[jira] [Commented] (OFBIZ-12729) Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos

2023-01-06 Thread Jacques Le Roux (Jira) 


[ 
https://issues.apache.org/jira/browse/OFBIZ-12729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655518#comment-17655518
 ] 

Jacques Le Roux commented on OFBIZ-12729:
-

There is a conflict for 22.01 with GH action gradle.yaml.patch, here the right 
patch:  [^GH action gradle.yaml 22.01.patch] 

> Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos
> -
>
> Key: OFBIZ-12729
> URL: https://issues.apache.org/jira/browse/OFBIZ-12729
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: BuildBot, Demo, GitHub
>Affects Versions: 22.01.01, Upcoming Branch
> Environment: GitHub Action and BuildBot (ie OFBiz CI) and demos
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Buildbot ofbiz.py-1.patch, Buildbot ofbiz.py.patch, GH 
> action gradle.yaml 22.01.patch, GH action gradle.yaml.patch, JDK 17.patch
>
>
> After [several discussions on dev 
> ML|https://lists.apache.org/list?d...@ofbiz.apache.org:lte=3y:jdk%2017], we 
> decided to use JDK 17 in our CI in place of JDK 11. JDK 11 is no longer 
> freely supported in 2023. JDK 17 is a LTS version freely supported until 
> 2026.  Another one is JDK 21 supported until 2028. For JDK 21, it's specifed 
> at [https://www.oracle.com/java/technologies/java-se-support-roadmap.html:]
> {quote}*** LTS/non-LTS designation and dates are subject to change.
> {quote}
> Using JDK 17 implies to use a Gradle version supporting it. The last one is 
> currently 7.6.
> For demos this has also another implication. As we no longer support the 
> 18.12 branch and it's still the current stable, we need to create a 23.01 
> branch to be the next demo, having the 22.01 branch being the new stable with 
> all branches using JDK 17.
> It's better to do all that (CI and demos) in one well prepared step in order 
> to avoid confusion and duplicate efforts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-12729) Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos

2023-01-06 Thread Jacques Le Roux (Jira) 


 [ 
https://issues.apache.org/jira/browse/OFBIZ-12729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-12729:

Attachment: GH action gradle.yaml 22.01.patch

> Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos
> -
>
> Key: OFBIZ-12729
> URL: https://issues.apache.org/jira/browse/OFBIZ-12729
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: BuildBot, Demo, GitHub
>Affects Versions: 22.01.01, Upcoming Branch
> Environment: GitHub Action and BuildBot (ie OFBiz CI) and demos
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Buildbot ofbiz.py-1.patch, Buildbot ofbiz.py.patch, GH 
> action gradle.yaml 22.01.patch, GH action gradle.yaml.patch, JDK 17.patch
>
>
> After [several discussions on dev 
> ML|https://lists.apache.org/list?d...@ofbiz.apache.org:lte=3y:jdk%2017], we 
> decided to use JDK 17 in our CI in place of JDK 11. JDK 11 is no longer 
> freely supported in 2023. JDK 17 is a LTS version freely supported until 
> 2026.  Another one is JDK 21 supported until 2028. For JDK 21, it's specifed 
> at [https://www.oracle.com/java/technologies/java-se-support-roadmap.html:]
> {quote}*** LTS/non-LTS designation and dates are subject to change.
> {quote}
> Using JDK 17 implies to use a Gradle version supporting it. The last one is 
> currently 7.6.
> For demos this has also another implication. As we no longer support the 
> 18.12 branch and it's still the current stable, we need to create a 23.01 
> branch to be the next demo, having the 22.01 branch being the new stable with 
> all branches using JDK 17.
> It's better to do all that (CI and demos) in one well prepared step in order 
> to avoid confusion and duplicate efforts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #517: Codenarc integration

2023-01-06 Thread GitBox 


sonarcloud[bot] commented on PR #517:
URL: https://github.com/apache/ofbiz-framework/pull/517#issuecomment-1373892474

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_ofbiz-framework=517)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=517=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=517=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=517=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=517=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=517)
 No Coverage information  
   
[![2.1%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'2.1%')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=517=new_duplicated_lines_density=list)
 [2.1% 
Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=517=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ofbiz-framework]: Workflow run "Java CI with Gradle" failed!

