Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies group with 9 updates #236

Closed
wants to merge 1 commit into from
Closed

Bump the dependencies group with 9 updates #236

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 7, 2023
edited
Loading

Bumps the dependencies group with 9 updates:

Package From To
org.mockito:mockito-core 5.5.0 5.7.0
com.fasterxml.jackson.core:jackson-databind 2.15.2 2.15.3
com.fasterxml.jackson.core:jackson-annotations 2.15.2 2.15.3
com.fasterxml.jackson.core:jackson-core 2.15.2 2.15.3
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.15.2 2.15.3
io.jsonwebtoken:jjwt 0.9.1 0.12.3
org.owasp:dependency-check-maven 8.4.0 8.4.2
org.jacoco:jacoco-maven-plugin 0.8.10 0.8.11
org.apache.maven.plugins:maven-javadoc-plugin 3.5.0 3.6.2

Updates org.mockito:mockito-core from 5.5.0 to 5.7.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.7.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.7.0

v5.6.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.6.0

... (truncated)

Commits
  • 5c4e72c Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.10 to 1.9.20 (#3166)
  • f62fbe7 Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.10 to 1.9.20 (#3165)
  • f522f49 Attempt to detect system property mangling prior to loading ByteBuddy. (#3164)
  • a8adbf5 Handle Termux in InlineDelegateByteBuddyMockMaker.java (#3158)
  • 1bca5b8 Bump versions.errorprone from 2.22.0 to 2.23.0 (#3153)
  • f5449f9 Fix license url according to spdx license spec (#3152)
  • 73d6afc Remove checks for unsupported Java version from unit tests (#3150)
  • e736992 Add CodeCov token to upload coverage report (#3149)
  • 9342e9a Add Java 21 to CI build matrix (#3145)
  • c574cea Update JaCoCo to 0.8.11 (#3147)
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.15.2 to 2.15.3

Commits

Updates com.fasterxml.jackson.core:jackson-annotations from 2.15.2 to 2.15.3

Commits

Updates com.fasterxml.jackson.core:jackson-core from 2.15.2 to 2.15.3

Commits
  • 80e6c42 [maven-release-plugin] prepare release jackson-core-2.15.3
  • 18d61c9 Prepare for 2.15.3 release
  • 372a009 Update release notes wrt #1111
  • e2d2fc2 Call the right filterFinishArray/Object from FilteringParserDelegate (#1111)
  • e5f0004 Update Maven wrapper version
  • f3da625 Further tweaking of release notes
  • 22fd108 Add ref to #943 in release-notes/VERSION-2.x
  • c94fd87 2.15.3-SNAPSHOT
  • b7e1bb9 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.15.2 to 2.15.3

Updates io.jsonwebtoken:jjwt from 0.9.1 to 0.12.3

Release notes

Sourced from io.jsonwebtoken:jjwt's releases.

0.12.3

This is a minor patch release that address two issues:

  1. The org.json dependency has been upgraded to 20231013 to address that library's CVE-2023-5072 vulnerability.

  2. Empty custom claims values are (re-)enabled which was the behavior in <= 0.11.5. See Issue 858.

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.2

This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem on >= JDK 17. The 0.12.1 fix worked, but only if the importing project or application did not have its own module-info.java file.

This release removes that reflection code entirely in favor of a JJWT-native implementation, eliminating JPMS module (scope) problems on >= JDK 17. As such, --add-opens flags are no longer required to use JJWT.

The fix has been tested up through JDK 21 in a separate application environment (out of JJWT's codebase) to assert expected functionality in a 'clean room' environment in a project both with and without module-info.java usage.

Notes are in the CHANGELOG, and project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.1

This is a quick follow-up release from yesterday's 0.12.0 release that addresses a reflection issue on JDK 17. The fix has been tested up through JDK 21.

Notes are in the CHANGELOG, and project documentation is in the README.

Please allow 30 minutes for the release to be available in Maven Central.

0.12.0

It is finally here! This release includes full support for JSON Web Encryption (JWE), JSON Web Keys (JWK), JSON Web Key Thumbprints, JSON Web Key Thumbprint URIs, and so, so much more.

This is the culmination of hundreds of hours worth of work and testing, and we're glad to finally release it. However, please note:

This is our first-ever breaking change release. While we tried hard to minimize the breakages, some were just necessary in preparation for 1.0 and to finalize all JWT RFC features. If you are not partial to fixing changes when upgrading a library, we strongly encourage you to wait until the 1.0 release.

Please pay particular attention to the CHANGELOG listing breaking changes.

Full documentation is available in the README.

Changelog

Sourced from io.jsonwebtoken:jjwt's changelog.

0.12.3

This patch release:

  • Upgrades the org.json dependency to 20231013 to address that library's CVE-2023-5072 vulnerability.
  • (Re-)enables empty values for custom claims, which was the behavior in <= 0.11.5. Issue 858.

0.12.2

This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem on >= JDK 17. The 0.12.1 fix worked, but only if the importing project or application did not have its own module-info.java file.

This release removes that reflection code entirely in favor of a JJWT-native implementation, eliminating JPMS module (scope) problems on >= JDK 17. As such, --add-opens flags are no longer required to use JJWT.

The fix has been tested up through JDK 21 in a separate application environment (out of JJWT's codebase) to assert expected functionality in a 'clean room' environment in a project both with and without module-info.java usage.

0.12.1

Enabled reflective access on JDK 17+ to java.io.ByteArrayInputStream and sun.security.util.KeyUtil for jjwt-impl.jar

0.12.0

This is a big release! JJWT now fully supports Encrypted JSON Web Tokens (JWE), JSON Web Keys (JWK) and more! See the sections below enumerating all new features as well as important notes on breaking changes or backwards-incompatible changes made in preparation for the upcoming 1.0 release.

Because breaking changes are being introduced, it is strongly recommended to wait until the upcoming 1.0 release where you can address breaking changes one time only.

Those that need immediate JWE encryption and JWK key support however will likely want to upgrade now and deal with the smaller subset of breaking changes in the 1.0 release.

Simplified Starter Jar

Those upgrading to new modular JJWT versions from old single-jar versions will transparently obtain everything they need in their Maven, Gradle or Android projects.

JJWT's early releases had one and only one .jar: jjwt.jar. Later releases moved to a modular design with 'api' and 'impl' jars including 'plugin' jars for Jackson, GSON, org.json, etc. Some users upgrading from the earlier single jar to JJWT's later versions have been frustrated by being forced to learn how to configure the more modular .jars.

This release re-introduces the jjwt.jar artifact again, but this time it is simply an empty .jar with Maven metadata that will automatically transitively download the following into a project, retaining the old single-jar behavior:

... (truncated)

Commits

Updates org.owasp:dependency-check-maven from 8.4.0 to 8.4.2

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 8.4.2

  • fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1

  • fix: upgrade to JCS3 (#5114)
  • fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
  • fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
  • fix: Do not filter out evidences added by hints (#5900)
  • fix: fixes FP #5925 (#5927)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 8.4.2 (2023-10-22)

  • fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1 (2023-10-21)

Fixed

  • fix: upgrade to JCS3 (#5114)
  • fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
  • fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
  • fix: Do not filter out evidences added by hints (#5900)
  • fix: fixes FP #5925 (#5927)

See the full listing of changes.

Commits
  • c15b3b9 build: prepare release v8.4.2
  • dbdb84d docs: release 8.4.2
  • 74f5156 fix: dependabot config
  • 1162b3e fix: correct log configuration in cli (#6002)
  • e105540 chore: Release 8.4.1 (#6000)
  • 5cc8df0 build: prepare for next development iteration
  • 61377ad build: prepare release v8.4.1
  • e2649a6 docs: prepare release
  • 778185b build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#5994)
  • 81bd778 build(deps): bump se.bjurr.violations:violations-lib from 1.156.6 to 1.156.7 ...
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.11

New Features

  • JaCoCo now officially supports Java 21 (GitHub #1520).
  • Experimental support for Java 22 class files (GitHub #1479).
  • Part of bytecode generated by the Java compilers for exhaustive switch expressions is filtered out during generation of report (GitHub #1472).
  • Part of bytecode generated by the Java compilers for record patterns is filtered out during generation of report (GitHub #1473).

