From a2118018c8e0618a92f9fd0affebc5773b4e355f Mon Sep 17 00:00:00 2001 From: sullis Date: Wed, 21 Aug 2024 10:00:04 -0700 Subject: [PATCH 01/48] brotli 1.17.0 (#1974) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ed8466618..1e10b9566 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ 4.1.112.Final 0.0.25.Final - 1.16.0 + 1.17.0 2.0.13 1.5.6-4 2.0.1 From fca9c6732838b3817a5ecca2b0aadcd6a62bd385 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Wed, 21 Aug 2024 22:37:31 +0530 Subject: [PATCH 02/48] Enable Dependabot (#1975) --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..f4538d3c7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "maven" + directories: + - "/" + schedule: + interval: "daily" + - package-ecosystem: "github-actions" + directories: + - "/" + schedule: + interval: "daily" From db5116baf58d01a72d1417af11b0fbff99b0877a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 22:45:03 +0530 Subject: [PATCH 03/48] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.4.0 (#1979) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.2.5 to 3.4.0.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.3.0

Release Notes - Maven Surefire - Version 3.3.0

What's Changed

... (truncated)

Commits
  • 3ae062d [maven-release-plugin] prepare release surefire-3.4.0
  • f0de8c0 Bump org.htmlunit:htmlunit from 4.3.0 to 4.4.0
  • 817695a Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.16.0
  • 675c02a Bump org.apache.commons:commons-compress from 1.26.2 to 1.27.0
  • 4bd36a1 [SUREFIRE-1385] Add new parameter "promoteUserPropertiesToSystemProperties" (...
  • 1d19ec8 [Doc] Failsafe Verify goal should mention failsafe
  • a93783a [SUREFIRE-2251] [REGRESSION] java.lang.NoSuchMethodException: org.apache.mave...
  • daa011b Bump org.assertj:assertj-core from 3.26.0 to 3.26.3
  • 805f6b7 Improve internal field order
  • 26ae10d Remove outdated invoker conditions
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.2.5&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1e10b9566..b847f2923 100644 --- a/pom.xml +++ b/pom.xml @@ -337,7 +337,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.5 + 3.4.0 @{argLine} --add-exports java.base/jdk.internal.misc=ALL-UNNAMED From a1caeeec385133309b3942a4bd60d2ace17c2aac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 22:45:48 +0530 Subject: [PATCH 04/48] Bump s4u/maven-settings-action from 2.2.0 to 3.0.0 (#1976) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) from 2.2.0 to 3.0.0.
Release notes

Sourced from s4u/maven-settings-action's releases.

v3.0.0

What's Changed

:fire: New features

  • Add support for custom repositories #319
  • Upgrade Node runtime to 20 #320
  • Use Node 20 by Action #322

:toolbox: Dependency updates

  • Bump eslint from 8.27.0 to 8.28.0 #259
  • Bump eslint from 8.28.0 to 8.29.0 #261
  • Bump eslint from 8.29.0 to 8.30.0 #262
  • Bump json5 from 2.2.1 to 2.2.3 #264
  • Bump eslint from 8.30.0 to 8.32.0 #265
  • Bump eslint from 8.32.0 to 8.33.0 #268
  • Bump eslint from 8.33.0 to 8.34.0 #271
  • Bump eslint from 8.34.0 to 8.35.0 #273
  • Bump eslint from 8.35.0 to 8.36.0 #275
  • Bump eslint from 8.36.0 to 8.37.0 #276
  • Bump @​xmldom/xmldom from 0.8.6 to 0.8.7 #277
  • Bump eslint from 8.37.0 to 8.38.0 #280
  • Bump eslint from 8.38.0 to 8.39.0 #281
  • Bump eslint from 8.39.0 to 8.40.0 #282
  • Bump eslint from 8.40.0 to 8.41.0 #284
  • Bump @​xmldom/xmldom from 0.8.7 to 0.8.8 #285
  • Bump eslint from 8.41.0 to 8.42.0 #286
  • Bump eslint from 8.42.0 to 8.43.0 #287
  • Fix npm audit - update semver and word-wrap #298
  • Bump eslint from 8.43.0 to 8.45.0 #295
  • Bump @​xmldom/xmldom from 0.8.8 to 0.8.10 #297
  • Bump eslint from 8.45.0 to 8.46.0 #300
  • Bump eslint from 8.46.0 to 8.47.0 #301
  • Bump eslint from 8.47.0 to 8.48.0 #304
  • Bump actions/checkout from 3 to 4 #305
  • Bump eslint from 8.48.0 to 8.49.0 #306
  • Bump @​actions/core from 1.10.0 to 1.10.1 #308
  • Bump eslint from 8.49.0 to 8.50.0 #309
  • Bump eslint from 8.50.0 to 8.51.0 #310
  • Bump @​babel/traverse from 7.20.1 to 7.23.2 #311
  • Bump eslint from 8.51.0 to 8.52.0 #312
  • Bump eslint from 8.52.0 to 8.53.0 #314
  • Bump eslint from 8.53.0 to 8.54.0 #315
  • Bump eslint from 8.54.0 to 8.55.0 #317
  • Bump eslint from 8.55.0 to 8.56.0 #318
  • Bump actions/setup-node from 3 to 4 #313
  • Bump actions/setup-java from 3 to 4 #316
  • Bump jest from 28.1.3 to 29.7.0 #307
  • Refresh dependencies by npm updates #321

... (truncated)

Commits
  • 7802f6a Update packages for release branch
  • 2300ba8 prepare release 3.0.0
  • d7a1cbd Use Node 20 by Action
  • ac4057b Refresh dependencies by npm updates
  • 89310fb Bump jest from 28.1.3 to 29.7.0
  • d8e9709 Upgrade Node runtime to 20
  • 879f94d Add support for custom repositories
  • 25432ff Bump actions/setup-java from 3 to 4
  • fa97405 Bump actions/setup-node from 3 to 4
  • b09cecc Bump eslint from 8.55.0 to 8.56.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=s4u/maven-settings-action&package-manager=github_actions&previous-version=2.2.0&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 51dc38f90..fbc5f03d0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: run: rm -f /home/runner/.m2/settings.xml - name: Maven Settings - uses: s4u/maven-settings-action@v2.2.0 + uses: s4u/maven-settings-action@v3.0.0 with: servers: | [{ From d5701ca89b4e140438ce3f77664c721d3938a217 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 22:46:04 +0530 Subject: [PATCH 05/48] Bump crazy-max/ghaction-import-gpg from 5.2.0 to 6.1.0 (#1977) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5.2.0 to 6.1.0.
Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v6.1.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.0.0...v6.1.0

v6.0.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v5.4.0...v6.0.0

v5.4.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v5.3.0...v5.4.0

v5.3.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v5.2.0...v5.3.0

Commits
  • 01dd5d3 Merge pull request #186 from crazy-max/dependabot/npm_and_yarn/actions/core-1...
  • ab787ac chore: update generated content
  • c63a019 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
  • 81f63a8 Merge pull request #191 from crazy-max/dependabot/npm_and_yarn/babel/traverse...
  • 98ff7fb Merge pull request #190 from crazy-max/dependabot/npm_and_yarn/debug-4.3.4
  • e83a2ea Merge pull request #193 from crazy-max/dependabot/github_actions/actions/gith...
  • 2e40814 Merge pull request #192 from crazy-max/dependabot/npm_and_yarn/openpgp-5.11.0
  • 480319b chore: update generated content
  • 019a31d build(deps): bump actions/github-script from 6 to 7
  • 24f4ba9 build(deps): bump openpgp from 5.10.1 to 5.11.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crazy-max/ghaction-import-gpg&package-manager=github_actions&previous-version=5.2.0&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fbc5f03d0..d6d171da6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: }] - name: Import GPG - uses: crazy-max/ghaction-import-gpg@v5.2.0 + uses: crazy-max/ghaction-import-gpg@v6.1.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From 65c8aa43dc970481ddfda746de091f702b757fe4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 22:50:25 +0530 Subject: [PATCH 06/48] Bump com.google.errorprone:error_prone_core from 2.25.0 to 2.30.0 (#1978) Bumps [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) from 2.25.0 to 2.30.0.
Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.30.0

New checks:

Closed issues: #632, #4487

Full changelog: https://github.com/google/error-prone/compare/v2.29.2...v2.30.0

Error Prone 2.29.2

This release contains all of the changes in 2.29.0 and 2.29.1, plus:

Full Changelog: https://github.com/google/error-prone/compare/v2.29.1...v2.29.2

Error Prone 2.29.1

This release contains all of the changes in 2.29.0, plus:

Full Changelog: https://github.com/google/error-prone/compare/v2.29.0...v2.29.1

Error Prone 2.29.0

New checks:

Closed issues: #4318, #4429, #4467

Full Changelog: https://github.com/google/error-prone/compare/v2.28.0...v2.29.0

Error Prone 2.28.0

Error Prone nows supports the latest JDK 23 EA builds (#4412, #4415).

Closed issues:

  • Improved errors for invalid check severities (#4306).
  • Fix a crash with nested instanceof patterns (#4349).
  • Fix a crash in JUnitIncompatibleType (#4377).
  • In ObjectEqualsForPrimitives, don't suggest replacing equal with == for floating-point values (#4392).

New checks:

... (truncated)

Commits
  • 5ada179 Release Error Prone 2.30.0
  • af175b0 Don't fire the CanIgnoreReturnValueSuggester for `dagger.producers.Producti...
  • ba8f9a2 Do not update getters that override methods from a superclass.
  • a706e8d Add ability to suppress warning for the entire AutoValue class
  • 86df5cf Convert some simple blocks to return switches using yield
  • 474554a Remove // fall out comments, which are sometimes used to document an empty ...
  • ac7ebf5 Handle var in MustBeClosedChecker
  • ccd3ca6 Add handling of toBuilder()
  • d887307 Omit some unnecessary break statements when translating to -> switches
  • fe07236 Add Error Prone check for unnecessary boxed types in AutoValue classes.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.errorprone:error_prone_core&package-manager=maven&previous-version=2.25.0&new-version=2.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b847f2923..d5478a05a 100644 --- a/pom.xml +++ b/pom.xml @@ -322,7 +322,7 @@ com.google.errorprone error_prone_core - 2.25.0 + 2.30.0 com.uber.nullaway From fb20095a7066c709b5f71a194bd263131b994987 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 23:06:20 +0530 Subject: [PATCH 07/48] Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.1 (#1981) Bumps [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.2.1 to 3.3.1.
Commits
  • f80596e [maven-release-plugin] prepare release maven-source-plugin-3.3.1
  • 7626998 Bump apache/maven-gh-actions-shared from 3 to 4
  • 83c963c Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#18)
  • 40ae495 Bump org.codehaus.plexus:plexus-archiver from 4.8.0 to 4.9.1 (#20)
  • 073462b Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.1 (#21)
  • 0b1c823 Fix typos in AbstractSourceJarMojo exception
  • 099c65a [MSOURCES-142] Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (...
  • 1edeea4 [MSOURCES-139] Fix typo in AbstractSourceJarMojo exception
  • 436966e [maven-release-plugin] prepare for next development iteration
  • 02a9847 [maven-release-plugin] prepare release maven-source-plugin-3.3.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-source-plugin&package-manager=maven&previous-version=3.2.1&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d5478a05a..ffb0ffbed 100644 --- a/pom.xml +++ b/pom.xml @@ -368,7 +368,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + 3.3.1 attach-sources From 5e3ff99012331b0889f5e378735c63af8345803a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 23:06:30 +0530 Subject: [PATCH 08/48] Bump com.uber.nullaway:nullaway from 0.10.10 to 0.11.2 (#1980) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.10.10 to 0.11.2.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.11.2

  • JSpecify: add another bailout check for raw types (#1021)
  • JSpecify: handle intersection type in one place (#1015)
  • JSpecify: fix for crash with wildcard types (#1020)
  • Maintenance:

NullAway 0.11.1

  • Fix issue 1008 (#1009)
  • JSpecify: read upper bound annotations from bytecode and add tests (#1004)
  • Fix crash with suggested suppressions in JSpecify mode (#1001)
  • Update to JSpecify 1.0 and use JSpecify annotations in NullAway code (#1000)
  • Expose @​EnsuresNonNull and @​RequiresNonNull in annotations package (#999)
  • Don't report initializer warnings on @​NullUnmarked constructors / methods (#997)
  • Strip annotations from MethodSymbol strings (#993)
  • JSpecify: fix crashes where declared parameter / return types were raw (#989)
  • JSpecify: Handle @​nullable elements for enhanced-for-loops on arrays (#986)
  • Features/944 tidy stream nullability propagator (#985)
  • Tests for loops over arrays (#982)
  • Bug fixes for array subtyping at returns / parameter passing (#980)
  • JSpecify: Handle @​nonnull elements in @​nullable content arrays (#963)
  • Don't report @​nullable type argument errors for unmarked classes (#958)
  • External Library Models: Adding support for Nullable upper bounds of Generic Type parameters (#949)
  • Refactoring / code cleanups:
    • Test on JDK 22 (#992)
    • Add test case for @​nullable Void with override in JSpecify mode (#990)
    • Enable UnnecessaryFinal and PreferredInterfaceType EP checks (#991)
    • Add missing @​test annotation (#988)
    • Fix typo in variable name (#987)
    • Remove AbstractConfig class (#974)
    • Fix Javadoc for MethodRef (#973)
    • Refactored data clumps with the help of LLMs (research project) (#960)
  • Build / CI tooling maintenance:
    • Various cleanups enabled by bumping minimum Java and Error Prone versions (#962)
    • Disable publishing of snapshot builds from CI (#967)
    • Update Gradle action usage in CI workflow (#969)
    • Update Gradle config to always compile Java code using JDK 17 (#971)
    • Update JavaParser to 3.26.0 (#970)
    • Reenable JMH benchmarking in a safer manner (#975)
    • Updated JMH Benchmark Comment Action (#976)
    • Update to Gradle 8.8 (#981)
    • Update to Error Prone 2.28.0 (#984)
    • Update to Gradle 8.9 (#998)
    • Update to WALA 1.6.6 (#1003)

NullAway 0.11.0

IMPORTANT: Support for JDK 8 is dropped and NullAway now requires ErrorProne 2.14.0 or higher.

  • Delete OptionalEmptinessHandler method that is no longer needed (#954)

... (truncated)

Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.11.2

  • JSpecify: add another bailout check for raw types (#1021)
  • JSpecify: handle intersection type in one place (#1015)
  • JSpecify: fix for crash with wildcard types (#1020)
  • Maintenance:

Version 0.11.1

  • Fix issue 1008 (#1009)
  • JSpecify: read upper bound annotations from bytecode and add tests (#1004)
  • Fix crash with suggested suppressions in JSpecify mode (#1001)
  • Update to JSpecify 1.0 and use JSpecify annotations in NullAway code (#1000)
  • Expose @​EnsuresNonNull and @​RequiresNonNull in annotations package (#999)
  • Don't report initializer warnings on @​NullUnmarked constructors / methods (#997)
  • Strip annotations from MethodSymbol strings (#993)
  • JSpecify: fix crashes where declared parameter / return types were raw (#989)
  • JSpecify: Handle @​nullable elements for enhanced-for-loops on arrays (#986)
  • Features/944 tidy stream nullability propagator (#985)
  • Tests for loops over arrays (#982)
  • Bug fixes for array subtyping at returns / parameter passing (#980)
  • JSpecify: Handle @​nonnull elements in @​nullable content arrays (#963)
  • Don't report @​nullable type argument errors for unmarked classes (#958)
  • External Library Models: Adding support for Nullable upper bounds of Generic Type parameters (#949)
  • Refactoring / code cleanups:
    • Test on JDK 22 (#992)
    • Add test case for @​nullable Void with override in JSpecify mode (#990)
    • Enable UnnecessaryFinal and PreferredInterfaceType EP checks (#991)
    • Add missing @​test annotation (#988)
    • Fix typo in variable name (#987)
    • Remove AbstractConfig class (#974)
    • Fix Javadoc for MethodRef (#973)
    • Refactored data clumps with the help of LLMs (research project) (#960)
  • Build / CI tooling maintenance:
    • Various cleanups enabled by bumping minimum Java and Error Prone versions (#962)
    • Disable publishing of snapshot builds from CI (#967)
    • Update Gradle action usage in CI workflow (#969)
    • Update Gradle config to always compile Java code using JDK 17 (#971)
    • Update JavaParser to 3.26.0 (#970)
    • Reenable JMH benchmarking in a safer manner (#975)
    • Updated JMH Benchmark Comment Action (#976)
    • Update to Gradle 8.8 (#981)
    • Update to Error Prone 2.28.0 (#984)
    • Update to Gradle 8.9 (#998)
    • Update to WALA 1.6.6 (#1003)

Version 0.11.0

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.10.10&new-version=0.11.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ffb0ffbed..d57dd2841 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.10.10 + 0.11.2 From 2dad24f1e7b816421361a57409ead11b0733c793 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 23:35:51 +0530 Subject: [PATCH 09/48] Bump jetty.version from 11.0.16 to 11.0.23 (#1982) Bumps `jetty.version` from 11.0.16 to 11.0.23. Updates `org.eclipse.jetty:jetty-servlet` from 11.0.16 to 11.0.23 Updates `org.eclipse.jetty:jetty-servlets` from 11.0.16 to 11.0.23 Updates `org.eclipse.jetty:jetty-security` from 11.0.16 to 11.0.23 Updates `org.eclipse.jetty:jetty-proxy` from 11.0.16 to 11.0.23 Updates `org.eclipse.jetty.websocket:websocket-jetty-server` from 11.0.16 to 11.0.23 Updates `org.eclipse.jetty.websocket:websocket-servlet` from 11.0.16 to 11.0.23 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 7530b50f1..776c7720e 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -30,7 +30,7 @@ org.asynchttpclient.client - 11.0.16 + 11.0.23 10.1.25 2.11.0 4.11.0 From a3fc50d93b2596b1b1c2364b834b32c789ba5816 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 01:27:45 +0530 Subject: [PATCH 10/48] Bump org.jacoco:jacoco-maven-plugin from 0.8.9 to 0.8.12 (#1987) Bumps [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.9 to 0.8.12.
Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.12

New Features

  • JaCoCo now officially supports Java 22 (GitHub #1596).
  • Experimental support for Java 23 class files (GitHub #1553).

Fixed bugs

  • Branches added by the Kotlin compiler for functions with default arguments and having more than 32 parameters are filtered out during generation of report (GitHub #1556).
  • Branch added by the Kotlin compiler version 1.5.0 and above for reading from lateinit property is filtered out during generation of report (GitHub #1568).

Non-functional Changes

  • JaCoCo now depends on ASM 9.7 (GitHub #1600).

0.8.11

New Features

  • JaCoCo now officially supports Java 21 (GitHub #1520).
  • Experimental support for Java 22 class files (GitHub #1479).
  • Part of bytecode generated by the Java compilers for exhaustive switch expressions is filtered out during generation of report (GitHub #1472).
  • Part of bytecode generated by the Java compilers for record patterns is filtered out during generation of report (GitHub #1473).

Fixed bugs

  • Instrumentation should not cause VerifyError when the last local variable of method parameters is overridden in the method body to store a value of type long or double (GitHub #893).
  • Restore exec file compatibility with versions from 0.7.5 to 0.8.8 in case of class files with zero line numbers (GitHub #1492).

Non-functional Changes

  • jacoco-maven-plugin now requires at least Java 8 (GitHub #1466, #1468).
  • JaCoCo build now requires at least Maven 3.5.4 (GitHub #1467).
  • Maven 3.9.2 should not produce warnings for jacoco-maven-plugin (GitHub #1468).
  • JaCoCo build now requires JDK 17 (GitHub #1482).
  • JaCoCo now depends on ASM 9.6 (GitHub #1518).

0.8.10

Fixed bugs

  • Agent should not require configuration of permissions for SecurityManager outside of its codeBase (GitHub #1425).
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jacoco:jacoco-maven-plugin&package-manager=maven&previous-version=0.8.9&new-version=0.8.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d57dd2841..4e9a728cc 100644 --- a/pom.xml +++ b/pom.xml @@ -348,7 +348,7 @@ org.jacoco jacoco-maven-plugin - 0.8.9 + 0.8.12 From 2d1316452354fd4e638255a34d2d8638b7258150 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Sep 2024 00:36:22 +0530 Subject: [PATCH 11/48] Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1990) Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0.
Release notes

Sourced from org.hamcrest:hamcrest's releases.

Hamcrest v3.0

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Hamcrest v3.0-rc1

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Changelog

Sourced from org.hamcrest:hamcrest's changelog.

Version 3.0 (1st August 2024)

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Commits
  • 68984b8 Version 3.0
  • 1adc351 Fix javadoc title
  • 4e2b71c Add instructions for releasing to Maven Central
  • 3fa841d Revert version to 3.0-SNAPSHOT
  • 750dc36 Prepare for version 3.0-rc1
  • 1703e95 Fix broken tutorial link in README
  • c4578ef Upgrade Gradle 8.8 -> 8.9
  • a9923af Remove old, unused build definitions
  • cf25e14 Cleanup README, fix broken links
  • bc4769e Upgrade to GitHub-native Dependabot (#342)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.hamcrest:hamcrest&package-manager=maven&previous-version=2.2&new-version=3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 776c7720e..9d856540f 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -34,7 +34,7 @@ 10.1.25 2.11.0 4.11.0 - 2.2 + 3.0 2.0.2 From 970fa08bdf8ea1fba150ab398c2f28bad35a5eca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Sep 2024 00:44:34 +0530 Subject: [PATCH 12/48] Bump commons-io:commons-io from 2.11.0 to 2.16.1 (#1986) Bumps commons-io:commons-io from 2.11.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.11.0&new-version=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 9d856540f..cb689bbd8 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -32,7 +32,7 @@ 11.0.23 10.1.25 - 2.11.0 + 2.16.1 4.11.0 3.0 2.0.2 From eb90b5fddb2f53a904ed3507124727216f515085 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Sep 2024 00:51:03 +0530 Subject: [PATCH 13/48] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.25 to 10.1.28 (#1983) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.25 to 10.1.28. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.25&new-version=10.1.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index cb689bbd8..353ffb275 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.23 - 10.1.25 + 10.1.28 2.16.1 4.11.0 3.0 From 2f59949da8b2f452a1244da9d3db72b696767660 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Sep 2024 01:03:37 +0530 Subject: [PATCH 14/48] Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.5 (#1985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.1.0 to 3.2.5.
Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.5

Release Notes - Maven GPG Plugin - Version 3.2.5

📦 Dependency updates

3.2.4

Release Notes - Maven GPG Plugin - Version 3.2.4

... (truncated)

Commits
  • 737d4ee [maven-release-plugin] prepare release maven-gpg-plugin-3.2.5
  • 7747063 [MGPG-134] Update maven-invoker (#110)
  • 3df5f83 [MGPG-133] Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to ...
  • 58a2069 [MGPG-132] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2...
  • e911b43 [MGPG-131] Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108)
  • d2b60d3 [MGPG-130] Update sigstore extension for exclusion (#109)
  • 091f388 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0
  • 899f410 [MGPG-128] Parent POM 42, prerequisite 3.6.3 (#100)
  • f0be6f3 [MGPG-127] Bump bouncycastleVersion from 1.78 to 1.78.1 (#98)
  • 7dd5166 [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-gpg-plugin&package-manager=maven&previous-version=3.1.0&new-version=3.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4e9a728cc..e19e5f855 100644 --- a/pom.xml +++ b/pom.xml @@ -409,7 +409,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.1.0 + 3.2.5 sign-artifacts From dcf83510c0b65a4e85ffb645f76b0d06904e6dab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 23:26:14 +0530 Subject: [PATCH 15/48] Bump org.jetbrains:annotations from 24.0.1 to 24.1.0 (#1994) Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 24.0.1 to 24.1.0.
Release notes

Sourced from org.jetbrains:annotations's releases.

24.1.0

  • @CheckReturnValue is not experimental anymore.
Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 24.1.0

  • @CheckReturnValue is not experimental anymore.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains:annotations&package-manager=maven&previous-version=24.0.1&new-version=24.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e19e5f855..5219e29aa 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ 1.5.6-4 2.0.1 1.4.11 - 24.0.1 + 24.1.0 From 619bf9b08a00c303105fa84844ce253b7defd928 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 23:35:56 +0530 Subject: [PATCH 16/48] Bump com.github.luben:zstd-jni from 1.5.6-4 to 1.5.6-5 (#1992) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-4 to 1.5.6-5.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-4&new-version=1.5.6-5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5219e29aa..b088d238a 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.25.Final 1.17.0 2.0.13 - 1.5.6-4 + 1.5.6-5 2.0.1 1.4.11 24.1.0 From 1dda55ab360a8e4fb92434951ac2dcda5d407cc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Sep 2024 21:44:02 +0530 Subject: [PATCH 17/48] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.10.0 (#1996) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.6.3 to 3.10.0.
Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.7.0

📦 Dependency updates

📝 Documentation updates

👻 Maintenance

  • Bump org.springframework:spring-context from 4.3.29.RELEASE to 5.2.21.RELEASE in /src/it/projects/MJAVADOC-434_fixcompile (#280) @​dependabot
  • Exclude JDK 8 - temurin, adopt-openj9 on macos (#279) @​slawekjaranowski

🔧 Build

Commits
  • 487e479 [maven-release-plugin] prepare release maven-javadoc-plugin-3.10.0
  • 9638a6a [MJAVADOC-785] Align plugin implementation with AbstractMavenReport (maven-re...
  • 9d33925 [MJAVADOC-784] Upgrade to Doxia 2.0.0 Milestone Stack
  • a11b921 [MJAVADOC-809] Align Mojo class names
  • 7c4b467 Bump org.apache.maven.plugins:maven-plugins from 42 to 43
  • 636442b Improve ITs
  • dbca15a Bump org.hamcrest:hamcrest-core from 2.2 to 3.0
  • d02bb88 Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0
  • 0a850a1 [MJAVADOC-807] Simplify IT for MJAVADOC-498
  • 43e901f Improve URL handling
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-javadoc-plugin&package-manager=maven&previous-version=3.6.3&new-version=3.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b088d238a..e8904126f 100644 --- a/pom.xml +++ b/pom.xml @@ -382,7 +382,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.6.3 + 3.10.0 attach-javadocs From 2c9398a577c4832362d709017ff28c011df93c10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Sep 2024 21:53:50 +0530 Subject: [PATCH 18/48] Bump com.google.errorprone:error_prone_core from 2.30.0 to 2.31.0 (#1995) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) from 2.30.0 to 2.31.0.
Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.31.0

This is the last planned minor release of Error Prone that will support running on JDK 11, see #3803. Using Error Prone to compile code that is deployed to earlier versions will continue to be fully supported, but will require using JDK 17 or newer for compilation and setting --release or -source/-target/-bootclasspath.

Changes:

New checks:

  • AutoValueBoxedValues: AutoValue instances should not usually contain boxed types that are not Nullable. We recommend removing the unnecessary boxing.

Full changelog: https://github.com/google/error-prone/compare/v2.30.0...v2.31.0

Commits
  • 4294aac Release Error Prone 2.31.0
  • 5bf91fb Replace {@link ThreadSafeTypeParameter} with {@code ThreadSafeTypeParameter}
  • a5a7189 Replace ComparisonChain with a Comparator chain.
  • 7e9a100 Make ThreadSafeTypeParameter useful in the open-source version of ErrorProne.
  • b4cebef Fix typo noted by @​Stephan202.
  • 354104e Remove ThreadSafe.TypeParameter now that it's been replaced by `ThreadSafeT...
  • 7542d36 Don't fire CanIgnoreReturnValueSuggester for simple return param; impleme...
  • 0a5a5b8 Migrate CollectionIncompatibleType from the deprecated withSignature to `...
  • 78218f2 Write more about withSignature.
  • 90d9390 Mark some Kotlin ranges as Immutable.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.errorprone:error_prone_core&package-manager=maven&previous-version=2.30.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e8904126f..23c315c97 100644 --- a/pom.xml +++ b/pom.xml @@ -322,7 +322,7 @@ com.google.errorprone error_prone_core - 2.30.0 + 2.31.0 com.uber.nullaway From c2683b0507d510a0afeb553071b44edd807e2192 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Sep 2024 21:54:05 +0530 Subject: [PATCH 19/48] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.0 (#1993) Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.4.0 to 3.5.0.
Commits
  • c78365f [maven-release-plugin] prepare release surefire-3.5.0
  • 05e4681 [SUREFIRE-2227] Dynamically calculate xrefTestLocation
  • f1a419a [SUREFIRE-2228] Upgrade to Doxia 2.0.0 Milestone Stack
  • 5e14d4f [SUREFIRE-2161] Align Mojo class names and output names
  • c0784ab Bump org.apache.commons:commons-compress from 1.27.0 to 1.27.1
  • 79ea717 [SUREFIRE-2256] Upgrade to Parent 43
  • 4648b47 add Reproducible Builds badge
  • f64c1b3 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 23c315c97..633143668 100644 --- a/pom.xml +++ b/pom.xml @@ -337,7 +337,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.4.0 + 3.5.0 @{argLine} --add-exports java.base/jdk.internal.misc=ALL-UNNAMED From 419cc3102b0b8d82e35edc301b4727490adb93e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Sep 2024 21:54:16 +0530 Subject: [PATCH 20/48] Bump org.apache.kerby:kerb-simplekdc from 2.0.2 to 2.1.0 (#1991) Bumps org.apache.kerby:kerb-simplekdc from 2.0.2 to 2.1.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.kerby:kerb-simplekdc&package-manager=maven&previous-version=2.0.2&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 353ffb275..369aaab1a 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -35,7 +35,7 @@ 2.16.1 4.11.0 3.0 - 2.0.2 + 2.1.0 From 1da01267909ba13f6b4a903d9e97d8cd2e9d2ab2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Sep 2024 23:30:33 +0530 Subject: [PATCH 21/48] Bump netty.version from 4.1.112.Final to 4.1.113.Final (#1999) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.1.112.Final to 4.1.113.Final. Updates `io.netty:netty-buffer` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.112.Final to 4.1.113.Final
Commits
  • d0a109e [maven-release-plugin] prepare release netty-4.1.113.Final
  • e1d6384 Cleanup fields on AdaptiveByteBuf::deallocate (#14273)
  • 8a02f45 Upload hidden files for staging (#14275)
  • c0fdb8e adjust continuation frame header length (#14245)
  • 95d86bb chore: clean code DefaultChannelPipeline add method (#14249)
  • 1c1da9f Fix netty-all artifact snapshot deployments (#14264)
  • 235eb6f Upgrade to netty-tcnative 2.0.66.Final (#14254)
  • ceade95 Ensure flushes are not discarded by ChunkedWriteHandler for passed th… (#14248)
  • dc30c33 Add new SslHandler.isEncrypted(...) variant that will not produce fal… (#14243)
  • 31d1592 Remove reference to parent in recycled buffers for leak detection (#14250)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 633143668..6a44981a7 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.112.Final + 4.1.113.Final 0.0.25.Final 1.17.0 2.0.13 From 15cc40d9d0edc8904c5fee1b377fdbd705b0252e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Sep 2024 23:30:59 +0530 Subject: [PATCH 22/48] Bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0 (#2001) Bumps org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.sonatype.plugins:nexus-staging-maven-plugin&package-manager=maven&previous-version=1.6.13&new-version=1.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6a44981a7..cef8f0568 100644 --- a/pom.xml +++ b/pom.xml @@ -396,7 +396,7 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.13 + 1.7.0 true ossrh From 9a079cbc6d431d9a9e7a7caf04e2c8d90f6dd44c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Sep 2024 19:21:55 +0530 Subject: [PATCH 23/48] Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.16 (#2000) Bumps org.slf4j:slf4j-api from 2.0.13 to 2.0.16. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-api&package-manager=maven&previous-version=2.0.13&new-version=2.0.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cef8f0568..d300f0fd4 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ 4.1.113.Final 0.0.25.Final 1.17.0 - 2.0.13 + 2.0.16 1.5.6-5 2.0.1 1.4.11 From 29e13f29e0d6223b91abce209a49fd1be99ae091 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Sep 2024 19:28:24 +0530 Subject: [PATCH 24/48] Bump jetty.version from 11.0.23 to 11.0.24 (#1998) Bumps `jetty.version` from 11.0.23 to 11.0.24. Updates `org.eclipse.jetty:jetty-servlet` from 11.0.23 to 11.0.24 Updates `org.eclipse.jetty:jetty-servlets` from 11.0.23 to 11.0.24 Updates `org.eclipse.jetty:jetty-security` from 11.0.23 to 11.0.24 Updates `org.eclipse.jetty:jetty-proxy` from 11.0.23 to 11.0.24 Updates `org.eclipse.jetty.websocket:websocket-jetty-server` from 11.0.23 to 11.0.24 Updates `org.eclipse.jetty.websocket:websocket-servlet` from 11.0.23 to 11.0.24 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 369aaab1a..169490f2d 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -30,7 +30,7 @@ org.asynchttpclient.client - 11.0.23 + 11.0.24 10.1.28 2.16.1 4.11.0 From 1a96c1c105748315abcc5899d5cc0bfd4108a273 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 23:58:10 +0530 Subject: [PATCH 25/48] Bump ch.qos.logback:logback-classic from 1.4.11 to 1.5.8 (#2003) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.4.11 to 1.5.8.
Commits
  • 92e1a5e prepare release 1.5.8
  • 76d8dd8 Update README.md, comment out CI action results
  • d7e0d59 Merge branch 'master' of github.com:qos-ch/logback
  • fe3bf9d os.name property is expected to be Mac OS X on Apple computers
  • 9806273 Update README.md
  • c45f110 check for Mac OS X
  • 00c6f5e what is the os.name
  • 7d03a42 update actions/setup
  • edacb3b skip email sent termination test on MacOs
  • 3b5d041 allow more time for timetout
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.4.11&new-version=1.5.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d300f0fd4..a1d53588f 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.6-5 2.0.1 - 1.4.11 + 1.5.8 24.1.0 From b2c3d566ca9a7341d2743c38fef0c5693e6f556b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 00:03:29 +0530 Subject: [PATCH 26/48] Bump org.junit:junit-bom from 5.10.2 to 5.11.0 (#2002) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.2 to 5.11.0.
Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.11.0 = Platform 1.11.0 + Jupiter 5.11.0 + Vintage 5.11.0

See Release Notes.

New Contributors

Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0

JUnit 5.11.0-RC1 = Platform 1.11.0-RC1 + Jupiter 5.11.0-RC1 + Vintage 5.11.0-RC1

See Release Notes.

New Contributors

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1

JUnit 5.11.0-M2 = Platform 1.11.0-M2 + Jupiter 5.11.0-M2 + Vintage 5.11.0-M2

See Release Notes.

New Contributors

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M1...r5.11.0-M2

JUnit 5.11.0-M1 = Platform 1.11.0-M1 + Jupiter 5.11.0-M1 + Vintage 5.11.0-M1

... (truncated)

Commits
  • 6b8e42b Release 5.11
  • 9430ece Allow potentially unlimited maxCharsPerColumn in Csv{File}Source (#3924)
  • 0b10f86 Polish release notes
  • 4dbd0f9 Let @TempDir fail fast with File annotated element and non-default file s...
  • 57f1ad4 Fix syntax
  • d78730a Prioritize tasks on critical path of task graph
  • b6719e2 Remove obsolete directory
  • d8ec757 Apply Spotless formatting to Gradle script plugins
  • dae525d Disable caching of some Spotless tasks due to negative avoidance savings
  • c63d118 Re-enable caching verifyOSGi tasks (issue was fixed in bnd 7.0.0)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.10.2&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a1d53588f..45b5cb835 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.junit junit-bom - 5.10.2 + 5.11.0 pom import From c4812b22a4a1c2e3e0e8bdba0f5103f60a54cc86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 13:15:44 +0530 Subject: [PATCH 27/48] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.28 to 10.1.29 (#2004) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.28 to 10.1.29. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.28&new-version=10.1.29)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 169490f2d..df2608930 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.28 + 10.1.29 2.16.1 4.11.0 3.0 From c0b73f1f74cf758bb1cf4882c5edff8a2608ae74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:50:41 +0530 Subject: [PATCH 28/48] Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.5 to 3.2.7 (#2010) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.2.5 to 3.2.7.
Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.7

Fixes a lingering issue affecting whole 3.2.x lineage, that resulted in "bad passphrase" on Windows OS with GPG signer (see MGPG-136 for details).

What's Changed

Full Changelog: https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.7

3.2.6

Release Notes - Maven GPG Plugin - Version 3.2.6

What's Changed

New Contributors

... (truncated)

Commits
  • 43af21c [maven-release-plugin] prepare release maven-gpg-plugin-3.2.7
  • 8c5a8d2 [MGPG-144] Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#119)
  • cb5422f [MGPG-143] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.10.0 to ...
  • 6b2a27f [MGPG-136] Windows passphrase corruption (#120)
  • 31e87e0 [maven-release-plugin] prepare for next development iteration
  • 1c9a14c [maven-release-plugin] prepare release maven-gpg-plugin-3.2.6
  • bbe6156 Add FAQ for "no pinentry" issue (#118)
  • 5b94273 [MGPG-141] Remove use of deprecated classes (#117)
  • afdfd28 [MGPG-138] Drop direct use of plexus-cipher and secdispatcher (#115)
  • 7516e7c [MGPG-140] Update Maven to 3.9.9 (#116)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-gpg-plugin&package-manager=maven&previous-version=3.2.5&new-version=3.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45b5cb835..b340c3879 100644 --- a/pom.xml +++ b/pom.xml @@ -409,7 +409,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.2.5 + 3.2.7 sign-artifacts From 240a9bf70772bc394f4cb20bff0120b0f9e3ce9c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:12:32 +0530 Subject: [PATCH 29/48] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.29 to 10.1.30 (#2008) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.29 to 10.1.30. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.29&new-version=10.1.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index df2608930..a31faffad 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.29 + 10.1.30 2.16.1 4.11.0 3.0 From 9ec517d808510c0a548e56a5e45cd4b18899d453 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:18:53 +0530 Subject: [PATCH 30/48] Bump com.uber.nullaway:nullaway from 0.11.2 to 0.11.3 (#2007) Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.11.2 to 0.11.3.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.11.3

IMPORTANT: We have cherry-picked one PR in master since 0.11.2 for this release, it does not contain all changes in master!

  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.11.3

IMPORTANT: We have cherry-picked one PR in master since 0.11.2 for this release, it does not contain all changes in master!

  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.11.2&new-version=0.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b340c3879..d3577a2eb 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.11.2 + 0.11.3 From 0498fb64a2a5717b5ddf000cca68b7a16c69b129 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 02:06:53 +0530 Subject: [PATCH 31/48] Bump crazy-max/ghaction-import-gpg from 6.1.0 to 6.2.0 (#2022) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.1.0 to 6.2.0.
Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v6.2.0

Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.1.0...v6.2.0

Commits
  • cb9bde2 Merge pull request #205 from crazy-max/dependabot/npm_and_yarn/openpgp-5.11.2
  • 652ac61 chore: update generated content
  • 0404dfd build(deps): bump openpgp from 5.11.0 to 5.11.2
  • 63a9470 Merge pull request #209 from crazy-max/dependabot/npm_and_yarn/actions/core-1...
  • e3a6456 chore: update generated content
  • f0d6155 Merge pull request #207 from crazy-max/dependabot/npm_and_yarn/micromatch-4.0.8
  • 8812250 build(deps): bump @​actions/core from 1.10.1 to 1.11.1
  • 35465df build(deps): bump micromatch from 4.0.4 to 4.0.8
  • ea88154 Merge pull request #204 from crazy-max/dependabot/github_actions/docker/bake-...
  • 871d8a5 build(deps): bump docker/bake-action from 4 to 5
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crazy-max/ghaction-import-gpg&package-manager=github_actions&previous-version=6.1.0&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6d171da6..8014135c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: }] - name: Import GPG - uses: crazy-max/ghaction-import-gpg@v6.1.0 + uses: crazy-max/ghaction-import-gpg@v6.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From 2cc75bc6d11ad496030ec4a6bb515fa48bd6763e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 02:07:19 +0530 Subject: [PATCH 32/48] Bump com.github.luben:zstd-jni from 1.5.6-5 to 1.5.6-7 (#2021) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-5 to 1.5.6-7.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-5&new-version=1.5.6-7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d3577a2eb..8ff6ffda9 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.25.Final 1.17.0 2.0.16 - 1.5.6-5 + 1.5.6-7 2.0.1 1.5.8 24.1.0 From 3f6d4ac2659fc3e92d8a0f527f54799b2f6bcee8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 02:07:36 +0530 Subject: [PATCH 33/48] Bump org.jetbrains:annotations from 24.1.0 to 26.0.1 (#2017) Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 24.1.0 to 26.0.1.
Release notes

Sourced from org.jetbrains:annotations's releases.

26.0.1

  • Fixed sources.jar build (regression after 25.0.0)

26.0.0

  • Added new experimental annotation: @NotNullByDefault

25.0.0

  • Added Kotlin Multiplatform artifact (multiplatform-annotations).
  • Removed Java 5 artifact.
Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 26.0.1

  • Fixed sources.jar build (regression after 25.0.0)

Version 26.0.0

  • Added new experimental annotation: @NotNullByDefault

Version 25.0.0

  • Added Kotlin Multiplatform artifact (multiplatform-annotations).
  • Removed Java 5 artifact.
Commits
  • f79a61f Version 26.0.1
  • 546095e javaOnlySourcesJar: fix target
  • 9fd19c1 Merge pull request #115 from serjsysoev/fix_sources
  • b7311e2 Fix sources jar
  • 0d04181 Javadoc touch-up
  • 6894074 Version 26.0.0
  • 4f1401a Fix typo
  • 61bce51 NotNullByDefault: refine the behavior for type parameters
  • 0c06dec Fix javadoc links
  • 5a4e1b6 Contract: improved documentation for mutates parameter; unmark it as experime...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains:annotations&package-manager=maven&previous-version=24.1.0&new-version=26.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8ff6ffda9..aeb65d5f9 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ 1.5.6-7 2.0.1 1.5.8 - 24.1.0 + 26.0.1 From d79427d0450655d771a2a978d0e188eb9c6dd6d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:53:16 +0530 Subject: [PATCH 34/48] Bump s4u/maven-settings-action from 3.0.0 to 3.1.0 (#2025) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) from 3.0.0 to 3.1.0.
Release notes

Sourced from s4u/maven-settings-action's releases.

v3.1.0

What's Changed

:fire: New features

:hammer: Maintenance

:toolbox: Dependency updates

:heart: Thanks

Many thanks for collaboration on this release for: @​Gozke, @​pwoodworth and @​slawekjaranowski

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=s4u/maven-settings-action&package-manager=github_actions&previous-version=3.0.0&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8014135c2..4a462dc99 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: run: rm -f /home/runner/.m2/settings.xml - name: Maven Settings - uses: s4u/maven-settings-action@v3.0.0 + uses: s4u/maven-settings-action@v3.1.0 with: servers: | [{ From a3e7db3cf45539485e4ce542002d15fead39f88b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:02:18 +0530 Subject: [PATCH 35/48] Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.12 (#2024) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.8 to 1.5.12.
Commits
  • 3a64b51 prepare release 1.5.12
  • ecae664 fix issues/879
  • 85968fa logger call ends with two exceptions - fix issues/876
  • ea3cec8 Update README.md
  • 887cbba update README.md
  • df2a3b6 start work on 1.5.12-SNAPSHOT
  • 3aa0730 prepare release of version 1.5.11
  • 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
  • 75bee86 refactorings in support of logback-tyler
  • 8749edc start work on 1.5.11-SNAPSHOT
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.8&new-version=1.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aayush Atharva <24762260+hyperxpro@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index aeb65d5f9..ecab5943b 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ 2.0.16 1.5.6-7 2.0.1 - 1.5.8 + 1.5.12 26.0.1 From a2c1767fc6bf27325b7f03cfdf5f0f6fd13d4b6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:09:22 +0530 Subject: [PATCH 36/48] Bump com.uber.nullaway:nullaway from 0.11.3 to 0.12.1 (#2023) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.uber.nullaway:nullaway](https://github.com/uber/NullAway) from 0.11.3 to 0.12.1.
Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.1

  • Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • Handle records in targetTypeMatches (#1061)

NullAway 0.12.0

IMPORTANT:

  • We now by default check/enforce that pure type-use annotations from JSpecify are written in the "right place" on array types, varargs types, and nested types. More details can be found in the wiki. We also expose -XepOpt:NullAway:LegacyAnnotationLocations flag to disable this new behavior for now to ease the migration. We expect to remove this flag in a future version of NullAway.
  • We now support writing @​EnsuresNonNullIf on methods to capture cases where a method conditionally ensures that a field is @​NonNull. Thanks @​mauricioaniche for the contributions!

(The changelog below contains all changes from version 0.11.2, since version 0.11.3 contains only one cherry-picked PR from master).

  • Enforce Strict Interpretation Of Type Use Annotation Locations Outside of JSpecify mode (#1010)
  • Update handling of annotations on varargs argument (#1025)
  • Create basic unit tests for library model generation (#1031)
  • Partial handling for restrictive annotations on varargs in unannotated code (#1029)
  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
  • External Library Models: Adding support for @​nullable Method parameters (#1006)
  • JDK 23 support (#1034)
  • Support @​EnsuresNonNullIf (#1044)
  • Update some Android astubx models (#1052)
  • Remove unused or unneeded JarInfer flags (#1050)
  • Enforce correct type-use annotation locations for nested types (#1045)
  • Update Android SDK 31 astubx models (#1054)
  • Fix bugs in reading varargs annotations from bytecodes (#1055)
  • General maintenance:
    • Update to Gradle 8.10 (#1023)
    • Update to Gradle 8.10.1 (#1036)
    • Update to Error Prone 2.32.0 (#1037)
    • Typo fix in README.md (#1041)
    • Fix Gradle config instructions (#1039)
    • Update to v4 of setup-gradle GitHub action (#1043)
    • Add extra JVM args needed for JMH on recent JDK versions (#1049)
    • Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
    • Various version updates (#1051)
    • Update to Checker Framework 3.48.0 (#1030)
Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.1

  • Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • Handle records in targetTypeMatches (#1061)

Version 0.12.0

IMPORTANT:

  • We now by default check/enforce that pure type-use annotations from JSpecify are written in the "right place" on array types, varargs types, and nested types. More details can be found in the wiki. We also expose -XepOpt:NullAway:LegacyAnnotationLocations flag to disable this new behavior for now to ease the migration. We expect to remove this flag in a future version of NullAway.
  • We now support writing @​EnsuresNonNullIf on methods to capture cases where a method conditionally ensures that a field is @​NonNull. Thanks @​mauricioaniche for the contributions!

(The changelog below contains all changes from version 0.11.2, since version 0.11.3 contains only one cherry-picked PR from master).

  • Enforce Strict Interpretation Of Type Use Annotation Locations Outside of JSpecify mode (#1010)
  • Update handling of annotations on varargs argument (#1025)
  • Create basic unit tests for library model generation (#1031)
  • Partial handling for restrictive annotations on varargs in unannotated code (#1029)
  • Add missing source files in android-jarinfer-models-sdk modules (#1033)
  • External Library Models: Adding support for @​nullable Method parameters (#1006)
  • JDK 23 support (#1034)
  • Support @​EnsuresNonNullIf (#1044)
  • Update some Android astubx models (#1052)
  • Remove unused or unneeded JarInfer flags (#1050)
  • Enforce correct type-use annotation locations for nested types (#1045)
  • Update Android SDK 31 astubx models (#1054)
  • Fix bugs in reading varargs annotations from bytecodes (#1055)
  • General maintenance:
    • Update to Gradle 8.10 (#1023)
    • Update to Gradle 8.10.1 (#1036)
    • Update to Error Prone 2.32.0 (#1037)
    • Typo fix in README.md (#1041)
    • Fix Gradle config instructions (#1039)
    • Update to v4 of setup-gradle GitHub action (#1043)
    • Add extra JVM args needed for JMH on recent JDK versions (#1049)
    • Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
    • Various version updates (#1051)
    • Update to Checker Framework 3.48.0 (#1030)
Commits
  • e7a1bd1 Prepare for release 0.12.1.
  • dc9cf0e Handle records in targetTypeMatches (#1061)
  • 8f4b928 Add library model for Apache Commons CollectionUtils.isNotEmpty (#932) (#1062)
  • d6b7fa3 Prepare next development version.
  • 84273f6 Prepare for release 0.12.0.
  • 91cf25d Fix bugs in reading varargs annotations from bytecodes (#1055)
  • 2a9188b Update Android SDK 31 astubx models (#1054)
  • 0f6f3d2 Use HTTP instead of SSH for cloning repo for JMH Benchmarks (#1056)
  • cc5ef65 Enforce correct type-use annotation locations for nested types (#1045)
  • 9eea2be Remove unused or unneeded JarInfer flags (#1050)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.uber.nullaway:nullaway&package-manager=maven&previous-version=0.11.3&new-version=0.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ecab5943b..a5f960a6e 100644 --- a/pom.xml +++ b/pom.xml @@ -327,7 +327,7 @@ com.uber.nullaway nullaway - 0.11.3 + 0.12.1 From c1ed191dc0bb3fbf5688a2d6298e73c13b75c3b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:51:01 +0530 Subject: [PATCH 37/48] Bump netty.version from 4.1.113.Final to 4.1.114.Final (#2013) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.1.113.Final to 4.1.114.Final. Updates `io.netty:netty-buffer` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-socks` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler-proxy` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-common` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-handler` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-resolver-dns` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-epoll` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

Updates `io.netty:netty-transport-native-kqueue` from 4.1.113.Final to 4.1.114.Final
Commits
  • 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
  • d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
  • 041eaed Re-add previous removed method to make revapi plugin happy again.
  • 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
  • e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
  • 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
  • c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
  • 56a9101 Update small documentation typo (#14370)
  • 8362d9d Fix flaky BootstrapTest (#14369)
  • bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aayush Atharva <24762260+hyperxpro@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5f960a6e..1fcc3439f 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.113.Final + 4.1.114.Final 0.0.25.Final 1.17.0 2.0.16 From dee9f8f3838709e2e09275dc0ea2e31c02de504e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 00:09:21 +0530 Subject: [PATCH 38/48] Bump org.junit:junit-bom from 5.11.0 to 5.11.3 (#2029) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.3.
Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.11.3 = Platform 1.11.3 + Jupiter 5.11.3 + Vintage 5.11.3

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3

JUnit 5.11.2 = Platform 1.11.2 + Jupiter 5.11.2 + Vintage 5.11.2

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2

JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1

Commits
  • b20991e Release 5.11.3
  • e57b508 Finalize 5.11.3 release notes
  • fb1254c Allow repeating ExtendWith annotation on fields and parameters
  • a3192bd Fix package name comparison on Java 8 (#4077)
  • fcb7b01 Remove useless Order annotation
  • 57dfcb5 Allow repeating @…Source annotations when used as meta annotations
  • 09cd8b3 Add ArchUnit test for consistency of repeatable annotations
  • fa46a92 Hard-wrap at 90 characters
  • 8f45eea Find repeatable @⁠ExtendWith meta-annotations on fields again
  • b451122 Introduce release notes for 5.11.3
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1fcc3439f..e538be35e 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.junit junit-bom - 5.11.0 + 5.11.3 pom import From b0676656eddcece472f7e92245c8e06ae7e21499 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 23:07:25 +0530 Subject: [PATCH 39/48] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.11.1 (#2030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.0 to 3.11.1.
Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

maven-javadoc-plugin-3.10.1

What's Changed

Full Changelog: https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.10.0...maven-javadoc-plugin-3.10.1

Commits
  • 619650c [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.1
  • e314da0 [MJAVADOC-821] Align toolchain discovery code with Maven Compiler Plugin
  • 62a6861 [MJAVADOC-820] [REGRESSION] MJAVADOC-787 was merged incompletely
  • d1090c5 [maven-release-plugin] prepare for next development iteration
  • ee030f7 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.0
  • 6c5fdc0 [MJAVADOC-819] Align archive generation code with Maven Source Plugin
  • 3a90de5 [MJAVADOC-787] Automatic detection of release option for JDK < 9
  • 373172d [MJAVADOC-817] Upgrade to Doxia 2.0.0 GA Stack
  • ba266c0 Fix SCM tag
  • 5775ce1 Fix typo
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-javadoc-plugin&package-manager=maven&previous-version=3.10.0&new-version=3.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e538be35e..89dc79442 100644 --- a/pom.xml +++ b/pom.xml @@ -382,7 +382,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.10.0 + 3.11.1 attach-javadocs From 39b34c17d65fedfb7c41b72452043830393edff2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 21:47:22 +0530 Subject: [PATCH 40/48] Bump io.netty:netty-common from 4.1.114.Final to 4.1.115.Final (#2031) Bumps [io.netty:netty-common](https://github.com/netty/netty) from 4.1.114.Final to 4.1.115.Final.
Commits
  • 04f9b4a [maven-release-plugin] prepare release netty-4.1.115.Final
  • fbf7a70 Merge commit from fork
  • 7b4fe3d Specialize Adaptive's allocator Recycler based on magazine's owner (#14421)
  • 9f3699e Explicit specify the platform for Docker files (#14448)
  • 3520fc7 Ensure netty-all generation does not override other snapshot jars (#14450)
  • 925064e Preserve ordering of default named groups during conversation (#14447)
  • 837b738 Make JMH executor threads look like event loop threads (#14444)
  • a434eef AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local (#14...
  • 16123be Allow to set used named groups per OpenSslContext (#14433)
  • dadbf58 Correctly detect if KeyManager is not supported by OpenSSL version (#14437)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.netty:netty-common&package-manager=maven&previous-version=4.1.114.Final&new-version=4.1.115.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsyncHttpClient/async-http-client/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 89dc79442..89e92d57a 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 11 UTF-8 - 4.1.114.Final + 4.1.115.Final 0.0.25.Final 1.17.0 2.0.16 From 2200b2477c84d2517fcbdf5d42f71d459c09066f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 21:47:37 +0530 Subject: [PATCH 41/48] Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#2028) Bumps commons-io:commons-io from 2.16.1 to 2.17.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.16.1&new-version=2.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index a31faffad..cb76aec5a 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -32,7 +32,7 @@ 11.0.24 10.1.30 - 2.16.1 + 2.17.0 4.11.0 3.0 2.1.0 From 0fcb589eac3573dfb3fbf54eef34921c04c8dc5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 02:12:24 +0530 Subject: [PATCH 42/48] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.2 (#2032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.0 to 3.5.2.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.2

🚀 New features and improvements

📦 Dependency updates

👻 Maintenance

Full Changelog: https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2

3.5.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

Commits
  • ea9f049 [maven-release-plugin] prepare release surefire-3.5.2
  • e1f94a0 [SUREFIRE-2276] JUnit5's TestTemplate failures treated as flakes with retries
  • d24adb4 [SUREFIRE-2277] RunResult#getFlakes() is lost during serialisation/deserialis...
  • 4385e94 Remove links to non-existing report
  • 8881971 Remove outdated FAQ
  • 0121834 [SUREFIRE-2283] FAQ site contains broken link to failsafe-plugin
  • 91d16c3 Fix formatting of XML schema files
  • 6cb417a Add .xsd to .gitattributes
  • 9ce5221 [SUREFIRE-2282] surefire-report-plugin: Update Introduction documentation page
  • 620b983 [SUREFIRE-2281] Upgrade to Doxia 2.0.0 GA Stack
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.0&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 89e92d57a..557768f80 100644 --- a/pom.xml +++ b/pom.xml @@ -337,7 +337,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.0 + 3.5.2 @{argLine} --add-exports java.base/jdk.internal.misc=ALL-UNNAMED From c2755e71b2f59cb86b5f3158ab55ffc5b0bc902c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 01:08:10 +0530 Subject: [PATCH 43/48] Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#2036) Bumps commons-io:commons-io from 2.17.0 to 2.18.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=maven&previous-version=2.17.0&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index cb76aec5a..062d866e5 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -32,7 +32,7 @@ 11.0.24 10.1.30 - 2.17.0 + 2.18.0 4.11.0 3.0 2.1.0 From 527e7fd7466881f53a732a7d84eaa9bc82781234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 00:23:19 +0530 Subject: [PATCH 44/48] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.30 to 10.1.31 in /client (#2034) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.30 to 10.1.31. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.30&new-version=10.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsyncHttpClient/async-http-client/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index 062d866e5..d2bd097d0 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.30 + 10.1.31 2.18.0 4.11.0 3.0 From 91a358c5c641da47d33f614a5435ff45933045d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:15:52 +0530 Subject: [PATCH 45/48] Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.31 to 10.1.33 (#2038) Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.31 to 10.1.33.
Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.apache.tomcat.embed:tomcat-embed-core | [>= 11.a0, < 12] |
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=10.1.31&new-version=10.1.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- client/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/pom.xml b/client/pom.xml index d2bd097d0..71b945bdd 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -31,7 +31,7 @@ org.asynchttpclient.client 11.0.24 - 10.1.31 + 10.1.33 2.18.0 4.11.0 3.0 From 2af27154ba181c49b762c7a4a68c12b6831de093 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:22:56 +0530 Subject: [PATCH 46/48] Bump com.github.luben:zstd-jni from 1.5.6-7 to 1.5.6-8 (#2037) Bumps [com.github.luben:zstd-jni](https://github.com/luben/zstd-jni) from 1.5.6-7 to 1.5.6-8.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.luben:zstd-jni&package-manager=maven&previous-version=1.5.6-7&new-version=1.5.6-8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 557768f80..fb1a841a6 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 0.0.25.Final 1.17.0 2.0.16 - 1.5.6-7 + 1.5.6-8 2.0.1 1.5.12 26.0.1 From d5a83362f7aed81b93ebca559746ac9be0f95425 Mon Sep 17 00:00:00 2001 From: Chris Earle Date: Sun, 1 Dec 2024 12:10:55 -0700 Subject: [PATCH 47/48] [CookieStore] Only set `Cookie`s if they are not already set (#2033) This changes the behavior of the automatic usage of the `CookieStore` to avoid overwriting already-set `Cookie`s and, instead only sets them if they do not exist yet. Closes https://github.com/AsyncHttpClient/async-http-client/issues/1964 Co-authored-by: Aayush Atharva --- .../DefaultAsyncHttpClient.java | 2 +- .../asynchttpclient/RequestBuilderBase.java | 21 ++++++++++-- .../intercept/Redirect30xInterceptor.java | 7 ++-- .../asynchttpclient/RequestBuilderTest.java | 34 +++++++++++++++++++ 4 files changed, 55 insertions(+), 9 deletions(-) diff --git a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java index 1f616c328..3b417a5a3 100644 --- a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java +++ b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java @@ -235,7 +235,7 @@ public ListenableFuture executeRequest(Request request, AsyncHandler h if (!cookies.isEmpty()) { RequestBuilder requestBuilder = request.toBuilder(); for (Cookie cookie : cookies) { - requestBuilder.addOrReplaceCookie(cookie); + requestBuilder.addCookieIfUnset(cookie); } request = requestBuilder.build(); } diff --git a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java index 9f5cf9e5e..dbc5e4144 100644 --- a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java +++ b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java @@ -323,6 +323,21 @@ public T addCookie(Cookie cookie) { * @return this */ public T addOrReplaceCookie(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, true); + } + + /** + * Add a cookie based on its name, if it does not exist yet. Cookies that + * are already set will be ignored. + * + * @param cookie the new cookie + * @return this + */ + public T addCookieIfUnset(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, false); + } + + private T maybeAddOrReplaceCookie(Cookie cookie, boolean allowReplace) { String cookieKey = cookie.name(); boolean replace = false; int index = 0; @@ -335,10 +350,10 @@ public T addOrReplaceCookie(Cookie cookie) { index++; } - if (replace) { - cookies.set(index, cookie); - } else { + if (!replace) { cookies.add(cookie); + } else if (allowReplace) { + cookies.set(index, cookie); } return asDerivedType(); } diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java index 51e7c8a9b..e60495f80 100644 --- a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java @@ -142,11 +142,8 @@ public boolean exitAfterHandlingRedirect(Channel channel, NettyResponseFuture CookieStore cookieStore = config.getCookieStore(); if (cookieStore != null) { // Update request's cookies assuming that cookie store is already updated by Interceptors - List cookies = cookieStore.get(newUri); - if (!cookies.isEmpty()) { - for (Cookie cookie : cookies) { - requestBuilder.addOrReplaceCookie(cookie); - } + for (Cookie cookie : cookieStore.get(newUri)) { + requestBuilder.addCookieIfUnset(cookie); } } diff --git a/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java b/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java index 024fce5f1..34e79121d 100644 --- a/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java +++ b/client/src/test/java/org/asynchttpclient/RequestBuilderTest.java @@ -166,6 +166,40 @@ public void testAddOrReplaceCookies() { assertEquals(requestBuilder.cookies.size(), 2, "cookie size must be 2 after adding 1 more cookie i.e. cookie3"); } + @RepeatedIfExceptionsTest(repeats = 5) + public void testAddIfUnsetCookies() { + RequestBuilder requestBuilder = new RequestBuilder(); + Cookie cookie = new DefaultCookie("name", "value"); + cookie.setDomain("google.com"); + cookie.setPath("/"); + cookie.setMaxAge(1000); + cookie.setSecure(true); + cookie.setHttpOnly(true); + requestBuilder.addCookieIfUnset(cookie); + assertEquals(requestBuilder.cookies.size(), 1, "cookies size should be 1 after adding one cookie"); + assertEquals(requestBuilder.cookies.get(0), cookie, "cookie does not match"); + + Cookie cookie2 = new DefaultCookie("name", "value"); + cookie2.setDomain("google2.com"); + cookie2.setPath("/path"); + cookie2.setMaxAge(1001); + cookie2.setSecure(false); + cookie2.setHttpOnly(false); + + requestBuilder.addCookieIfUnset(cookie2); + assertEquals(requestBuilder.cookies.size(), 1, "cookies size should remain 1 as we just ignored cookie2 because of a cookie with same name"); + assertEquals(requestBuilder.cookies.get(0), cookie, "cookie does not match"); + + Cookie cookie3 = new DefaultCookie("name2", "value"); + cookie3.setDomain("google.com"); + cookie3.setPath("/"); + cookie3.setMaxAge(1000); + cookie3.setSecure(true); + cookie3.setHttpOnly(true); + requestBuilder.addCookieIfUnset(cookie3); + assertEquals(requestBuilder.cookies.size(), 2, "cookie size must be 2 after adding 1 more cookie i.e. cookie3"); + } + @RepeatedIfExceptionsTest(repeats = 5) public void testSettingQueryParamsBeforeUrlShouldNotProduceNPE() { RequestBuilder requestBuilder = new RequestBuilder(); From 6bd376ad336a237ef02a632df0042d4eb22e2d32 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 2 Dec 2024 21:40:34 +0530 Subject: [PATCH 48/48] Prepare for v3.0.1 release (#2040) --- README.md | 4 ++-- client/pom.xml | 2 +- pom.xml | 5 ++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 21a20ebbe..4ae651b75 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Maven: org.asynchttpclient async-http-client - 3.0.0 + 3.0.1 ``` @@ -28,7 +28,7 @@ Maven: Gradle: ```groovy dependencies { - implementation 'org.asynchttpclient:async-http-client:3.0.0' + implementation 'org.asynchttpclient:async-http-client:3.0.1' } ``` diff --git a/client/pom.xml b/client/pom.xml index 71b945bdd..58dcd0aad 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -19,7 +19,7 @@ org.asynchttpclient async-http-client-project - 3.0.0 + 3.0.1 4.0.0 diff --git a/pom.xml b/pom.xml index fb1a841a6..d02f7c7ee 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.asynchttpclient async-http-client-project - 3.0.0 + 3.0.1 pom AHC/Project @@ -368,10 +368,9 @@ org.apache.maven.plugins maven-source-plugin - 3.3.1 + 3.2.1 - attach-sources jar-no-fork