2023-01-06 Thread GitBox 


The GitHub Actions job "Java CI with Gradle" on ofbiz-framework.git has failed.
Run started by GitHub user gilPts (triggered by gilPts).

Head commit for run:
ad4efa42868ee3521a021ca4625357d69ef7ce10 / Gil Portenseigne 
Fix codenarc SpaceAfterCatch rules : Check that there is exactly one space 
(blank) after the catch keyword and before the opening parenthesis.

Report URL: https://github.com/apache/ofbiz-framework/actions/runs/3856935587

With regards,
GitHub Actions via GitBox

[jira] [Commented] (OFBIZ-12729) Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos

2023-01-06 Thread Jacques Le Roux (Jira) 


[ 
https://issues.apache.org/jira/browse/OFBIZ-12729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655512#comment-17655512
 ] 

Jacques Le Roux commented on OFBIZ-12729:
-

Ah, Jira changed, it now adds a suffix number to patches instead of graying old 
ones.

> Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos
> -
>
> Key: OFBIZ-12729
> URL: https://issues.apache.org/jira/browse/OFBIZ-12729
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: BuildBot, Demo, GitHub
>Affects Versions: 22.01.01, Upcoming Branch
> Environment: GitHub Action and BuildBot (ie OFBiz CI) and demos
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Buildbot ofbiz.py-1.patch, Buildbot ofbiz.py.patch, GH 
> action gradle.yaml.patch, JDK 17.patch
>
>
> After [several discussions on dev 
> ML|https://lists.apache.org/list?d...@ofbiz.apache.org:lte=3y:jdk%2017], we 
> decided to use JDK 17 in our CI in place of JDK 11. JDK 11 is no longer 
> freely supported in 2023. JDK 17 is a LTS version freely supported until 
> 2026.  Another one is JDK 21 supported until 2028. For JDK 21, it's specifed 
> at [https://www.oracle.com/java/technologies/java-se-support-roadmap.html:]
> {quote}*** LTS/non-LTS designation and dates are subject to change.
> {quote}
> Using JDK 17 implies to use a Gradle version supporting it. The last one is 
> currently 7.6.
> For demos this has also another implication. As we no longer support the 
> 18.12 branch and it's still the current stable, we need to create a 23.01 
> branch to be the next demo, having the 22.01 branch being the new stable with 
> all branches using JDK 17.
> It's better to do all that (CI and demos) in one well prepared step in order 
> to avoid confusion and duplicate efforts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-12729) Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos

2023-01-06 Thread Jacques Le Roux (Jira) 


 [ 
https://issues.apache.org/jira/browse/OFBIZ-12729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-12729:

Attachment: Buildbot ofbiz.py-1.patch

> Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos
> -
>
> Key: OFBIZ-12729
> URL: https://issues.apache.org/jira/browse/OFBIZ-12729
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: BuildBot, Demo, GitHub
>Affects Versions: 22.01.01, Upcoming Branch
> Environment: GitHub Action and BuildBot (ie OFBiz CI) and demos
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Buildbot ofbiz.py-1.patch, Buildbot ofbiz.py.patch, GH 
> action gradle.yaml.patch, JDK 17.patch
>
>
> After [several discussions on dev 
> ML|https://lists.apache.org/list?d...@ofbiz.apache.org:lte=3y:jdk%2017], we 
> decided to use JDK 17 in our CI in place of JDK 11. JDK 11 is no longer 
> freely supported in 2023. JDK 17 is a LTS version freely supported until 
> 2026.  Another one is JDK 21 supported until 2028. For JDK 21, it's specifed 
> at [https://www.oracle.com/java/technologies/java-se-support-roadmap.html:]
> {quote}*** LTS/non-LTS designation and dates are subject to change.
> {quote}
> Using JDK 17 implies to use a Gradle version supporting it. The last one is 
> currently 7.6.
> For demos this has also another implication. As we no longer support the 
> 18.12 branch and it's still the current stable, we need to create a 23.01 
> branch to be the next demo, having the 22.01 branch being the new stable with 
> all branches using JDK 17.
> It's better to do all that (CI and demos) in one well prepared step in order 
> to avoid confusion and duplicate efforts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-12729) Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos

2023-01-06 Thread Jacques Le Roux (Jira) 


[ 
https://issues.apache.org/jira/browse/OFBIZ-12729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655511#comment-17655511
 ] 

Jacques Le Roux commented on OFBIZ-12729:
-

Replace  Buildbot ofbiz.py.patch we don't want to change 18.12. It needs to 
still use JDK 11. Here is the new patch [^Buildbot ofbiz.py.patch] 

> Use JDK 17 in GitHub Action, BuildBot (ie OFBiz CI) and demos
> -
>
> Key: OFBIZ-12729
> URL: https://issues.apache.org/jira/browse/OFBIZ-12729
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: BuildBot, Demo, GitHub
>Affects Versions: 22.01.01, Upcoming Branch
> Environment: GitHub Action and BuildBot (ie OFBiz CI) and demos
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Buildbot ofbiz.py-1.patch, Buildbot ofbiz.py.patch, GH 
> action gradle.yaml.patch, JDK 17.patch
>
>
> After [several discussions on dev 
> ML|https://lists.apache.org/list?d...@ofbiz.apache.org:lte=3y:jdk%2017], we 
> decided to use JDK 17 in our CI in place of JDK 11. JDK 11 is no longer 
> freely supported in 2023. JDK 17 is a LTS version freely supported until 
> 2026.  Another one is JDK 21 supported until 2028. For JDK 21, it's specifed 
> at [https://www.oracle.com/java/technologies/java-se-support-roadmap.html:]
> {quote}*** LTS/non-LTS designation and dates are subject to change.
> {quote}
> Using JDK 17 implies to use a Gradle version supporting it. The last one is 
> currently 7.6.
> For demos this has also another implication. As we no longer support the 
> 18.12 branch and it's still the current stable, we need to create a 23.01 
> branch to be the next demo, having the 22.01 branch being the new stable with 
> all branches using JDK 17.
> It's better to do all that (CI and demos) in one well prepared step in order 
> to avoid confusion and duplicate efforts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-12726) Running integration tests under Gradle 7.6 and JDK 17 fails

2023-01-06 Thread Jacques Le Roux (Jira) 


 [ 
https://issues.apache.org/jira/browse/OFBIZ-12726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-12726:

Fix Version/s: (was: Upcoming Branch)

> Running integration tests under Gradle 7.6 and JDK 17 fails
> ---
>
> Key: OFBIZ-12726
> URL: https://issues.apache.org/jira/browse/OFBIZ-12726
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL COMPONENTS
>Affects Versions: 22.01.01
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Blocker
>
> Following our discussion at 
> https://lists.apache.org/thread/kr4v21lxx493byzgpdrzfbz3whhbm82m I ran the 
> integration tests and found that we currently have 322 errors and 190 
> failures :/ 
> It's a blocker for releasing...



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [ofbiz-framework] JacquesLeRoux merged pull request #575: Bump dompurify from 2.4.1 to 2.4.2 in /themes/common-theme/webapp/common-theme/js

2023-01-06 Thread GitBox 


JacquesLeRoux merged PR #575:
URL: https://github.com/apache/ofbiz-framework/pull/575


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ofbiz-framework]: Workflow run "Java CI with Gradle" is working again!

2023-01-06 Thread GitBox 


The GitHub Actions job "Java CI with Gradle" on ofbiz-framework.git has 
succeeded.
Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]).

Head commit for run:
56f5e23c560ca1ddc319ce0544ea337f9b7795e9 / dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
Bump dompurify in /themes/common-theme/webapp/common-theme/js

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/2.4.1...2.4.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 

Report URL: https://github.com/apache/ofbiz-framework/actions/runs/3855457176

With regards,
GitHub Actions via GitBox

[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #575: Bump dompurify from 2.4.1 to 2.4.2 in /themes/common-theme/webapp/common-theme/js

2023-01-06 Thread GitBox 


sonarcloud[bot] commented on PR #575:
URL: https://github.com/apache/ofbiz-framework/pull/575#issuecomment-1373601409

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_ofbiz-framework=575)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=575=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=575=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework=575=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=575=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=575)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=575=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=575=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ofbiz-framework] dependabot[bot] opened a new pull request, #575: Bump dompurify from 2.4.1 to 2.4.2 in /themes/common-theme/webapp/common-theme/js

2023-01-06 Thread GitBox 


dependabot[bot] opened a new pull request, #575:
URL: https://github.com/apache/ofbiz-framework/pull/575

   Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.4.1 to 2.4.2.
   
   Release notes
   Sourced from https://github.com/cure53/DOMPurify/releases;>dompurify's 
releases.
   
   DOMPurify 2.4.2
   
   Fixed a Trusted Types sink violation with empty input and NAMESPACE , 
thanks https://github.com/tosmolka;>@​tosmolka
   Fixed a Prototype Pollution issue discovered and reported by https://github.com/kevin-mizu;>@​kevin-mizu
   
   
   
   
   Commits
   
   https://github.com/cure53/DOMPurify/commit/f1e180f2766a10b7a88ee133cd4d1d8e44e5;>f1e180f
 fix: merged from latest main
   https://github.com/cure53/DOMPurify/commit/7707778e05f7f4a3a92b8852504fabf9a16dedc1;>7707778
 Update README.md
   https://github.com/cure53/DOMPurify/commit/5267b042c3ba45e4e0a06816056028d8fee2df67;>5267b04
 chore: Preparing 2.4.2 release
   https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc;>d1dd037
 fix: Fixed a prototype pollution bug reported by https://github.com/kevin;>@​kevin_mizu
   https://github.com/cure53/DOMPurify/commit/24d2a7ff6f39e702b90468293400674ebb93b388;>24d2a7f
 Merge pull request https://github-redirect.dependabot.com/cure53/DOMPurify/issues/748;>#748
 from tosmolka/tosmolka/747
   https://github.com/cure53/DOMPurify/commit/7de86a0719bc7b13e2f398fa13a070ec7a17ff6b;>7de86a0
 Fix formatting
   https://github.com/cure53/DOMPurify/commit/191cc0022e496875c40b598acfd988b46112c6b9;>191cc00
 Fix Trusted Types Sink violation with empty input and NAMESPACE
   https://github.com/cure53/DOMPurify/commit/4945074eb6cb4994eedc4d57dd4582f438f8dcf4;>4945074
 Merge pull request https://github-redirect.dependabot.com/cure53/DOMPurify/issues/745;>#745
 from cure53/dependabot/npm_and_yarn/qs-and-body-parse...
   https://github.com/cure53/DOMPurify/commit/7e9fcd911eb20b702189de5960e698c41e69d3cd;>7e9fcd9
 build(deps): bump qs and body-parser
   https://github.com/cure53/DOMPurify/commit/2734b2db38ec39f03ac92878e7499890dfc6;>2734b2d
 Merge pull request https://github-redirect.dependabot.com/cure53/DOMPurify/issues/737;>#737
 from cure53/dependabot/npm_and_yarn/engine.io-and-soc...
   Additional commits viewable in https://github.com/cure53/DOMPurify/compare/2.4.1...2.4.2;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify=npm_and_yarn=2.4.1=2.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org