[PR] chore(deps): update dependency org.apache.maven.plugins:maven-clean-plugin to v3.3.2 [sling-site]
renovate-bot opened a new pull request, #142: URL: https://github.com/apache/sling-site/pull/142 [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven.plugins:maven-clean-plugin](https://maven.apache.org/plugins/) | `3.3.1` -> `3.3.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apache/sling-site). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.10
+1 On Thu, Oct 26, 2023 at 12:44 PM Robert Munteanu wrote: > > Hi, > > We solved 6 issues in this release: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353392=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2799/ > > You can use this UNIX script to download the release and verify the > signatures: > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2799 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu
[VOTE] Release Apache Sling XSS Protection API 2.3.10
Hi, We solved 6 issues in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353392=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2799/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2799 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu
Re: [PR] SLING-12122 - Add unit-test creating group with rep:externalId property [sling-org-apache-sling-jcr-repoinit]
anchela commented on PR #46:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/46#issuecomment-1781160528
hi @jsedding , creating a somewhat reasonable security setup should be too
complicated. you could e.g. use the default created by
{{SecurityProviderBuilder}} (an not calling with with null values) and the
benefit from the test-helper class {{SecurityProviderHelper}} to inject the
additional configuration.
that's probably easier than writing your own validator. what i meant about
the best practices: i would add a comment to the test class mentioning that
manually creating the rep:externalId is making assumptions about implementation
details that may change. so, just add a word of caution :-)
the sync-mechanims defined in oak-auth-external comes with API to sync
users/groups outside of the regular login flow that's just not supported by
all IDP implementations so an attempt to manually sync users/groups is
probably the result of an imcomplete IDP implementation. so addressing that
would likely be the better option (and avoid the issue about impl-details).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-11069 - Sync Latest Change from Starter [sling-org-apache-sling-app-cms]
sonarcloud[bot] commented on PR #43: URL: https://github.com/apache/sling-org-apache-sling-app-cms/pull/43#issuecomment-1781046692 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-app-cms=43) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-app-cms=43=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-app-cms=43=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-app-cms=43=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-app-cms=43=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-app-cms=43=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-app-cms=43=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12122 - Add unit-test creating group with rep:externalId property [sling-org-apache-sling-jcr-repoinit]
jsedding commented on PR #46: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/46#issuecomment-1781033572 @anchela the test was intended to validate and document that it is possible to set properties on a group/user within the same `Session#save()` call. I.e. that there are no intermediate saves, which might break some use cases, like e.g. setting the `rep:externalId` property (which is NOT recommended, because it is an implementation detail and should only be managed by Oak's external authentication code). Instead of creating a complete security setup, which I feel is not trivial, I could implement a custom Oak `Validator` that has an analogous check. That way, the test also doesn't document "bad practice". Would that work for you? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #1099 is BROKEN
Please see https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-starter/job/master/1099/ for details. No further emails will be sent until the status of the build is changed. Build log follows below: [...truncated 14814 lines...] [INFO] Stopping launch with id sling-starter-oak-tar [INFO] Stopping launch with id sling-starter-oak-mongo [INFO] [INFO] --- tools:1.4:verify-legal-files (verify-legal-files) @ org.apache.sling.starter --- [INFO] Downloading from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.3/commons-lang-2.3.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.3/commons-lang-2.3.pom (11 kB at 695 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.pom (767 B at 256 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.5/plexus-1.0.5.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.5/plexus-1.0.5.pom (5.9 kB at 3.0 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/plugin-support/1.0-alpha-1/plugin-support-1.0-alpha-1.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/plugin-support/1.0-alpha-1/plugin-support-1.0-alpha-1.pom (4.2 kB at 1.0 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/mojo/13/mojo-13.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/mojo/13/mojo-13.pom (8.5 kB at 2.8 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/ant/ant/1.6.5/ant-1.6.5.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/ant/ant/1.6.5/ant-1.6.5.pom (861 B at 287 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.pom (5.3 kB at 2.6 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/commons-jexl/commons-jexl/1.1/commons-jexl-1.1.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/commons-jexl/commons-jexl/1.1/commons-jexl-1.1.pom (5.0 kB at 1.7 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.4/maven-plugin-api-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.4/maven-plugin-api-2.0.4.pom (643 B at 322 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.4/maven-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.4/maven-2.0.4.pom (12 kB at 3.9 MB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.4/maven-project-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.4/maven-project-2.0.4.pom (1.8 kB at 921 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.4/maven-settings-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.4/maven-settings-2.0.4.pom (1.6 kB at 813 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.4/maven-model-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.4/maven-model-2.0.4.pom (2.7 kB at 903 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.4/maven-profile-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.4/maven-profile-2.0.4.pom (1.6 kB at 539 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.4/maven-artifact-manager-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.4/maven-artifact-manager-2.0.4.pom (1.4 kB at 453 kB/s) [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.4/maven-repository-metadata-2.0.4.pom [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.4/maven-repository-metadata-2.0.4.pom (1.5 kB at 744 kB/s) [INFO] Downloading from central:
