[GitHub] [commons-build-plugin] dependabot[bot] opened a new pull request #61: Bump maven-plugin-plugin from 3.6.2 to 3.6.4
dependabot[bot] opened a new pull request #61: URL: https://github.com/apache/commons-build-plugin/pull/61 Bumps [maven-plugin-plugin](https://github.com/apache/maven-plugin-tools) from 3.6.2 to 3.6.4. Commits https://github.com/apache/maven-plugin-tools/commit/33eb6d9df8be0e9cd0ac9b684741382b3d0e0fc7;>33eb6d9 [maven-release-plugin] prepare release maven-plugin-tools-3.6.4 https://github.com/apache/maven-plugin-tools/commit/c8ddcdcb10d342a5a5e2f38245bb569af5730c7c;>c8ddcdc [MPLUGIN-387] Bump Ant to 1.9.16 https://github.com/apache/maven-plugin-tools/commit/f14830dba00667fc661a520557fcdff6a8b0d1ad;>f14830d [MPLUGIN-387] Bump xmlunit to 1.6 https://github.com/apache/maven-plugin-tools/commit/036fdebb5cdbab68d79550cc6a0991f2a96ce4c8;>036fdeb [MPLUGIN-387] Bump plexus-compiler-manager to 2.8.8 https://github.com/apache/maven-plugin-tools/commit/d296e04045026716f1fba5d296a0dd4330cc7f92;>d296e04 [MPLUGIN-387] Switch from fest-assert to AssertJ 2.9.1 https://github.com/apache/maven-plugin-tools/commit/9ff352cc5680fe4e672dd99d0ff9160fc51a1317;>9ff352c [MPLUGIN-387] Bump plexus-archiver to 4.2.5 https://github.com/apache/maven-plugin-tools/commit/f6461047666e7c2dc0103042088825fd6a16a8ab;>f646104 [MPLUGIN-387] Upgrade BeanShell to 2.0b6 https://github.com/apache/maven-plugin-tools/commit/db1803198a77a40917a533e70ece7f066b783bf1;>db18031 [MPLUGIN-387] Bump junit to 4.13.2 https://github.com/apache/maven-plugin-tools/commit/c7ae057613aab21957197f93d33d6c0e2eb55bf8;>c7ae057 Added Dependabot configuration https://github.com/apache/maven-plugin-tools/commit/86d870fbc4a3aa1cd3b8da8a2fde015e5e8dfe43;>86d870f [MPLUGIN-387] Upgrade Doxia/Doxia Tools to 1.11.1 Additional commits viewable in https://github.com/apache/maven-plugin-tools/compare/maven-plugin-tools-3.6.2...maven-plugin-tools-3.6.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-plugin-plugin=maven=3.6.2=3.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] dependabot[bot] opened a new pull request #60: Bump versions-maven-plugin from 2.8.1 to 2.9.0
dependabot[bot] opened a new pull request #60: URL: https://github.com/apache/commons-build-plugin/pull/60 Bumps [versions-maven-plugin](https://github.com/mojohaus/versions-maven-plugin) from 2.8.1 to 2.9.0. Release notes Sourced from https://github.com/mojohaus/versions-maven-plugin/releases;>versions-maven-plugin's releases. 2.9.0 Changes Fix detection of plugin updates requiring newer Maven for building than (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/527;>#527) https://github.com/kwin;>@kwin update-properties page was using use-releases goal instead (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/245;>#245) https://github.com/MarcoLotz;>@MarcoLotz Fixes https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/439;>#439 : String index out of range: 9 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/444;>#444) https://github.com/ghusta;>@ghusta 363:Force update parent version with real version (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/364;>#364) https://github.com/akilantech;>@akilantech Removal of not needed calls to toString() in the code base (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/468;>#468) https://github.com/obfischer;>@obfischer fix(resolve-ranges): fail properly on managed dep without version (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/452;>#452) https://github.com/mfriedenhagen;>@mfriedenhagen New features and improvements Fixes https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/426;>#426 restore default behavior on setting versions in all modules of the local aggregation root that was present before the fix for https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/82;>#82 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/427;>#427) https://github.com/stefanseifert;>@stefanseifert https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/453;>#453 update Reproducible Builds outputTimestamp when setting version (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/522;>#522) https://github.com/hboutemy;>@hboutemy [Enhancement] Display Latest Versions in Reports Summary (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/478;>#478) https://github.com/sultan;>@sultan Fixes https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/469;>#469 Support.property file in set-property (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/470;>#470) https://github.com/arkel-s;>@arkel-s Sort properties by Property name in Property Updates Report (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/455;>#455) https://github.com/sultan;>@sultan Upgrade parent 63 and Java 1.8 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/461;>#461) https://github.com/olamy;>@olamy Dependency updates Bump woodstox-core from 6.2.7 to 6.2.8 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/530;>#530) https://github.com/dependabot;>@dependabot Bump plexus-container-default from 2.1.0 to 2.1.1 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/520;>#520) https://github.com/dependabot;>@dependabot Bump doxia-site-renderer from 1.10 to 1.11.1 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/518;>#518) https://github.com/dependabot;>@dependabot Bump mockito-core from 4.1.0 to 4.2.0 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/517;>#517) https://github.com/dependabot;>@dependabot Bump doxiaVersion from 1.10 to 1.11.1 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/514;>#514) https://github.com/dependabot;>@dependabot Bump mockito-core from 3.12.4 to 4.1.0 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/508;>#508) https://github.com/dependabot;>@dependabot Bump mrm-maven-plugin from 1.2.0 to 1.3.0 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/511;>#511) https://github.com/dependabot;>@dependabot Bump junit-bom from 5.8.1 to 5.8.2 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/512;>#512) https://github.com/dependabot;>@dependabot Bump maven-plugin-annotations from 3.6.1 to 3.6.2 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/513;>#513) https://github.com/dependabot;>@dependabot Bump wagonVersion from 3.4.0 to 3.4.3 (https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/496;>#496)
[GitHub] [commons-compress] kinow merged pull request #240: Bump zstd-jni from 1.5.1-1 to 1.5.2-1
kinow merged pull request #240: URL: https://github.com/apache/commons-compress/pull/240 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] kinow merged pull request #241: Bump slf4j-api from 1.7.32 to 1.7.35
kinow merged pull request #241: URL: https://github.com/apache/commons-compress/pull/241 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] dependabot[bot] opened a new pull request #241: Bump slf4j-api from 1.7.32 to 1.7.35
dependabot[bot] opened a new pull request #241: URL: https://github.com/apache/commons-compress/pull/241 Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.32 to 1.7.35. Commits https://github.com/qos-ch/slf4j/commit/02860b67ef7ff39fa9c7d98fd00da2ee913faeda;>02860b6 prepare relase 1.7.35 https://github.com/qos-ch/slf4j/commit/a622f5186a57188dab7f71651245eb91c6ac263b;>a622f51 fix maven deploy issues https://github.com/qos-ch/slf4j/commit/26068bd4bf93fcbd00185ad986dc43b79aceeb4a;>26068bd slf4j no longer references log4j https://github.com/qos-ch/slf4j/commit/0a21ee1ac1daa2d8e077bec68815421dd7a7a54a;>0a21ee1 replace references to slf4j-log4j12 https://github.com/qos-ch/slf4j/commit/51b6d20b71de75f69ee68167afbf4073c1be7c31;>51b6d20 prepare release 1.7.34 https://github.com/qos-ch/slf4j/commit/d22943faedd5da8d0321cf60437796fb53618481;>d22943f relocate slf4j-log4j12 as slf4j-reload4j https://github.com/qos-ch/slf4j/commit/19e36ffdca0218797cd23048b6547865e30e1d3a;>19e36ff make VersionUtil more robust https://github.com/qos-ch/slf4j/commit/d32d0535f7274a679c47d3354411476a86f5971a;>d32d053 fix SLF4J-535 https://github.com/qos-ch/slf4j/commit/2b657bf5dc575f32791648fd95260e33aa07687c;>2b657bf start work on 1.7.33-SNAPSHOT https://github.com/qos-ch/slf4j/commit/2758a974264ab65df3af1d473eb9423ca978c14a;>2758a97 prepare release 1.7.33 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.32...v_1.7.35;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-api=maven=1.7.32=1.7.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-compress] dependabot[bot] opened a new pull request #240: Bump zstd-jni from 1.5.1-1 to 1.5.2-1
dependabot[bot] opened a new pull request #240: URL: https://github.com/apache/commons-compress/pull/240 Bumps [zstd-jni](https://github.com/luben/zstd-jni) from 1.5.1-1 to 1.5.2-1. Commits https://github.com/luben/zstd-jni/commit/16b841192635a02292a172c28fde57a425479eab;>16b8411 Import Zstd v1.5.2 https://github.com/luben/zstd-jni/commit/1cc38de0153dd83ccd465b115c72573fe7d97930;>1cc38de Reducing synchronization in RecyclingBufferPool. https://github.com/luben/zstd-jni/commit/d786f6e6c157a289f7282d3a0116f3840d1e1f69;>d786f6e Mark deprecated APIs with https://github.com/Deprecated;>@Deprecated annotation. https://github.com/luben/zstd-jni/commit/1e7ea4d4ec144ad2cd52a3f26ab02eb9938c9943;>1e7ea4d Remove the tag on some tests that was added for https://github.com/luben/zstd-jni/commit/13711375c88ccc2291c4077f35be98552e6898be;>1371137 Expose the default compression level https://github.com/luben/zstd-jni/commit/fb16a195367d1fb6a1ed699f36fbd38b67a853b0;>fb16a19 No need for the extra reset See full diff in https://github.com/luben/zstd-jni/compare/v1.5.1-1...v1.5.2-1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni=maven=1.5.1-1=1.5.2-1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbcp] dependabot[bot] opened a new pull request #164: Bump spotbugs from 4.5.2 to 4.5.3
dependabot[bot] opened a new pull request #164: URL: https://github.com/apache/commons-dbcp/pull/164 Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.5.2 to 4.5.3. Release notes Sourced from https://github.com/spotbugs/spotbugs/releases;>spotbugs's releases. SpotBugs 4.5.3 CHANGELOG Security Bumped log4j from 2.16.0 to 2.17.1 to address https://nvd.nist.gov/vuln/detail/CVE-2021-45105;>CVE-2021-45105 and https://nvd.nist.gov/vuln/detail/CVE-2021-44832;>CVE-2021-44832 (https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/1885;>#1885, https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/1897;>#1897) Fixed Remove duplicated logging frameworks from the Eclipse plugin distribution (https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1868;>#1868) https://github.com/KengoTODA;>@KengoTODA Corrected class name validation to no longer fail for Kotlin classes on class path containing special characters. (https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1883;>#1883) https://github.com/studro;>@studro CHECKSUM file checksum (sha256) spotbugs-4.5.3-javadoc.jar c5762e13d996117c5ae94675f6ab835d515c90a8cce7d10438bb99d004e0005a spotbugs-4.5.3-sources.jar 196df4ebf7fb681cb819362461137d4e8b475b6a8229bb65363c7042924b702b spotbugs-4.5.3.tgz 7118d112804701f79172f4c3c8904832cdd085236eaa34ce847c71bddcd08927 spotbugs-4.5.3.zip 15e9ee3a0de47195e6206bb50c0c9e487627ba9affe2da586e05333c1d4a12e8 spotbugs-annotations-4.5.3-javadoc.jar 81825340a691d8b2df8670cb67db4a142d8889b32183c8f1a235bde41b9c1607 spotbugs-annotations-4.5.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad spotbugs-annotations.jar cb8ef0e128fefc3885205b09a758bcc5aeca2c4faa205195a10d22301530e4f8 spotbugs-ant-4.5.3-javadoc.jar 9b1902fea658a339414b26559c505f4244b749f823f55568ce8b6c64153b540a spotbugs-ant-4.5.3-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793 spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db spotbugs.jar 7416dda5bf6f1e2740a906bc86b0db4c4413a039cc81d5a80a171d0996708745 test-harness-4.5.3-javadoc.jar 48a87a2484c96f84292b443ec07d19b327f790b03b42294d016bd12153150540 test-harness-4.5.3-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa test-harness-4.5.3.jar 45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659 test-harness-core-4.5.3-javadoc.jar 0adc71c823667b6db8c1284ad20844ad94c59a64f60df108c3c8c99b7b854b08 test-harness-core-4.5.3-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a test-harness-core-4.5.3.jar fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285 test-harness-jupiter-4.5.3-javadoc.jar c612793dda9d1aef37420e35e415cf54b66fa5348540726ece51ae72d8a81dcc test-harness-jupiter-4.5.3-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315 test-harness-jupiter-4.5.3.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4 Changelog Sourced from https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md;>spotbugs's changelog. 4.5.3 - 2022-01-04 Security Bumped log4j from 2.16.0 to 2.17.1 to address https://nvd.nist.gov/vuln/detail/CVE-2021-45105;>CVE-2021-45105 and https://nvd.nist.gov/vuln/detail/CVE-2021-44832;>CVE-2021-44832 (https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/1885;>#1885, https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/1897;>#1897) Fixed Remove duplicated logging frameworks from the Eclipse plugin distribution (https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1868;>#1868) Corrected class name validation to no longer fail for Kotlin classes on class path containing special characters. (https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1883;>#1883) Commits https://github.com/spotbugs/spotbugs/commit/e7aaa9c69e623c15c30a3210f8a041b0116150e3;>e7aaa9c release 4.5.3 https://github.com/spotbugs/spotbugs/commit/13530c7d2f17f6163f3ccc95eb6935a714bf559e;>13530c7 chore: replace all CRLF with LF https://github.com/spotbugs/spotbugs/commit/df0505a75003213845889444c847bfa1b3c62cad;>df0505a chore: stop handling binary files as text https://github.com/spotbugs/spotbugs/commit/a262e678a6412f3e7e84295b73374190cd22fa34;>a262e67 docs: update CHANGELOG entry https://github.com/spotbugs/spotbugs/commit/f9663e68ac3d4543d940b87b704e2411e8b291a5;>f9663e6 build(deps): bump log4j-slf4j18-impl from 2.17.0 to 2.17.1
[GitHub] [commons-io] garydgregory merged pull request #320: Bump mockito-inline from 4.2.0 to 4.3.1
garydgregory merged pull request #320: URL: https://github.com/apache/commons-io/pull/320 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] dependabot[bot] opened a new pull request #320: Bump mockito-inline from 4.2.0 to 4.3.1
dependabot[bot] opened a new pull request #320: URL: https://github.com/apache/commons-io/pull/320 Bumps [mockito-inline](https://github.com/mockito/mockito) from 4.2.0 to 4.3.1. Release notes Sourced from https://github.com/mockito/mockito/releases;>mockito-inline's releases. v4.3.1 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 4.3.1 2022-01-25 - https://github.com/mockito/mockito/compare/v4.3.0...v4.3.1;>1 commit(s) by Stefano Cordio Add mockito-core to the BOM [(https://github-redirect.dependabot.com/mockito/mockito/issues/2550;>#2550)](https://github-redirect.dependabot.com/mockito/mockito/pull/2550;>mockito/mockito#2550) v4.3.0 Changelog generated by https://github.com/shipkit/shipkit-changelog;>Shipkit Changelog Gradle Plugin 4.3.0 2022-01-24 - https://github.com/mockito/mockito/compare/v4.2.0...v4.3.0;>20 commit(s) by Andrew Kozel, John Pyeatt, Liam Miller-Cushon, Thomas Keller, Tim van der Lippe, dependabot[bot], temp-droid Fixes https://github-redirect.dependabot.com/mockito/mockito/issues/2489;>#2489 : Fixed issue related to exceptions thrown from the nested spies [(https://github-redirect.dependabot.com/mockito/mockito/issues/2546;>#2546)](https://github-redirect.dependabot.com/mockito/mockito/pull/2546;>mockito/mockito#2546) Issue 2544 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2545;>#2545)](https://github-redirect.dependabot.com/mockito/mockito/pull/2545;>mockito/mockito#2545) Bump versions.bytebuddy from 1.12.6 to 1.12.7 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2543;>#2543)](https://github-redirect.dependabot.com/mockito/mockito/pull/2543;>mockito/mockito#2543) Bump com.diffplug.spotless from 6.1.2 to 6.2.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2542;>#2542)](https://github-redirect.dependabot.com/mockito/mockito/pull/2542;>mockito/mockito#2542) Bump material from 1.4.0 to 1.5.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2541;>#2541)](https://github-redirect.dependabot.com/mockito/mockito/pull/2541;>mockito/mockito#2541) Bump appcompat from 1.4.0 to 1.4.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2539;>#2539)](https://github-redirect.dependabot.com/mockito/mockito/pull/2539;>mockito/mockito#2539) Bump com.diffplug.spotless from 6.1.1 to 6.1.2 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2536;>#2536)](https://github-redirect.dependabot.com/mockito/mockito/pull/2536;>mockito/mockito#2536) Remove an @link [(https://github-redirect.dependabot.com/mockito/mockito/issues/2535;>#2535)](https://github-redirect.dependabot.com/mockito/mockito/pull/2535;>mockito/mockito#2535) Bump com.diffplug.spotless from 6.1.0 to 6.1.1 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2534;>#2534)](https://github-redirect.dependabot.com/mockito/mockito/pull/2534;>mockito/mockito#2534) Bump com.github.ben-manes.versions from 0.40.0 to 0.41.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2533;>#2533)](https://github-redirect.dependabot.com/mockito/mockito/pull/2533;>mockito/mockito#2533) Bump assertj-core from 3.21.0 to 3.22.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2531;>#2531)](https://github-redirect.dependabot.com/mockito/mockito/pull/2531;>mockito/mockito#2531) Bump com.github.ben-manes.versions from 0.39.0 to 0.40.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2529;>#2529)](https://github-redirect.dependabot.com/mockito/mockito/pull/2529;>mockito/mockito#2529) Bump com.diffplug.spotless from 6.0.5 to 6.1.0 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2527;>#2527)](https://github-redirect.dependabot.com/mockito/mockito/pull/2527;>mockito/mockito#2527) Bump kotlinx-coroutines-core from 1.5.2-native-mt to 1.6.0-native-mt [(https://github-redirect.dependabot.com/mockito/mockito/issues/2526;>#2526)](https://github-redirect.dependabot.com/mockito/mockito/pull/2526;>mockito/mockito#2526) Bump versions.bytebuddy from 1.12.5 to 1.12.6 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2524;>#2524)](https://github-redirect.dependabot.com/mockito/mockito/pull/2524;>mockito/mockito#2524) Bump com.diffplug.spotless from 6.0.4 to 6.0.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2520;>#2520)](https://github-redirect.dependabot.com/mockito/mockito/pull/2520;>mockito/mockito#2520) Bump versions.bytebuddy from 1.12.4 to 1.12.5 [(https://github-redirect.dependabot.com/mockito/mockito/issues/2519;>#2519)](https://github-redirect.dependabot.com/mockito/mockito/pull/2519;>mockito/mockito#2519) Fixes https://github-redirect.dependabot.com/mockito/mockito/issues/2510;>#2510: Remove ExpectedException from internal test suite
[jira] [Resolved] (DAEMON-437) prunsrv: Better not to redirect stdout/stderr during service installation?
[ https://issues.apache.org/jira/browse/DAEMON-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Thomas resolved DAEMON-437. Fix Version/s: 1.2.5 Resolution: Fixed FYI - a review of the docs didn't identify any updates required. > prunsrv: Better not to redirect stdout/stderr during service installation? > -- > > Key: DAEMON-437 > URL: https://issues.apache.org/jira/browse/DAEMON-437 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.2.4 >Reporter: Rainer Jung >Priority: Major > Fix For: 1.2.5 > > > I observed the following behavior when using prunsrv: > I call it with //IS//MyService and more arguments to install a Tomcat > service. Especially I use the default LocalSystem user as the user who will > run the installed service and the arguments: > --StdOutput auto ^ > --StdError auto ^ > to redirect stdout and stderr to the default files. > To install the service I use a user with Administrator privileges. Running > prunsrv to install the service now already creates the redirected stdout and > stderr files, but only writable by Administrator. > When I start the service after this service installation, it can not write to > the redirected stdout and stderr files, because it runs as a lower privileged > LocalSystem account. > Before calling redirectStdStreams() in apps/prunsrv/prunsrv.c, there is > already a special case if prunsrv was called with //TS (Run Service as > console application): > 1692 /* In debug mode allways use console */ > 1693 if (lpCmdline->dwCmdIndex != 1) > 1694 gStdwrap.szStdOutFilename = SO_STDOUTPUT; > 1695 gStdwrap.szStdErrFilename = SO_STDERROR; > 1696 } > I wonder, whether it wouldn't be better to not set the redirection file names > for other dwCmdIndex values as well. Here's the list of indexes from the > source code: > 76 L"RS", /* 2 Run Service */ > 77 L"ES", /* 3 Execute start */ > 78 L"SS", /* 4 Stop Service */ > 79 L"US", /* 5 Update Service parameters */ > 80 L"IS", /* 6 Install Service */ > 81 L"DS", /* 7 Delete Service */ > 82 L"?", /* 8 Help */ > 83 L"VS", /* 9 Version */ > IMHO 5-9 are candidates, maybe 4 and 3 as well. At least for those I would > expect that they were executed on the console and stdout/stderr would also be > expected there. But I might not be aware of use cases with other needs. > The normal prunsrv log file does have the same permission problem. But since > it contains log info about what action had been done, I am not so sure, > whether one can simply write that to stdout instead. But maybe one could use > a different default file name line MyService.manage.2021-12-07.log instead of > MyService.2021-12-07.log for the above indexes. Not nice, but I don't have a > better idea yet. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DAEMON-437) prunsrv: Better not to redirect stdout/stderr during service installation?
[ https://issues.apache.org/jira/browse/DAEMON-437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17483278#comment-17483278 ] Mark Thomas commented on DAEMON-437: Another reason to limit this to RS occurred to me. It we keep the redirection enabled for any other commands and the service is running we'll have two processes trying to write to the same file which is never a good idea. I am going to proceed with limiting this to just RS along with documentation updates as appropriate. > prunsrv: Better not to redirect stdout/stderr during service installation? > -- > > Key: DAEMON-437 > URL: https://issues.apache.org/jira/browse/DAEMON-437 > Project: Commons Daemon > Issue Type: Bug > Components: prunsrv >Affects Versions: 1.2.4 >Reporter: Rainer Jung >Priority: Major > > I observed the following behavior when using prunsrv: > I call it with //IS//MyService and more arguments to install a Tomcat > service. Especially I use the default LocalSystem user as the user who will > run the installed service and the arguments: > --StdOutput auto ^ > --StdError auto ^ > to redirect stdout and stderr to the default files. > To install the service I use a user with Administrator privileges. Running > prunsrv to install the service now already creates the redirected stdout and > stderr files, but only writable by Administrator. > When I start the service after this service installation, it can not write to > the redirected stdout and stderr files, because it runs as a lower privileged > LocalSystem account. > Before calling redirectStdStreams() in apps/prunsrv/prunsrv.c, there is > already a special case if prunsrv was called with //TS (Run Service as > console application): > 1692 /* In debug mode allways use console */ > 1693 if (lpCmdline->dwCmdIndex != 1) > 1694 gStdwrap.szStdOutFilename = SO_STDOUTPUT; > 1695 gStdwrap.szStdErrFilename = SO_STDERROR; > 1696 } > I wonder, whether it wouldn't be better to not set the redirection file names > for other dwCmdIndex values as well. Here's the list of indexes from the > source code: > 76 L"RS", /* 2 Run Service */ > 77 L"ES", /* 3 Execute start */ > 78 L"SS", /* 4 Stop Service */ > 79 L"US", /* 5 Update Service parameters */ > 80 L"IS", /* 6 Install Service */ > 81 L"DS", /* 7 Delete Service */ > 82 L"?", /* 8 Help */ > 83 L"VS", /* 9 Version */ > IMHO 5-9 are candidates, maybe 4 and 3 as well. At least for those I would > expect that they were executed on the console and stdout/stderr would also be > expected there. But I might not be aware of use cases with other needs. > The normal prunsrv log file does have the same permission problem. But since > it contains log info about what action had been done, I am not so sure, > whether one can simply write that to stdout instead. But maybe one could use > a different default file name line MyService.manage.2021-12-07.log instead of > MyService.2021-12-07.log for the above indexes. Not nice, but I don't have a > better idea yet. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [commons-io] chadlwilson commented on pull request #319: Fixes regression on copyURLToFile with partial regression tests
chadlwilson commented on pull request #319: URL: https://github.com/apache/commons-io/pull/319#issuecomment-1023281649 > > If the intent is to re-use NIO logic, I suppose the `Files.copy` could be preceded by `Files.createDirectories(destination.getParentFile().toPath());` > > The usage of `Files.copy` probably also needs `CopyOptions.REPLACE_EXISTING`. Haven't thought through all the other cases either, as there are some missing exception cases here in the tests. > > Hi @chadlwilson Yes, the idea is to use NIO. Would you adjust the PR? I don't really understand the original "NIO" change, because - there doesn't seem to be a linked JIRA issue explaining what is trying to be fixed/addressed? - it wasn't consistent as it was - `FileUtils.copyURLToFile(url, file, connTimeout, readTimeout)` wasn't using the NIO mechanism, so it made the two overloads have different semantics. - the comment was `Use NIO internally to avoid using finalizable FileInputStream.` but I don't understand what this meant. In both cases the input stream was opened on the URL with `url.openStream()` in the calling method, and I don't understand what `FileInputStream` has to do with the change, as the type of stream depends on the URL type? From my perspective, right now `master` is broken and probably not releasable - and I felt it would be better to take it back to a working/releasable state and then re-introduce NIO changes when the intent is clearer and there is sufficient time to ensure there aren't regressions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-io] garydgregory commented on pull request #319: Fixes regression on copyURLToFile with partial regression tests
garydgregory commented on pull request #319: URL: https://github.com/apache/commons-io/pull/319#issuecomment-1023235829 > If the intent is to re-use NIO logic, I suppose the `Files.copy` could be preceded by `Files.createDirectories(destination.getParentFile().toPath());` > > The usage of `Files.copy` probably also needs `CopyOptions.REPLACE_EXISTING`. Haven't thought through all the other cases either, as there are some missing exception cases here in the tests. Hi @chadlwilson Yes, the idea is to use NIO. Would you adjust the PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] garydgregory commented on pull request #850: improve DateUtils by adding calenda.month in comparison in considerin…
garydgregory commented on pull request #850: URL: https://github.com/apache/commons-lang/pull/850#issuecomment-1023182605 Hello @SophieHYe and thank you for your interest in Apache Commons Lang ! :-) Without looking too deeply at the specifics of this change I can tell you that this kind of update or fix should be accompanied by a change in Javadoc (if it matters which may not be the case here) and a test that fails without the main change to show what the PR does. Now, specifically, if you cannot cause a test to fail with the current behavior, then you've not fixed anything, so what are you trying to fix? How can the months mismatch when the day of year match? What am I missing? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] aherbert edited a comment on pull request #850: improve DateUtils by adding calenda.month in comparison in considerin…
aherbert edited a comment on pull request #850: URL: https://github.com/apache/commons-lang/pull/850#issuecomment-1023147525 Note that this calendar comparison currently uses DAY_OF_YEAR. If we use DAY_OF_MONTH then it would require a check of the month too. The DAY_OF_YEAR check will compare all 365 (366) possible day values. This makes the DAY_OF_MONTH check redundant. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] aherbert commented on pull request #850: improve DateUtils by adding calenda.month in comparison in considerin…
aherbert commented on pull request #850: URL: https://github.com/apache/commons-lang/pull/850#issuecomment-1023147525 Note that this calendar comparison currently uses DAY_OF_YEAR. If we use DAY_OF_MONTH then it would require a check of the month too. The DAY_OF_YEAR check will compare all 365 (366) possible day values. This makes the DAY_OF_MONTH check is redundant. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-lang] SophieHYe opened a new pull request #850: improve DateUtils by adding calenda.month in comparison in considerin…
SophieHYe opened a new pull request #850: URL: https://github.com/apache/commons-lang/pull/850 Modified DateUtils method isSameLocalTime: adding the same month in consideration when comparing the same local time :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Deleted] (SANDBOX-514) CLONE - Use 'Converter' instead of 'Transformer'
[ https://issues.apache.org/jira/browse/SANDBOX-514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gilles Sadowski deleted SANDBOX-514: > CLONE - Use 'Converter' instead of 'Transformer' > - > > Key: SANDBOX-514 > URL: https://issues.apache.org/jira/browse/SANDBOX-514 > Project: Commons Sandbox > Issue Type: Sub-task >Reporter: Richard dodson >Assignee: Benedikt Ritter >Priority: Major > > 'Type conversion' is a more commons term than 'type transformation'. We > should rename the TransformerRegistry and the TransformationException > according to this. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SANDBOX-479) IP Clearance for Commons RDF
[ https://issues.apache.org/jira/browse/SANDBOX-479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17482998#comment-17482998 ] Gilles Sadowski commented on SANDBOX-479: - Attachment deleted. http://incubator.apache.org/ip-clearance/commons-rdf.html is a dangling link. Can this old report be closed? > IP Clearance for Commons RDF > > > Key: SANDBOX-479 > URL: https://issues.apache.org/jira/browse/SANDBOX-479 > Project: Commons Sandbox > Issue Type: Task >Reporter: Sergio Fernández >Priority: Blocker > > [Commons RDF|https://github.com/wikier/commons-rdf] is a library which > provides a set of interfaces for the RDF 1.1 concepts that can be used to > expose common RDF 1.1 concepts using common Java interfaces. The goal is to > provide agreed and clear interfaces that could be implemented by the upcoming > versions of the main Java toolkits (Apache Jena 3.0 and OpenRDF Sesame 4.0) > as well as reused by existing wrappers. > Since the base code has beed developed outside of the Apache process, it's > required to go through the IP Clearance procedure as described at > http://incubator.apache.org/ip-clearance/ > This issue will act as a tracking point for tasks related to carrying out the > IP Clearance process. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (SANDBOX-479) IP Clearance for Commons RDF
[ https://issues.apache.org/jira/browse/SANDBOX-479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gilles Sadowski updated SANDBOX-479: Attachment: (was: 88e632e.diff.zip) > IP Clearance for Commons RDF > > > Key: SANDBOX-479 > URL: https://issues.apache.org/jira/browse/SANDBOX-479 > Project: Commons Sandbox > Issue Type: Task >Reporter: Sergio Fernández >Priority: Blocker > > [Commons RDF|https://github.com/wikier/commons-rdf] is a library which > provides a set of interfaces for the RDF 1.1 concepts that can be used to > expose common RDF 1.1 concepts using common Java interfaces. The goal is to > provide agreed and clear interfaces that could be implemented by the upcoming > versions of the main Java toolkits (Apache Jena 3.0 and OpenRDF Sesame 4.0) > as well as reused by existing wrappers. > Since the base code has beed developed outside of the Apache process, it's > required to go through the IP Clearance procedure as described at > http://incubator.apache.org/ip-clearance/ > This issue will act as a tracking point for tasks related to carrying out the > IP Clearance process. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOGGING-180) Upgrade commons logging log4j dependency versions to 2.17.0 and above
[ https://issues.apache.org/jira/browse/LOGGING-180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17482957#comment-17482957 ] Bernd Eckenfels commented on LOGGING-180: - I wonder if we could use reload4j ;) > Upgrade commons logging log4j dependency versions to 2.17.0 and above > - > > Key: LOGGING-180 > URL: https://issues.apache.org/jira/browse/LOGGING-180 > Project: Commons Logging > Issue Type: Bug >Affects Versions: 1.1.1, 1.2 >Reporter: Swyrik Thupili >Priority: Major > > Please update the log4j 2 version to the log4j 2.17.0 and above. As the > current versions are susceptible to > [CVE-2021-44832|https://github.com/advisories/GHSA-8489-44mv-ggj8] Security > Vulnerability. -- This message was sent by Atlassian Jira (v8.20.1#820001)