq/mergify/bp/v5.x/pr-1999</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/fd34d84ddc79f93be0f3f9bbc14cfcc0639146dd";><code>fd34d84</code></a>
 Document NIO configurators</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/4a05f2b774e3f7022c328228fbdb7c316cb61b70";><code>4a05f2b</code></a>
 Fix NIO test</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/f02566a5040872b80f79b811c941c342b5308f25";><code>f02566a</code></a>
 Merge pull request <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2002";>#2002</a>
 from rabbitmq/mergify/bp/v5.x/pr-2000</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/38ef88e78faf203e45255d1e8530f5da60b76622";><code>38ef88e</code></a>
 Merge pull request <a 
href="https://redirect.github.com/rabbitmq/rabbitmq-java-client/issues/2004";>#2004</a>
 from rabbitmq/dependabot/maven/v5.x/com.diffplug.spo...</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/66ef941fe058c436a32e1768a95960e3b1d62abc";><code>66ef941</code></a>
 Bump com.diffplug.spotless:spotless-maven-plugin from 3.7.0 to 3.8.0</li>
   <li><a 
href="https://github.com/rabbitmq/rabbitmq-java-client/commit/c6089b0224e4486a1eebb8efb83bbd89f9e250a0";><code>c6089b0</code></a>
 Fix conflicts</li>
   <li>Additional commits viewable in <a 
href="https://github.com/rabbitmq/rabbitmq-java-client/compare/v5.22.0...v5.33.0";>compare
 view</a></li>
   </ul>
   </details>
   <br />
   
   <details>
   <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary>
   
   | Dependency Name | Ignore Conditions |
   | --- | --- |
   | com.rabbitmq:amqp-client | [>= 5.17.a, < 5.18] |
   </details>
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.rabbitmq:amqp-client&package-manager=gradle&previous-version=5.22.0&new-version=5.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to