Fixed bugs

  • Instrumentation should not cause VerifyError when the last local variable of method parameters is overridden in the method body to store a value of type long or double (GitHub #893).
  • Restore exec file compatibility with versions from 0.7.5 to 0.8.8 in case of class files with zero line numbers (GitHub #1492).

Non-functional Changes

  • jacoco-maven-plugin now requires at least Java 8 (GitHub #1466, #1468).
  • JaCoCo build now requires at least Maven 3.5.4 (GitHub #1467).
  • Maven 3.9.2 should not produce warnings for jacoco-maven-plugin (GitHub #1468).
  • JaCoCo build now requires JDK 17 (GitHub #1482).
  • JaCoCo now depends on ASM 9.6 (GitHub #1518).
Commits
  • f33756c Prepare release 0.8.11
  • 0670530 Upgrade animal-sniffer-maven-plugin to 1.23
  • 206e5be Restore exec file compatibility after upgrade of ASM to version 9.5 (#1492)
  • 36fc079 Update documentation: JDK version 21 is officially supported (#1520)
  • 7162917 Add validation tests for boolean expressions (#1505)
  • 4bc9267 Fix link to Bytecode Outline Plug-In (#1519)
  • ded62fc Upgrade ASM to 9.6 (#1518)
  • 6798260 Fix links to ASM website (#1515)
  • 4ba332f Fix misleading outdated javadoc (#1513)
  • 7ca0f0f Opcodes.RET should be processed by visitVarInsn instead of visitInsn (#...
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.2

🐛 Bug Fixes

📦 Dependency updates

3.6.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

... (truncated)

Commits
  • 28a89f1 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.2
  • 16ca43f [maven-release-plugin] prepare for next development iteration
  • 88bc4a5 Align IT after MJAVADOC-716
  • 4b881e8 Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0
  • 45a8d29 [MJAVADOC-716] Fix stale files detection failing because of the added newline...
  • afb2dee [MJAVADOC-713] Skipping Javadoc reportset leaves empty Javadoc link in site
  • 4bad23f [MJAVADOC-730] Deprecate parameter "old"
  • 8364883 [MJAVADOC-777] Bump org.codehaus.plexus:plexus-java from 1.1.2 to 1.2.0 (#245)
  • 6fa9c86 [MJAVADOC-762] don't share state between tests (#218)
  • 05b12e8 [MJAVADOC-726] exclude velocity (#243)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 9 updates
26433af 
Bumps the dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.5.0` | `5.7.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.15.2` | `2.15.3` |
| [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.15.2` | `2.15.3` |
| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.15.2` | `2.15.3` |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.15.2` | `2.15.3` |
| [io.jsonwebtoken:jjwt](https://github.com/jwtk/jjwt) | `0.9.1` | `0.12.3` |
| [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `8.4.0` | `8.4.2` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.10` | `0.8.11` |
| [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.5.0` | `3.6.2` |


Updates `org.mockito:mockito-core` from 5.5.0 to 5.7.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.5.0...v5.7.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.15.3
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.15.2 to 2.15.3
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.15.3
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](FasterXML/jackson-core@jackson-core-2.15.2...jackson-core-2.15.3)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.15.2 to 2.15.3

Updates `io.jsonwebtoken:jjwt` from 0.9.1 to 0.12.3
- [Release notes](https://github.com/jwtk/jjwt/releases)
- [Changelog](https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md)
- [Commits](jwtk/jjwt@0.9.1...0.12.3)

Updates `org.owasp:dependency-check-maven` from 8.4.0 to 8.4.2
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v8.4.0...v8.4.2)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.10 to 0.8.11
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.10...v0.8.11)

Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.5.0 to 3.6.2
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.5.0...maven-javadoc-plugin-3.6.2)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.jsonwebtoken:jjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 7, 2023
@dependabot dependabot bot mentioned this pull request Nov 7, 2023
Closed
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Nov 15, 2023

Superseded by #237.

@dependabot dependabot bot closed this Nov 15, 2023
@dependabot dependabot bot deleted the dependabot/maven/dependencies-9f96ef8638 branch November 15, 2023 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants