Generalize workflow #1

derek-ho · 2024-02-17T16:08:44Z

Description

[Describe what this change achieves]

Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
Why these changes are required?
What is the old behavior before changes and new behavior after changes?

Issues Resolved

[List any issues this PR will resolve]

Is this a backport? If so, please add backport PR # and/or commits #

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

New functionality includes testing
New functionality has been documented
Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

…ficate (opensearch-project#3268) Solves bug where backwards compatibility tests would fail for IPv6 loopback address (`::1`) with: `No subject alternative names matching IP address ::1 found` Signed-off-by: Darshit Chanpura <dchanp@amazon.com>

…pensearch-project#3205) Excluded sensitive info for java stacktrace: - YAML object mapper as well - NonValidatingObjectMapper - defaulOmittingObjectMapper More details see https://github.com/FasterXML/jackson-core/wiki/JsonParser-Features#misc-other Signed-off-by: Andrey Pleskach <ples@aiven.io>

…ensearch-project#3262) ### Description After RFC 6901 was introduced and the implementation was added to Jackson, there is no need to keep the `com.jayway.jsonpath:json-path` library in our source code, so we can replace current validation with Jackson's `JsonPointer` class. Besides added missing tests for: - `RoleRequestContentValidator` - `AuditRequestContentValidator` ### Issues Resolved opensearch-project#3245 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Andrey Pleskach <ples@aiven.io>

…ensearch-project#3278) The resent refactoring of the REST APIs: opensearch-project#3123 introduce a regression in how roles-mapping verification has worked before. The old solution verified only hidden roles both for internal users and roles mapping, while new was too strict and forbid to do it for both. This PR fixes the problem and uses the same logic as it was before. - In case of roles-mapping it verifies only a role associated with it that the role is not hidden. - In case of internal users it verifies that a role is not hidden and roles-mapping associated with the role is mutable So verification was split and added to the corresponding ActionApi class which is more convenient as it was before. Signed-off-by: Andrey Pleskach <ples@aiven.io>

### Description Fix checkstyle. Now it works as expected. The problem is that chectyle works only with one config file. It does not support multiple files except per-defined files like `suppressions.xml`. So the previous config effectively replaced `sun_checks.xml` and validated only `System.out.println` lines in `tools`. Since `println_checks.xml` replaced the main file we did not notice that new version of checktyle removed `PrintlnModule` from the code base. Changes: - All code related to checking `tools` folder was moved in the main file - Renamed the `sun_...xml` file to the `checktyle.xml` which is default settings for checkstyle so we can track changes in it - Set the latest version for `checktyle` so it can validate new JDK features as well - Fixed problematic files which checkstyle highlighted ### Issues Resolved opensearch-project#3260 ### Testing `System.out.println` I tested manually all I can say it works :-) ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Andrey Pleskach <ples@aiven.io>

…rch-project#3295) Bumps com.diffplug.spotless from 6.20.0 to 6.21.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

….5.14 (opensearch-project#3292) Bumps org.apache.httpcomponents:fluent-hc from 4.5.13 to 4.5.14. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.httpcomponents:fluent-hc&package-manager=gradle&previous-version=4.5.13&new-version=4.5.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…4.2 (opensearch-project#3293) Bumps [com.github.wnameless.json:json-base](https://github.com/wnameless/json-base) from 2.4.1 to 2.4.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wnameless/json-base/commit/c95690e20eeacff7be276a56f9c73b28274c3666"><code>c95690e</code></a> [maven-release-plugin] prepare release json-base-2.4.2</li> <li><a href="https://github.com/wnameless/json-base/commit/55b592ec9db943804415de12f0447eaecda9f52a"><code>55b592e</code></a> Merge branch 'develop'</li> <li><a href="https://github.com/wnameless/json-base/commit/2472d8cb04c91d76e30fff3826f93afd413da2ac"><code>2472d8c</code></a> Add license detail</li> <li><a href="https://github.com/wnameless/json-base/commit/125f770d1f2abdbcbae99da9ef172a0088d6953f"><code>125f770</code></a> Upgrade POM</li> <li><a href="https://github.com/wnameless/json-base/commit/dea903fda4c0e8c80d9a24d20d4b56017406ba0a"><code>dea903f</code></a> Update release-notes</li> <li><a href="https://github.com/wnameless/json-base/commit/a87237a0f358b2775984bd1aaecc50b2388ab8fe"><code>a87237a</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/wnameless/json-base/compare/json-base-2.4.1...json-base-2.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.wnameless.json:json-base&package-manager=gradle&previous-version=2.4.1&new-version=2.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…search-project#3306) Use version of org.apache.commons:commons-lang3 defined in core Signed-off-by: Craig Perkins <cwperx@amazon.com>

…rch-project#3297) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1.8.0 to 1.8.2. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…h-project#3289) ### Description Netty has logic to use the BouncyCastlePemReader if BouncyCastle is located on the class path. The BouncyCastle provider loaded properly in netty, but was failing to read the private key with permissions issues that failed silently. With netty, if one PemReader fails they will fall back to the next which is only capable of reading keys in the PKCS#8 format. The regression in PKCS#1 keys happened when bouncycastle was upgraded from jdk15on to jdk15to18. This PR adds permissions to ensure that netty can read the PKCS#1 keys. This PR also cleans up the policy file to have a single entry for `permission java.util.PropertyPermission "*","read,write";` because the other entries are redundant. Open Questions: - There is a test in SSLTest to ensure PKCS#1 keys can be read. Why did that test not catch this? * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Bug fix ### Issues Resolved opensearch-project#3281 ### Testing Used the same certs from the SSLTest for PKCS#1 keys. Before the change the 2.9.0 cluster could not be brought up, after the change the cluster starts successfully. ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

System index permissions Signed-off-by: Sam <samuel.costa@eliatra.com> Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: Peter Nied <peternied@hotmail.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Peter Nied <peternied@hotmail.com>

…ensearch-project#3263) During the triage meeting on Aug 27th, based on time constraints member requests were opened up earlier than previously scheduled on the agenda. This pull request captures this change to ensure meeting members can more quickly discuss an issue/PR. The opening phase of the triage meeting was not captured and has been included to document the informal and open tone of the meeting. Signed-off-by: Peter Nied <petern@amazon.com> Signed-off-by: Peter Nied <peternied@hotmail.com>

… to 0.16.5 (opensearch-project#3296) Bumps [com.github.wnameless.json:json-flattener](https://github.com/wnameless/json-flattener) from 0.16.4 to 0.16.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wnameless/json-flattener/blob/master/release-notes">com.github.wnameless.json:json-flattener's changelog</a>.</em></p> <blockquote> <p>Version 0.1.0</p> <ul> <li>First release</li> </ul> <p>Version 0.1.1</p> <ul> <li>Fix minimal-json parsing double value(ex:6.0) error</li> </ul> <p>Version 0.1.2</p> <ul> <li>Fix the bug of empty array or empty object disappearing after flattening</li> </ul> <p>Version 0.1.3</p> <ul> <li>Fix the bug of objects unflattening in reversed indexed array(ex: {"List[1].type":"B","List[0].type":"A"})</li> </ul> <p>Version 0.1.4</p> <ul> <li>Fix the bug of reversed indexed arrays unflattening(ex: {"[1][1]":"B","[0][0]":"A"})</li> <li>Fix the bug of init complex key unflattening(ex: {"["b.b"].aaa":123})</li> </ul> <p>Version 0.1.5</p> <ul> <li>Escape JSON special characters in flattened JSON keys, values and Java Map keys but not in Java Map values</li> </ul> <p>Version 0.1.6</p> <ul> <li>For ease of use, Unicode characters aren't escaped anymore</li> </ul> <p>Version 0.2.0</p> <ul> <li>Add FlattenMode</li> <li>Add StringEscapePolicy</li> <li>Add separator config</li> <li>Add PrintMode</li> </ul> <p>Version 0.2.1</p> <ul> <li>Remove internal cache</li> </ul> <ul> <li>Add missing hashCode, equals and toString to JsonUnflattener</li> </ul> <ul> <li>Fix the stack overflow bug in KEEP_ARRAYS mode when null value occurs</li> </ul> <p>Version 0.2.2</p> <ul> <li>Fix the stack overflow bug in KEEP_ARRAYS mode when empty object occurs</li> </ul> <p>Version 0.2.3</p> <ul> <li>Fix internal JsonFlattener state inheritance bug during instantiation</li> </ul> <p>Version 0.2.4</p> <ul> <li>Fix the bug of wrong output if ROOT value shows in source object</li> </ul> <p>Version 0.3.0</p> <ul> <li>Support Reader as inputs</li> <li>Add #withLeftAndRightBrackets</li> </ul> <p>Version 0.4.0</p> <ul> <li>Add FlattenMode.MONGODB</li> <li>Add #withKeyTransformer</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wnameless/json-flattener/commit/bec6bad71aa7d612cf9bf098f1be041553cc0b01"><code>bec6bad</code></a> [maven-release-plugin] prepare release json-flattener-0.16.5</li> <li><a href="https://github.com/wnameless/json-flattener/commit/a5cf1b369ce58a1d5e0439efcf06c1edf4abee34"><code>a5cf1b3</code></a> Upgrade json-base</li> <li><a href="https://github.com/wnameless/json-flattener/commit/d66bc1f1c50da009397721a96c4a4010375a4038"><code>d66bc1f</code></a> Update release-notes and POM</li> <li><a href="https://github.com/wnameless/json-flattener/commit/58886e366eaa4a20b1c48cfd36197fa92c016e69"><code>58886e3</code></a> Upgrade pom</li> <li><a href="https://github.com/wnameless/json-flattener/commit/51c69933d1ce4aa73828ea62366e13816ae38e26"><code>51c6993</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/wnameless/json-flattener/compare/json-flattener-0.16.4...json-flattener-0.16.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.wnameless.json:json-flattener&package-manager=gradle&previous-version=0.16.4&new-version=0.16.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ensearch-project#3270) ### Description Add integration test case for OBO hostmapping * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Test Enhancement ### Issues Resolved * Resolve opensearch-project#3222 ### Check List - [x] New functionality includes testing - [ ] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Ryan Liang <jiallian@amazon.com>

opensearch-project#3326) …feature ### Description add the conversation memory experimental feature system indices as system indices ### Issues Resolved ml-commons 1150 Is this a backport? If so, please add backport PR # and/or commits # ### Testing [Please provide details of testing done: unit testing, integration testing and manual testing] ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: HenryL27 <hmlindeman@yahoo.com>

Add tracer for getHttpTransports - Related Add Tracing Instrumentation at Network and Rest layer OpenSearch#9415 Signed-off-by: Ryan Liang <jiallian@amazon.com>

…ch-project#3353) ### Description Seeing a ton of CI failures due to code coverage upload failures. I'd like to fix this - but I'd rather keep the builds flowing in until we have a better solution. E.g: https://github.com/opensearch-project/security/actions/runs/6153593099/job/16697726519?pr=3339 - Related opensearch-project#2649 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [X] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Peter Nied <petern@amazon.com>

….11 to 2.9.12 (opensearch-project#3341) Bumps [org.springframework.kafka:spring-kafka-test](https://github.com/spring-projects/spring-kafka) from 2.9.11 to 2.9.12. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…opensearch-project#3344) Bumps [org.scala-lang:scala-library](https://github.com/scala/scala) from 2.13.11 to 2.13.12. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…29 (opensearch-project#3342) Bumps [org.springframework:spring-beans](https://github.com/spring-projects/spring-framework) from 5.3.20 to 5.3.29. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…rch-project#3339) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1.8.2 to 2.0.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… 2.3.1 (opensearch-project#3368) Bumps org.apache.ws.xmlschema:xmlschema-core from 2.3.0 to 2.3.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.ws.xmlschema:xmlschema-core&package-manager=gradle&previous-version=2.3.0&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…pensearch-project#3370) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v4</h2> <p>This tag tracks the latest v4.x.x release</p> <h2>v4.0.0</h2> <p>See the <a href="https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.0/CHANGELOG.md">changelog</a> for details about the changes included in this release.</p> <h2>v3.0.2</h2> <p>See the <a href="https://github.com/aws-actions/configure-aws-credentials/blob/v3.0.2/CHANGELOG.md">changelog</a> for details about the changes included in this release.</p> <h2>v3.0.1</h2> <p>See the <a href="https://github.com/aws-actions/configure-aws-credentials/blob/v3.0.1/CHANGELOG.md">changelog</a> for details about the changes included in this release.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v3.0.0...v3.0.1">3.0.1</a> (2023-08-24)</h2> <h3>Features</h3> <ul> <li>Can configure <code>special-characters-workaround</code> to keep retrying credentials if the returned credentials have special characters (Fixes <a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/599">#599</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Fixes <a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/792">#792</a>: Action fails when intending to use existing credentials</li> <li>Minor typo fix from <a href="https://github.com/ubaid-ansari21"><code>@ubaid-ansari21</code></a></li> </ul> <h3>Changes to existing functionality</h3> <ul> <li>Special characters are now allowed in returned credential variables unless you configure the <code>special-characters-workaround</code> option</li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v2.2.0...v3.0.0">3.0.0</a> (2023-08-21)</h2> <h3>Features</h3> <ul> <li>Can configure <code>max-retries</code> and <code>disable-retry</code> to modify retry functionality when the assume role call fails</li> <li>Set returned credentials as step outputs with <code>output-credentials</code></li> <li>Clear AWS related environment variables at the start of the action with <code>unset-current-credentials</code></li> <li>Unique role identifier is now printed in the workflow logs</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Can't use credentials if they contain a special character</li> <li>Retry functionality added when generating the JWT fails</li> <li>Can now use <code>webIdentityTokenFile</code> option</li> <li>Branch name validation too strict</li> <li>JS SDK v2 deprecation warning in workflow logs</li> </ul> <h3>Changes to existing functionality</h3> <ul> <li>Default session duration is now 1 hour in all cases (from 6 hours in some cases)</li> <li>Account ID will not be masked by default in logs</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/8c3f20df09ac63af7b3ae3d7c91f105f857d8497"><code>8c3f20d</code></a> chore: release v4 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/840">#840</a>)</li> <li>See full diff in <a href="https://github.com/aws-actions/configure-aws-credentials/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/configure-aws-credentials&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…roject#3365) Bumps `apache_cxf_version` from 4.0.2 to 4.0.3. Updates `org.apache.cxf:cxf-rt-rs-security-jose` from 4.0.2 to 4.0.3 Updates `org.apache.cxf:cxf-core` from 4.0.2 to 4.0.3 Updates `org.apache.cxf:cxf-rt-rs-json-basic` from 4.0.2 to 4.0.3 Updates `org.apache.cxf:cxf-rt-security` from 4.0.2 to 4.0.3 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

@Autowired

…30 (opensearch-project#3366) Bumps [org.springframework:spring-beans](https://github.com/spring-projects/spring-framework) from 5.3.29 to 5.3.30. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-beans's releases</a>.</em></p> <blockquote> <h2>v5.3.30</h2> <h2>:star: New Features</h2> <ul> <li>Optimize <code>ClassUtils#getMostSpecificMethod</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31100">#31100</a></li> <li>Optimize whitespace checks in <code>StringUtils</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31069">#31069</a></li> <li>Align validation metadata handling in <code>PayloadMethodArgumentResolver</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31056">#31056</a></li> <li>Register an override for an existing adapter in <code>ReactiveAdapterRegistry</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31048">#31048</a></li> <li>Make bean initialization deterministic for multiple <code>@Autowired</code> methods on same bean class <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30994">#30994</a></li> <li>Performance bottlenecks while creating scoped bean instances <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30892">#30892</a></li> </ul> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>Possible classloader leak through incomplete clearing of annotation caches <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31176">#31176</a></li> <li>Spring <code>LogFactory</code> implementation deviates from original Apache <code>LogFactory</code> in terms of abstract method declarations <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31167">#31167</a></li> <li>Bean injection fails due to <code>nullSafeConciseToString()</code> invoking <code>isEmpty()</code> on a <code>Map</code>/<code>Collection</code> proxy <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31156">#31156</a></li> <li>SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31099">#31099</a></li> <li><code>@DynamicPropertySource</code> in <code>@nested</code> test class cannot override dynamic properties from enclosing class <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31085">#31085</a></li> <li><code>TransactionalApplicationListenerMethodAdapter</code> should find <code>@TransactionalEventListener</code> on target class method <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31037">#31037</a></li> <li>ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31020">#31020</a></li> <li>Permgen memory leak due to <code>ClassInfo</code> caching in <code>java.beans.Introspector</code> on JDK 11/17 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31005">#31005</a></li> <li><code>MethodIntrospector.selectMethods(?)</code> fails to find methods in case of special bridge method arrangement <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30907">#30907</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31229">#31229</a></li> <li>Refine CORS documentation for wildcard processing <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31168">#31168</a></li> <li>Propagation REQUIRES_NEW may cause connection pool deadlock <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31040">#31040</a></li> <li>Clarify R2DBC <code>ConnectionAccessor</code> and <code>DatabasePopulator</code> exception declarations <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30933">#30933</a></li> <li>Doc: Avoid deadlock in <code>@PostConstruct</code> through SmartInitializingSingleton or ContextRefreshedEvent <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30889">#30889</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-framework/commit/e5d99ecf984537ab52825292d5ce76130b425e3e"><code>e5d99ec</code></a> Release v5.3.30</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/f7bf2431fb6f923ae484d6b5cdc5547c3fe04c72"><code>f7bf243</code></a> Clarify IN clause resolution with List/Iterable parameter</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/40678bb981bf5f8c0127bdd54976df6ede08b1ad"><code>40678bb</code></a> Refine CORS documentation for wildcard processing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/75faf698afd2dd0f93fe3b03cc896e94085328d2"><code>75faf69</code></a> Refine CORS documentation for wildcard processing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/39c225c813f67c9e45dee755c1a297a82f97d1c6"><code>39c225c</code></a> AnnotationUtils.clearCache() includes all annotation caches</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/0c3d8d7a44fa057dd1c8bf62732cd23dc6220303"><code>0c3d8d7</code></a> Align abstract method signatures with original Commons Logging API</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/ddcae04ad57ffb2e03f28fa56ff258d5e0e02b1b"><code>ddcae04</code></a> Do not invoke [Map|Collection].isEmpty() in nullSafeConciseToString()</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/994bbec0c3ae081b1c81aa5d9335bf5f47964dbf"><code>994bbec</code></a> Polishing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/afb378a59fb4bbc24af0cacc0e7acb86e170d66c"><code>afb378a</code></a> Consistently throw ParseException instead of IllegalStateException</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/a4fc7d3c117c40d71046850a56957a229ba48524"><code>a4fc7d3</code></a> Optimize ClassUtils#getMostSpecificMethod</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-framework/compare/v5.3.29...v5.3.30">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-beans&package-manager=gradle&previous-version=5.3.29&new-version=5.3.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… to 0.16.6 (opensearch-project#3369) Bumps [com.github.wnameless.json:json-flattener](https://github.com/wnameless/json-flattener) from 0.16.5 to 0.16.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wnameless/json-flattener/blob/master/release-notes">com.github.wnameless.json:json-flattener's changelog</a>.</em></p> <blockquote> <p>Version 0.1.0</p> <ul> <li>First release</li> </ul> <p>Version 0.1.1</p> <ul> <li>Fix minimal-json parsing double value(ex:6.0) error</li> </ul> <p>Version 0.1.2</p> <ul> <li>Fix the bug of empty array or empty object disappearing after flattening</li> </ul> <p>Version 0.1.3</p> <ul> <li>Fix the bug of objects unflattening in reversed indexed array(ex: {"List[1].type":"B","List[0].type":"A"})</li> </ul> <p>Version 0.1.4</p> <ul> <li>Fix the bug of reversed indexed arrays unflattening(ex: {"[1][1]":"B","[0][0]":"A"})</li> <li>Fix the bug of init complex key unflattening(ex: {"["b.b"].aaa":123})</li> </ul> <p>Version 0.1.5</p> <ul> <li>Escape JSON special characters in flattened JSON keys, values and Java Map keys but not in Java Map values</li> </ul> <p>Version 0.1.6</p> <ul> <li>For ease of use, Unicode characters aren't escaped anymore</li> </ul> <p>Version 0.2.0</p> <ul> <li>Add FlattenMode</li> <li>Add StringEscapePolicy</li> <li>Add separator config</li> <li>Add PrintMode</li> </ul> <p>Version 0.2.1</p> <ul> <li>Remove internal cache</li> </ul> <ul> <li>Add missing hashCode, equals and toString to JsonUnflattener</li> </ul> <ul> <li>Fix the stack overflow bug in KEEP_ARRAYS mode when null value occurs</li> </ul> <p>Version 0.2.2</p> <ul> <li>Fix the stack overflow bug in KEEP_ARRAYS mode when empty object occurs</li> </ul> <p>Version 0.2.3</p> <ul> <li>Fix internal JsonFlattener state inheritance bug during instantiation</li> </ul> <p>Version 0.2.4</p> <ul> <li>Fix the bug of wrong output if ROOT value shows in source object</li> </ul> <p>Version 0.3.0</p> <ul> <li>Support Reader as inputs</li> <li>Add #withLeftAndRightBrackets</li> </ul> <p>Version 0.4.0</p> <ul> <li>Add FlattenMode.MONGODB</li> <li>Add #withKeyTransformer</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wnameless/json-flattener/commit/5cb34f52ca3a4fdbaf067ee53412d55c6f1ea1dd"><code>5cb34f5</code></a> [maven-release-plugin] prepare release json-flattener-0.16.6</li> <li><a href="https://github.com/wnameless/json-flattener/commit/1b0c1c3b9ed8e725c31dfe26bbecc48e26fa34af"><code>1b0c1c3</code></a> Upgrade release-notes</li> <li><a href="https://github.com/wnameless/json-flattener/commit/a42ddaf693b215c6f036057155b77133cc1c50f9"><code>a42ddaf</code></a> Upgrade json-base for precise scale of the float number</li> <li><a href="https://github.com/wnameless/json-flattener/commit/e8f5f710c85abc257907789468dc9aae91343807"><code>e8f5f71</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/wnameless/json-flattener/compare/json-flattener-0.16.5...json-flattener-0.16.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.wnameless.json:json-flattener&package-manager=gradle&previous-version=0.16.5&new-version=0.16.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…8.0 (opensearch-project#3367) Bumps [org.checkerframework:checker-qual](https://github.com/typetools/checker-framework) from 3.36.0 to 3.38.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#3976) ### Description Coming from opensearch-project/opensearch-api-specification#179 which flags a couple of false positives because of mismatched trailing slash. ### Check List - [x] New functionality includes testing - [x] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: dblock <dblock@amazon.com>

….19) (opensearch-project#3992) ### Description This PR bumps spotless to bump the transient dependency on org.eclipse.platform:org.eclipse.core.resources@3.18.100 -> org.eclipse.platform:org.eclipse.core.resources@3.19.100. In turn this should stop scanners from reporting the project as vulnerable to: https://nvd.nist.gov/vuln/detail/CVE-2023-4218. I was not able to easily move just the Eclipse dependency because it seems that the package causing the flagging org.eclipse.platform:org.eclipse.core.resources@3.18.100 does not have a straight path forward to the recommended versions listed on the CVE. However, https://security.snyk.io/package/maven/org.eclipse.platform:org.eclipse.core.resources/3.19.100 reports that this version should remove the issue while https://security.snyk.io/package/maven/org.eclipse.platform:org.eclipse.core.resources/3.18.100 will cause the flag. One note: We should not actually be concerned about this issue as it is related to Eclipse IDE behavior and nothing to do with the type of dependency on the Eclipse packages like we have. ### Check List - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <steecraw@amazon.com>

…arch-project#3996) Bumps [io.dropwizard.metrics:metrics-core](https://github.com/dropwizard/metrics) from 4.2.24 to 4.2.25. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dropwizard/metrics/commit/7c2ffc504d94639bc585de2e86017d632c4f9f3f"><code>7c2ffc5</code></a> [maven-release-plugin] prepare release v4.2.25</li> <li><a href="https://github.com/dropwizard/metrics/commit/b116e89eae610808de21114f9dad8a60b42cbfc9"><code>b116e89</code></a> Jakarta HealthCheckServlet object mapper and status indicator (<a href="https://redirect.github.com/dropwizard/metrics/issues/3924">#3924</a>)</li> <li><a href="https://github.com/dropwizard/metrics/commit/5255717cd23a0593c2040e45070f250f460b070d"><code>5255717</code></a> Update dependency org.assertj:assertj-core to v3.25.2</li> <li><a href="https://github.com/dropwizard/metrics/commit/0aada3fc03b8a5f91ce87d10234c444c1c2a804c"><code>0aada3f</code></a> Update dependency org.apache.httpcomponents.client5:httpclient5 to v5.3.1</li> <li><a href="https://github.com/dropwizard/metrics/commit/29ce821ec9485674f64db566a091cecb34599e9f"><code>29ce821</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/dropwizard/metrics/compare/v4.2.24...v4.2.25">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.dropwizard.metrics:metrics-core&package-manager=gradle&previous-version=4.2.24&new-version=4.2.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps `jjwt_version` from 0.12.3 to 0.12.4. Updates `io.jsonwebtoken:jjwt-api` from 0.12.3 to 0.12.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-api's releases</a>.</em></p> <blockquote> <h2>0.12.4</h2> <p>This is patch release completes <a href="https://github.com/jwtk/jjwt/issues?q=milestone%3A0.12.4+is%3Aissue">10 issues</a>, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.</p> <ol> <li>The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom <code>ObjectMapper</code> if desired.</li> <li>Password-based JWE encryption key algorithms (<code>PBES2_HS256_A128KW</code>, <code>PBES2_HS384_A192KW</code> and <code>PBES2_HS512_A256KW</code>) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!</li> </ol> <p>A number of other issues fixed: thread-safe <code>ServiceLoader</code> usage for dynamic JSON processor lookup, Android enhancements for JSON <code>Reader</code> APIs, fixed Elliptic Curve field element padding, and more. Please read the <a href="https://github.com/jwtk/jjwt/blob/0.12.4/CHANGELOG.md">0.12.4 CHANGELOG</a> for full details of all of these changes, and as always, project documentation is in the <a href="https://github.com/jwtk/jjwt/blob/0.12.4/README.md">0.12.4 README</a>.</p> <p>Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-api's changelog</a>.</em></p> <blockquote> <h3>0.12.4</h3> <p>This patch release includes various changes listed below.</p> <h4>Jackson Default Parsing Behavior</h4> <p>This release makes two behavioral changes to JJWT's default Jackson <code>ObjectMapper</code> parsing settings:</p> <ol> <li> <p>In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default <code>ObjectMapper </code>is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.</p> <p>For example, now the following JSON, if parsed, would fail (be rejected) by default:</p> <pre lang="json"><code>{ "hello": "world", "thisWillFail": 42, "thisWillFail": "test" } </code></pre> <p>Technically, the JWT RFCs <em>do allow</em> duplicate named fields as long as the last parsed member is the one used (see <a href="https://datatracker.ietf.org/doc/html/rfc7515#section-4">JWS RFC 7515, Section 4</a>), so this is allowed. However, because JWTs often reflect security concepts, it's usually better to be defensive and reject these unexpected scenarios by default. The RFC later supports this position/preference in <a href="https://datatracker.ietf.org/doc/html/rfc7515#section-10.12">Section 10.12</a>:</p> <pre><code>Ambiguous and potentially exploitable situations could arise if the JSON parser used does not enforce the uniqueness of member names or returns an unpredictable value for duplicate member names. </code></pre> <p>Finally, this is just a default, and the RFC does indeed allow duplicate member names if the last value is used, so applications that require duplicates to be allowed can simply configure their own <code>ObjectMapper</code> and use that with JJWT instead of assuming this (new) JJWT default. See [Issue <a href="https://redirect.github.com/jwtk/jjwt/issues/877">#877</a>](<a href="https://redirect.github.com/jwtk/jjwt/issues/877">jwtk/jjwt#877</a>) for more.</p> </li> <li> <p>If using JJWT's support to use Jackson to parse <a href="https://github.com/jwtk/jjwt#json-jackson-custom-types">Custom Claim Types</a> (for example, a Claim that should be unmarshalled into a POJO), and the JSON for that POJO contained a member that is not represented in the specified class, Jackson would fail parsing by default. Because POJOs and JSON data models can sometimes be out of sync due to different class versions, the default behavior has been changed to ignore these unknown JSON members instead of failing (i.e. the <code>ObjectMapper</code>'s <code>DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES</code> is now set to <code>false</code>) by default.</p> <p>Again, if you prefer the stricter behavior of rejecting JSON with extra or unknown properties, you can configure <code>true</code> on your own <code>ObjectMapper</code> instance and use that instance with the <code>Jwts.parser()</code> builder.</p> </li> </ol> <h4>Additional Changes</h4> <p>This release also:</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/bf4168cdceb85435b17d912a2087960ae597d37f"><code>bf4168c</code></a> [maven-release-plugin] prepare release 0.12.4</li> <li><a href="https://github.com/jwtk/jjwt/commit/5c6dec061ff99ef7122a33960ada95e496a37087"><code>5c6dec0</code></a> - Adding 0.12.4 release version references</li> <li><a href="https://github.com/jwtk/jjwt/commit/dd10b12b53b5bb26299c5435aa9d193e71b6b918"><code>dd10b12</code></a> Added JWK Set documentation to README.mdJwkset doc (<a href="https://redirect.github.com/jwtk/jjwt/issues/912">#912</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6335381c978ce83c9c15bd3c349f32d1bed72d4f"><code>6335381</code></a> PBES2 decryption maximum iterations (<a href="https://redirect.github.com/jwtk/jjwt/issues/911">#911</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/2884eb79529ec8b56ecdd7c9f7e7fbea5dfc4806"><code>2884eb7</code></a> - Updating to GitHub latest actions/checkout and actions/setup-java script ve...</li> <li><a href="https://github.com/jwtk/jjwt/commit/628bd6f4e8b885be2f9cfbd8cbf0767ce616003a"><code>628bd6f</code></a> Secret JWK <code>k</code> values larger than HMAC-SHA minimums (<a href="https://redirect.github.com/jwtk/jjwt/issues/909">#909</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/b12dabf100bbe8749d9bce49628d70b9f73af729"><code>b12dabf</code></a> Fix small typos (<a href="https://redirect.github.com/jwtk/jjwt/issues/908">#908</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/26f5dc3dbbb6070735498e4ea497f174b0a3850f"><code>26f5dc3</code></a> Updating changelog with more information/clarity for the 0.12.4 release (<a href="https://redirect.github.com/jwtk/jjwt/issues/907">#907</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/f61cfa875d1bfd9164c16069ab62bf7b74fcc831"><code>f61cfa8</code></a> Test case change to reflect accurate assertion for Elliptic Curve 'd' values ...</li> <li><a href="https://github.com/jwtk/jjwt/commit/fd619e0a4229e01cbd3ab1bd0a7a4f6cab21d784"><code>fd619e0</code></a> disable FAIL_ON_UNKNOWN_PROPERTIES deserialization feature of Jackson by defa...</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.3...0.12.4">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-impl` from 0.12.3 to 0.12.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-impl's releases</a>.</em></p> <blockquote> <h2>0.12.4</h2> <p>This is patch release completes <a href="https://github.com/jwtk/jjwt/issues?q=milestone%3A0.12.4+is%3Aissue">10 issues</a>, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.</p> <ol> <li>The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom <code>ObjectMapper</code> if desired.</li> <li>Password-based JWE encryption key algorithms (<code>PBES2_HS256_A128KW</code>, <code>PBES2_HS384_A192KW</code> and <code>PBES2_HS512_A256KW</code>) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!</li> </ol> <p>A number of other issues fixed: thread-safe <code>ServiceLoader</code> usage for dynamic JSON processor lookup, Android enhancements for JSON <code>Reader</code> APIs, fixed Elliptic Curve field element padding, and more. Please read the <a href="https://github.com/jwtk/jjwt/blob/0.12.4/CHANGELOG.md">0.12.4 CHANGELOG</a> for full details of all of these changes, and as always, project documentation is in the <a href="https://github.com/jwtk/jjwt/blob/0.12.4/README.md">0.12.4 README</a>.</p> <p>Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-impl's changelog</a>.</em></p> <blockquote> <h3>0.12.4</h3> <p>This patch release includes various changes listed below.</p> <h4>Jackson Default Parsing Behavior</h4> <p>This release makes two behavioral changes to JJWT's default Jackson <code>ObjectMapper</code> parsing settings:</p> <ol> <li> <p>In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default <code>ObjectMapper </code>is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.</p> <p>For example, now the following JSON, if parsed, would fail (be rejected) by default:</p> <pre lang="json"><code>{ "hello": "world", "thisWillFail": 42, "thisWillFail": "test" } </code></pre> <p>Technically, the JWT RFCs <em>do allow</em> duplicate named fields as long as the last parsed member is the one used (see <a href="https://datatracker.ietf.org/doc/html/rfc7515#section-4">JWS RFC 7515, Section 4</a>), so this is allowed. However, because JWTs often reflect security concepts, it's usually better to be defensive and reject these unexpected scenarios by default. The RFC later supports this position/preference in <a href="https://datatracker.ietf.org/doc/html/rfc7515#section-10.12">Section 10.12</a>:</p> <pre><code>Ambiguous and potentially exploitable situations could arise if the JSON parser used does not enforce the uniqueness of member names or returns an unpredictable value for duplicate member names. </code></pre> <p>Finally, this is just a default, and the RFC does indeed allow duplicate member names if the last value is used, so applications that require duplicates to be allowed can simply configure their own <code>ObjectMapper</code> and use that with JJWT instead of assuming this (new) JJWT default. See [Issue <a href="https://redirect.github.com/jwtk/jjwt/issues/877">#877</a>](<a href="https://redirect.github.com/jwtk/jjwt/issues/877">jwtk/jjwt#877</a>) for more.</p> </li> <li> <p>If using JJWT's support to use Jackson to parse <a href="https://github.com/jwtk/jjwt#json-jackson-custom-types">Custom Claim Types</a> (for example, a Claim that should be unmarshalled into a POJO), and the JSON for that POJO contained a member that is not represented in the specified class, Jackson would fail parsing by default. Because POJOs and JSON data models can sometimes be out of sync due to different class versions, the default behavior has been changed to ignore these unknown JSON members instead of failing (i.e. the <code>ObjectMapper</code>'s <code>DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES</code> is now set to <code>false</code>) by default.</p> <p>Again, if you prefer the stricter behavior of rejecting JSON with extra or unknown properties, you can configure <code>true</code> on your own <code>ObjectMapper</code> instance and use that instance with the <code>Jwts.parser()</code> builder.</p> </li> </ol> <h4>Additional Changes</h4> <p>This release also:</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/bf4168cdceb85435b17d912a2087960ae597d37f"><code>bf4168c</code></a> [maven-release-plugin] prepare release 0.12.4</li> <li><a href="https://github.com/jwtk/jjwt/commit/5c6dec061ff99ef7122a33960ada95e496a37087"><code>5c6dec0</code></a> - Adding 0.12.4 release version references</li> <li><a href="https://github.com/jwtk/jjwt/commit/dd10b12b53b5bb26299c5435aa9d193e71b6b918"><code>dd10b12</code></a> Added JWK Set documentation to README.mdJwkset doc (<a href="https://redirect.github.com/jwtk/jjwt/issues/912">#912</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6335381c978ce83c9c15bd3c349f32d1bed72d4f"><code>6335381</code></a> PBES2 decryption maximum iterations (<a href="https://redirect.github.com/jwtk/jjwt/issues/911">#911</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/2884eb79529ec8b56ecdd7c9f7e7fbea5dfc4806"><code>2884eb7</code></a> - Updating to GitHub latest actions/checkout and actions/setup-java script ve...</li> <li><a href="https://github.com/jwtk/jjwt/commit/628bd6f4e8b885be2f9cfbd8cbf0767ce616003a"><code>628bd6f</code></a> Secret JWK <code>k</code> values larger than HMAC-SHA minimums (<a href="https://redirect.github.com/jwtk/jjwt/issues/909">#909</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/b12dabf100bbe8749d9bce49628d70b9f73af729"><code>b12dabf</code></a> Fix small typos (<a href="https://redirect.github.com/jwtk/jjwt/issues/908">#908</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/26f5dc3dbbb6070735498e4ea497f174b0a3850f"><code>26f5dc3</code></a> Updating changelog with more information/clarity for the 0.12.4 release (<a href="https://redirect.github.com/jwtk/jjwt/issues/907">#907</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/f61cfa875d1bfd9164c16069ab62bf7b74fcc831"><code>f61cfa8</code></a> Test case change to reflect accurate assertion for Elliptic Curve 'd' values ...</li> <li><a href="https://github.com/jwtk/jjwt/commit/fd619e0a4229e01cbd3ab1bd0a7a4f6cab21d784"><code>fd619e0</code></a> disable FAIL_ON_UNKNOWN_PROPERTIES deserialization feature of Jackson by defa...</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.3...0.12.4">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-jackson` from 0.12.3 to 0.12.4 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/gradle-build-action/releases">gradle/gradle-build-action's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>First release candidate of <code>gradle/gradle-build-action@v3.0.0</code>. This release candidate will the first release available under the <code>v3</code> version tag.</p> <blockquote> <p>[!IMPORTANT] As of <code>v3</code> this action has been superceded by <code>gradle/actions/setup-gradle</code>. Any workflow that uses <code>gradle/gradle-build-action@v3</code> will transparently delegate to <code>gradle/actions/setup-gradle@v3</code>.</p> <p>Users are encouraged to update their workflows, replacing:</p> <pre><code>uses: gradle/gradle-build-action@v3 </code></pre> <p>with</p> <pre><code>uses: gradle/actions/setup-gradle@v3 </code></pre> <p>See the <a href="https://github.com/gradle/actions/tree/main/setup-gradle">setup-gradle documentation</a> for up-to-date documentation for <code>gradle/actons/setup-gradle</code>.</p> </blockquote> <h2>Changes from <code>gradle-build-action@v2</code></h2> <p>This release brings some useful and much requested features, including:</p> <ul> <li>save and restore the Gradle configuration-cache data</li> <li>add the Job summary content as a PR comment</li> <li>easily publish Build Scans® to the free <a href="https://scans.gradle.com">Gradle Build Scan service</a></li> <li>compatibility with Node 20</li> </ul> <p>The only major breaking change from <code>gradle-build-action@v2.12.0</code> is the update to require a Node 20 runtime environment. Aside from that change, this release should generally serve as a drop-in replacement for <code>gradle-build-action@v2</code>.</p> <h3>Changelog</h3> <ul> <li>[NEW] - Run with NodeJs 20.x (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/946">gradle/gradle-build-action#946</a>)</li> <li>[NEW] - Support for save & restore of configuration-cache data (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/966">gradle/gradle-build-action#966</a>)</li> <li>[NEW] - Support for automatic adding PR comment with Job Summary content (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1020">gradle/gradle-build-action#1020</a>)</li> <li>[NEW] - Make it easy to publish a Build Scan® to <a href="https://scans.gradle.com">https://scans.gradle.com</a> (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1044">gradle/gradle-build-action#1044</a>)</li> <li>[NEW] - Added <code>dependency-graph-continue-on-failure</code> input, which can be set to <code>false</code> to force the Job to fail when dependency graph submission fails (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1036">gradle/gradle-build-action#1036</a>). Failure modes include: <ul> <li>Fail build step if version of Gradle being executed is not supported for dependency-graph generation (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1034">gradle/gradle-build-action#1034</a>)</li> <li>Fail job if permissions are insufficient to submit dependency graph via Dependency Submission API (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/997">gradle/gradle-build-action#997</a>)</li> </ul> </li> <li>[NEW] - Add <code>dependency-graph: clear</code> option to clear any dependency-graph previously submitted by the job</li> <li>[FIX] Allow cache entries to be reused by jobs with the same ID in different workflows (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1017">gradle/gradle-build-action#1017</a>) <ul> <li>Workflow name remains part of the cache key, but cache entries generated by the same job id in a different workflow may be restored</li> </ul> </li> <li>[FIX] Register pre-installed JDKs in Maven toolchains.xml file (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1024">gradle/gradle-build-action#1024</a>) <ul> <li>This allows pre-installed JDKs to be auto-detected by Gradle Toolchain support on Windows</li> </ul> </li> <li>[FIX] - Update the Gradle Enterprise injection configuration for product rename to Develocity (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/995">gradle/gradle-build-action#995</a>)</li> <li>[FIX] - Avoid submitting an empty dependency graph when state is loaded from configuration-cache</li> <li>[DEPRECATION] - Deprecation of the arguments parameter (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/996">gradle/gradle-build-action#996</a>)</li> <li>[BREAKING CHANGE] - Remove the <code>gradle-executable</code> input parameter. Use a separate workflow Step to execute a Gradle from a custom location.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/gradle-build-action/commit/4a8703fa348fe99fdb9d2ac233732f7dccea5437"><code>4a8703f</code></a> Delegate to 'setup-gradle@v3.0.0-rc.1'</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/4a39eedb8c843f5dbd9abebfd404ae6e947328dc"><code>4a39eed</code></a> Mention setup-gradle in README</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/272883a7ba6334b53c9c43b570853bc46021955b"><code>272883a</code></a> Remove all action sources: these have been migrated to 'gradle/actions'</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/2a8bfcf2313611da65fd8cb2d81f50d99cb74ca0"><code>2a8bfcf</code></a> Delegate action implementation to gradle/actions/setup-gradle</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/e1ada08a9a43fad9770411d5dd099f25ece2569d"><code>e1ada08</code></a> Bump the github-actions group with 1 update (<a href="https://redirect.github.com/gradle/gradle-build-action/issues/1047">#1047</a>)</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/a8e3e5e2b4235aa45b6683dd85088aa7e737de34"><code>a8e3e5e</code></a> Apply dependency version updates</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/2be01ca1c632ae5a688f391acd726cf89c392794"><code>2be01ca</code></a> Build outputs</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/a00827eebb1e3036a35b5705ca9fc36a0f0ff33d"><code>a00827e</code></a> Bump the npm-dependencies group with 7 updates</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/ad80850e980287e8a0b25382843366a43d8694dd"><code>ad80850</code></a> Bump the github-actions group with 2 updates</li> <li><a href="https://github.com/gradle/gradle-build-action/commit/bd6d0a74d4407cffbe7946377ff9dd004fae9570"><code>bd6d0a7</code></a> Configure explicit java version for config-cache test</li> <li>Additional commits viewable in <a href="https://github.com/gradle/gradle-build-action/compare/v2...v3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/gradle-build-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Prabhas Kurapati <prabhask@berkeley.edu>

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

Bumps `jjwt_version` from 0.12.4 to 0.12.5. Updates `io.jsonwebtoken:jjwt-api` from 0.12.4 to 0.12.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-api's releases</a>.</em></p> <blockquote> <h2>0.12.5</h2> <p>This release fixes issue <a href="https://redirect.github.com/jwtk/jjwt/issues/916">#916</a> and ensures that builders' <code>NestedCollection</code> changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call <code>.and()</code> to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:</p> <pre lang="java"><code>JwtBuilder builder = Jwts.builder(); builder.audience().add("an-audience"); // no .and() call builder.compact(); // would not keep 'an-audience' </code></pre> <p>Now this code works as expected and all other <code>NestedCollection</code> instances like it apply changes immediately (e.g. when calling <code>.add(value)</code>).</p> <p>However, standard fluent builder chains are still recommended for readability when feasible, e.g.</p> <pre lang="java"><code>Jwts.builder() .audience().add("an-audience").and() // allows fluent chaining .subject("Joe") // etc... .compact() </code></pre> <p>These same notes are repeated in the <a href="https://github.com/jwtk/jjwt/blob/0.12.5/CHANGELOG.md">CHANGELOG</a>, and as always, project documentation is in the <a href="https://github.com/jwtk/jjwt/blob/0.12.5/README.md">README</a>.</p> <p>Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-api's changelog</a>.</em></p> <blockquote> <h3>0.12.5</h3> <p>This patch release:</p> <ul> <li> <p>Ensures that builders' <code>NestedCollection</code> changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call <code>.and()</code> to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:</p> <pre lang="java"><code>JwtBuilder builder = Jwts.builder(); builder.audience().add("an-audience"); // no .and() call builder.compact(); // would not keep 'an-audience' </code></pre> <p>Now this code works as expected and all other <code>NestedCollection</code> instances like it apply changes immediately (e.g. when calling <code>.add(value)</code>).</p> <p>However, standard fluent builder chains are still recommended for readability when feasible, e.g.</p> <pre lang="java"><code>Jwts.builder() .audience().add("an-audience").and() // allows fluent chaining .subject("Joe") // etc... .compact() </code></pre> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/916">Issue 916</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/2399e2fdc5e20fad9d71d6bcbfd126cce6521638"><code>2399e2f</code></a> [maven-release-plugin] prepare release 0.12.5</li> <li><a href="https://github.com/jwtk/jjwt/commit/8d3de658357b351587df3790b3b1372944ad1f2f"><code>8d3de65</code></a> Preparing for 0.12.5 release</li> <li><a href="https://github.com/jwtk/jjwt/commit/a0a123e848fc25a7920bcbd84615f639c4cc098a"><code>a0a123e</code></a> PR <a href="https://redirect.github.com/jwtk/jjwt/issues/917">#917</a></li> <li><a href="https://github.com/jwtk/jjwt/commit/afcd88983252b249204d53830dd03884050b41af"><code>afcd889</code></a> 0.12.4 staging (<a href="https://redirect.github.com/jwtk/jjwt/issues/913">#913</a>)</li> <li>See full diff in <a href="https://github.com/jwtk/jjwt/compare/0.12.4...0.12.5">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-impl` from 0.12.4 to 0.12.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-impl's releases</a>.</em></p> <blockquote> <h2>0.12.5</h2> <p>This release fixes issue <a href="https://redirect.github.com/jwtk/jjwt/issues/916">#916</a> and ensures that builders' <code>NestedCollection</code> changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call <code>.and()</code> to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:</p> <pre lang="java"><code>JwtBuilder builder = Jwts.builder(); builder.audience().add("an-audience"); // no .and() call builder.compact(); // would not keep 'an-audience' </code></pre> <p>Now this code works as expected and all other <code>NestedCollection</code> instances like it apply changes immediately (e.g. when calling <code>.add(value)</code>).</p> <p>However, standard fluent builder chains are still recommended for readability when feasible, e.g.</p> <pre lang="java"><code>Jwts.builder() .audience().add("an-audience").and() // allows fluent chaining .subject("Joe") // etc... .compact() </code></pre> <p>These same notes are repeated in the <a href="https://github.com/jwtk/jjwt/blob/0.12.5/CHANGELOG.md">CHANGELOG</a>, and as always, project documentation is in the <a href="https://github.com/jwtk/jjwt/blob/0.12.5/README.md">README</a>.</p> <p>Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-impl's changelog</a>.</em></p> <blockquote> <h3>0.12.5</h3> <p>This patch release:</p> <ul> <li> <p>Ensures that builders' <code>NestedCollection</code> changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call <code>.and()</code> to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:</p> <pre lang="java"><code>JwtBuilder builder = Jwts.builder(); builder.audience().add("an-audience"); // no .and() call builder.compact(); // would not keep 'an-audience' </code></pre> <p>Now this code works as expected and all other <code>NestedCollection</code> instances like it apply changes immediately (e.g. when calling <code>.add(value)</code>).</p> <p>However, standard fluent builder chains are still recommended for readability when feasible, e.g.</p> <pre lang="java"><code>Jwts.builder() .audience().add("an-audience").and() // allows fluent chaining .subject("Joe") // etc... .compact() </code></pre> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/916">Issue 916</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/2399e2fdc5e20fad9d71d6bcbfd126cce6521638"><code>2399e2f</code></a> [maven-release-plugin] prepare release 0.12.5</li> <li><a href="https://github.com/jwtk/jjwt/commit/8d3de658357b351587df3790b3b1372944ad1f2f"><code>8d3de65</code></a> Preparing for 0.12.5 release</li> <li><a href="https://github.com/jwtk/jjwt/commit/a0a123e848fc25a7920bcbd84615f639c4cc098a"><code>a0a123e</code></a> PR <a href="https://redirect.github.com/jwtk/jjwt/issues/917">#917</a></li> <li><a href="https://github.com/jwtk/jjwt/commit/afcd88983252b249204d53830dd03884050b41af"><code>afcd889</code></a> 0.12.4 staging (<a href="https://redirect.github.com/jwtk/jjwt/issues/913">#913</a>)</li> <li>See full diff in <a href="https://github.com/jwtk/jjwt/compare/0.12.4...0.12.5">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-jackson` from 0.12.4 to 0.12.5 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…arch-project#4012) Bumps org.apache.camel:camel-xmlsecurity from 3.22.0 to 3.22.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.camel:camel-xmlsecurity&package-manager=gradle&previous-version=3.22.0&new-version=3.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…roject#4013) Bumps com.netflix.nebula.ospackage from 11.6.0 to 11.7.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.netflix.nebula.ospackage&package-manager=gradle&previous-version=11.6.0&new-version=11.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…h-project#4014) Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.10.1 to 5.10.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/junit-team/junit5/releases">org.junit.jupiter:junit-jupiter's releases</a>.</em></p> <blockquote> <p>JUnit 5.10.2 = Platform 1.10.2 + Jupiter 5.10.2 + Vintage 5.10.2</p> <p>See <a href="http://junit.org/junit5/docs/5.10.2/release-notes/">Release Notes</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2">https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/junit-team/junit5/commit/4c0dddad1b96d4a20e92a2cd583954643ac56ac0"><code>4c0ddda</code></a> Release 5.10.2</li> <li><a href="https://github.com/junit-team/junit5/commit/463a14773d884f2bf31f073a87bef9d0938872db"><code>463a147</code></a> Finalize release notes for 5.10.2</li> <li><a href="https://github.com/junit-team/junit5/commit/43c105a246c0130d08145335cb9986236e2a8465"><code>43c105a</code></a> Revert "Apply method predicate before searching type hierarchy"</li> <li><a href="https://github.com/junit-team/junit5/commit/63d464d1e10a62743fe4024436ef1e006a89df72"><code>63d464d</code></a> Revert "Harmonize application of method and field filters in search algorithms"</li> <li><a href="https://github.com/junit-team/junit5/commit/85ec2fccb32a51fbe6ff966e25726c94a67dd418"><code>85ec2fc</code></a> Revert "Apply field predicate before searching type hierarchy"</li> <li><a href="https://github.com/junit-team/junit5/commit/6209006a7693dbf6f680a5ac4541aba86c9da899"><code>6209006</code></a> Update release notes</li> <li><a href="https://github.com/junit-team/junit5/commit/5ee499f0e0029dbd1120ecf889bd214e2082c589"><code>5ee499f</code></a> Fix CI build</li> <li><a href="https://github.com/junit-team/junit5/commit/d919ba71ea4c3b1e60f2d21473ba31ff0f6857ab"><code>d919ba7</code></a> Namespace user-specific build parameters</li> <li><a href="https://github.com/junit-team/junit5/commit/e26cd83ed307ef100399ced9985f04612931984b"><code>e26cd83</code></a> Prepare release notes for 5.10.2</li> <li><a href="https://github.com/junit-team/junit5/commit/ec8d4282c60f480d3de264330b37e75b1b8d05d9"><code>ec8d428</code></a> Include LauncherInterceptor in launcher module declaration</li> <li>Additional commits viewable in <a href="https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.jupiter:junit-jupiter&package-manager=gradle&previous-version=5.10.1&new-version=5.10.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…4016) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/release-drafter/release-drafter/releases">release-drafter/release-drafter's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h1>What's Changed</h1> <ul> <li>Update Node.js to 20 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1379">#1379</a>) <a href="https://github.com/massongit"><code>@massongit</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v5.25.0...v6.0.0">https://github.com/release-drafter/release-drafter/compare/v5.25.0...v6.0.0</a></p> <h2>v6.0.0-beta.1</h2> <p>Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: <a href="https://redirect.github.com/release-drafter/release-drafter/pull/1204">release-drafter/release-drafter#1204</a></p> <h2>v5.25.0</h2> <h1>What's Changed</h1> <h2>New</h2> <ul> <li>add prerelease increment behavior (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1303">#1303</a>) <a href="https://github.com/neilime"><code>@neilime</code></a></li> <li>add latest input (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1348">#1348</a>) <a href="https://github.com/o-mago"><code>@o-mago</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v5.24.0...v5.25.0">https://github.com/release-drafter/release-drafter/compare/v5.24.0...v5.25.0</a></p> <h2>v5.24.0</h2> <h1>What's Changed</h1> <h2>New</h2> <ul> <li>Add release version to github action output (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1300">#1300</a>) <a href="https://github.com/mehdihadeli"><code>@mehdihadeli</code></a></li> </ul> <h2>Bug Fixes</h2> <ul> <li>fix(release): strip prefix before comparing version (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1255">#1255</a>) <a href="https://github.com/neilime"><code>@neilime</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v5.23.0...v5.24.0">https://github.com/release-drafter/release-drafter/compare/v5.23.0...v5.24.0</a></p> <h2>v5.23.0</h2> <h1>What's Changed</h1> <h2>New</h2> <ul> <li>Add <code>include-pre-releases</code> configuration option (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1302">#1302</a>) <a href="https://github.com/robbinjanssen"><code>@robbinjanssen</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v5.22.0...v5.23.0">https://github.com/release-drafter/release-drafter/compare/v5.22.0...v5.23.0</a></p> <h2>v5.22.0</h2> <h1>What's Changed</h1> <h2>New</h2> <ul> <li>Only use last full release when drafting (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1240">#1240</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/release-drafter/release-drafter/commit/3f0f87098bd6b5c5b9a36d49c41d998ea58f9348"><code>3f0f870</code></a> v6.0.0</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/80296b4fbaeb08e43a2b957e188b283a20776b3b"><code>80296b4</code></a> Update Node.js to 20 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1379">#1379</a>)</li> <li>See full diff in <a href="https://github.com/release-drafter/release-drafter/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=release-drafter/release-drafter&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Chenyang Ji <cyji@amazon.com>

…ect#4023) Signed-off-by: Craig Perkins <cwperx@amazon.com>

…uration (opensearch-project#4024) ### Description Redacts the field `password` when calling `GET /_plugins/_security/api/securityconfig`. Redacting the field through the API will also ensure that it doesn't get displayed on OSD. **Note**: This value would only be displayed to users with access to the security pages. <img width="471" alt="Screenshot 2024-02-05 at 3 27 34 PM" src="https://github.com/opensearch-project/security/assets/17432265/7cd93f70-9eb9-4ac2-859c-00a7bfb56718"> * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Enhancement ### Issues Resolved - opensearch-project#4004 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

### Description Add release notes for 2.12.0.0 release * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Documentation ### Issues Resolved - opensearch-project#3513 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

…feature (opensearch-project#4027) Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

…roject#4040) Bumps com.netflix.nebula.ospackage from 11.7.0 to 11.8.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [Wandalen/wretry.action](https://github.com/wandalen/wretry.action) from 1.3.0 to 1.4.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Wandalen/wretry.action/commit/62451a214c01d1b0136b4f87289d840b30d67b98"><code>62451a2</code></a> version 1.4.4</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/b0dafbbe7afcdf834bcc9cea44c3ab36f3d6d998"><code>b0dafbb</code></a> Update build file, add missed dependencies</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/50600a260214594b7300f5977d10b70fec5713b6"><code>50600a2</code></a> version 1.4.3</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/2b81ed10c3cc2d3ef8835d2ef8f4680f7e0c43a3"><code>2b81ed1</code></a> Update build file, add missed dependencies</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/e9055066d72d2369a461fe647b0cd888d0650401"><code>e905506</code></a> version 1.4.2</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/560268f8f6a47848a743dee21f435c9ddbbfeaec"><code>560268f</code></a> version 1.4.1</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/c04b3380d37a864a165edf448f052814ff31d09c"><code>c04b338</code></a> Update readme.md</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/5d5a9bd4204a45a0a541d7f156fde98f57266582"><code>5d5a9bd</code></a> version 1.4.0</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/7bef43bf04dbc821f1691c0401ea854516a66c60"><code>7bef43b</code></a> Merge pull request <a href="https://redirect.github.com/wandalen/wretry.action/issues/112">#112</a> from dmvict/add_option</li> <li><a href="https://github.com/Wandalen/wretry.action/commit/47ca1fc249e1815602642f9a28c016d8c02818eb"><code>47ca1fc</code></a> Update readme.md</li> <li>Additional commits viewable in <a href="https://github.com/wandalen/wretry.action/compare/v1.3.0...v1.4.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Wandalen/wretry.action&package-manager=github_actions&previous-version=1.3.0&new-version=1.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…oject#4039) Bumps [commons-codec:commons-codec](https://github.com/apache/commons-codec) from 1.16.0 to 1.16.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt">commons-codec:commons-codec's changelog</a>.</em></p> <blockquote> <p>Apache Commons Codec 1.16.1 RELEASE NOTES</p> <p>The Apache Commons Codec component contains encoder and decoders for various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.</p> <p>Feature and fix release. Requires a minimum of Java 8.</p> <p>Changes in this version include:</p> <p>New features: o Add Maven property project.build.outputTimestamp for build reproducibility. Thanks to Gary Gregory.</p> <p>Fixed Bugs: o CODEC-295: Test clean ups. Thanks to Gary Gregory. o [StepSecurity] ci: Harden GitHub Actions <a href="https://redirect.github.com/apache/commons-codec/issues/187">#187</a>. Thanks to step-security-bot, Gary Gregory. o CODEC-295: Correct error in Base64 Javadoc <a href="https://redirect.github.com/apache/commons-codec/issues/188">#188</a>. Thanks to Evan Saulpaugh. o CODEC-295: Add minimum Java version in changes.xml <a href="https://redirect.github.com/apache/commons-codec/issues/186">#186</a>. Thanks to Olivier Jaquemet, Gary Gregory. o CODEC-310: Documentation update for the org.apache.commons.codec.digest.* package <a href="https://redirect.github.com/apache/commons-codec/issues/208">#208</a>. Thanks to Yakov Shafranovich. o Precompile regular expression in UnixCrypt.crypt(byte[], String). Thanks to Gary Gregory. o CODEC-315: Fix possible IndexOutOfBoundException in PhoneticEngine.encode method <a href="https://redirect.github.com/apache/commons-codec/issues/223">#223</a>. Thanks to Arthur Chan, Gary Gregory. o CODEC-313: Fix possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method <a href="https://redirect.github.com/apache/commons-codec/issues/221">#221</a>. Thanks to Arthur Chan, Gary Gregory. o CODEC-312: Fix possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method <a href="https://redirect.github.com/apache/commons-codec/issues/220">#220</a>. Thanks to Arthur Chan, Gary Gregory. o CODEC-311: Fix possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() <a href="https://redirect.github.com/apache/commons-codec/issues/219">#219</a>. Thanks to Arthur Chan, Gary Gregory. o CODEC-314: Fix possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method <a href="https://redirect.github.com/apache/commons-codec/issues/222">#222</a>. Thanks to Arthur Chan, Gary Gregory. o Deprecate UnixCrypt 0-argument constructor. Thanks to Gary Gregory. o Deprecate Md5Crypt 0-argument constructor. Thanks to Gary Gregory. o Deprecate Crypt 0-argument constructor. Thanks to Gary Gregory. o Deprecate StringUtils 0-argument constructor. Thanks to Gary Gregory. o Deprecate Resources 0-argument constructor. Thanks to Gary Gregory. o Deprecate Charsets 0-argument constructor. Thanks to Gary Gregory. o Deprecate CharEncoding 0-argument constructor. Thanks to Gary Gregory. o Add missing version for animal-sniffer-maven-plugin. Thanks to Gary Gregory.</p> <p>Changes: o Bump commons-parent from 58 to 66. Thanks to Dependabot, Gary Gregory. o Bump commons-lang3 from 3.12.0 to 3.14.0. Thanks to Gary Gregory. o Bump commons-io from 2.13.0 to 2.15.1. Thanks to Gary Gregory.</p> <p>For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:</p> <p><a href="https://commons.apache.org/proper/commons-codec/">https://commons.apache.org/proper/commons-codec/</a></p> <p>Download page: <a href="https://commons.apache.org/proper/commons-codec/download_codec.cgi">https://commons.apache.org/proper/commons-codec/download_codec.cgi</a></p> <hr />  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/commons-codec/commit/e59fc76531141cb4a36f3031457b9d5f07e5e43f"><code>e59fc76</code></a> Prepare release candidate</li> <li><a href="https://github.com/apache/commons-codec/commit/90c8023be911b42bab20b31b0e325174df0ee452"><code>90c8023</code></a> Prepare for the next release candidate</li> <li><a href="https://github.com/apache/commons-codec/commit/05714adcf957e7a7644a71cd82de30145288ff38"><code>05714ad</code></a> Prepare release candidate</li> <li><a href="https://github.com/apache/commons-codec/commit/060be1a1ca4b229ab348618ecae506a65543356f"><code>060be1a</code></a> Add missing version for animal-sniffer-maven-plugin</li> <li><a href="https://github.com/apache/commons-codec/commit/0fd7b59fb1dbd67260429e1d75789fca92ab8a6f"><code>0fd7b59</code></a> Remove variable assignment just before returning it</li> <li><a href="https://github.com/apache/commons-codec/commit/19649cdafdd780cbb7805f73e1e02c4d0fd549ff"><code>19649cd</code></a> Add Maven property project.build.outputTimestamp for build</li> <li><a href="https://github.com/apache/commons-codec/commit/6d92b6acfc8db2bf04115ad0934934a59aa4219f"><code>6d92b6a</code></a> Bump org.apache.commons:commons-parent from 65 to 66 <a href="https://redirect.github.com/apache/commons-codec/issues/239">#239</a></li> <li><a href="https://github.com/apache/commons-codec/commit/a76c362b5a54227717e82c198165eac49297e571"><code>a76c362</code></a> Bump org.apache.commons:commons-parent from 65 to 66 (<a href="https://redirect.github.com/apache/commons-codec/issues/239">#239</a>)</li> <li><a href="https://github.com/apache/commons-codec/commit/0aee0c82e310e99eebbe7b0909464981054ecf36"><code>0aee0c8</code></a> Add property project.build.outputTimestamp for build reproducibility</li> <li><a href="https://github.com/apache/commons-codec/commit/d322ef089f97f570b0706417c2f9e2a3921e225c"><code>d322ef0</code></a> Bump codecov/codecov-action from 3.1.5 to 4.0.1 (<a href="https://redirect.github.com/apache/commons-codec/issues/238">#238</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/commons-codec/compare/rel/commons-codec-1.16.0...rel/commons-codec-1.16.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-codec:commons-codec&package-manager=gradle&previous-version=1.16.0&new-version=1.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…kend (opensearch-project#4025) Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>

…oject#4049) ### Description [Describe what this change achieves] This change adds an exclusion for the transitive logback-core dependency that the Security plugin was still using as a test dependency. This should resolve the flagging of CVE-2023-6378 even though we should not have been directly impacted. ### Check List - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <steecraw@amazon.com>

…project#4052) ### Description [Describe what this change achieves] Following: opensearch-project/OpenSearch#12317 in core, this PR increases the version used for bouncycastle in the Security plugin. This is an attempt to correct the intermittent failures described here: [opensearch-project#3299](opensearch-project#3299) ### Check List - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <steecraw@amazon.com>

…5.0 (opensearch-project#4057) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Derek Ho <dxho@amazon.com>

DarshitChanpura and others added 30 commits August 31, 2023 15:14

dependabot: bump com.diffplug.spotless from 6.20.0 to 6.21.0 (opensea…

7c61fd9

…rch-project#3295) Bumps com.diffplug.spotless from 6.20.0 to 6.21.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Use version of org.apache.commons:commons-lang3 defined in core (open…

fd3a143

…search-project#3306) Use version of org.apache.commons:commons-lang3 defined in core Signed-off-by: Craig Perkins <cwperx@amazon.com>

Add tracer for getHttpTransports (opensearch-project#3338)

c9e109f

Add tracer for getHttpTransports - Related Add Tracing Instrumentation at Network and Rest layer OpenSearch#9415 Signed-off-by: Ryan Liang <jiallian@amazon.com>

dblock and others added 25 commits January 23, 2024 12:00

[BUG-2556] Add new DLS filtering test (opensearch-project#3908)

c06365c

Signed-off-by: Prabhas Kurapati <prabhask@berkeley.edu>

Add additional sendRequestDecorate cases (opensearch-project#3920)

9187da1

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

Admin role for Query insights plugin (opensearch-project#4006)

6b9ded2

Signed-off-by: Chenyang Ji <cyji@amazon.com>

Update TRIAGING.md with new time for triage meetings (opensearch-proj…

321604c

…ect#4023) Signed-off-by: Craig Perkins <cwperx@amazon.com>

v2.12 update roles.yml with new API for experimental alerting plugin …

ca4eedf

…feature (opensearch-project#4027) Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

Bump com.netflix.nebula.ospackage from 11.7.0 to 11.8.0 (opensearch-p…

f5c260e

…roject#4040) Bumps com.netflix.nebula.ospackage from 11.7.0 to 11.8.0. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Add exclude_roles configuration parameter to LDAP authorization bac…

0bb31ca

…kend (opensearch-project#4025) Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>

Bump com.google.errorprone:error_prone_annotations from 2.24.1 to 2.2…

9fa0737

…5.0 (opensearch-project#4057) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump spring_version from 5.3.31 to 5.3.32 (opensearch-project#4056)

bd3415a

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

derek-ho force-pushed the generalize-workflow branch from 19ca6c0 to ca45944 Compare February 20, 2024 17:15

Use generalized workflow

a3c9b89

Signed-off-by: Derek Ho <dxho@amazon.com>

derek-ho force-pushed the generalize-workflow branch from 2462784 to a3c9b89 Compare February 21, 2024 18:38

Use PWD

269afea

Signed-off-by: Derek Ho <dxho@amazon.com>

derek-ho closed this Feb 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generalize workflow #1

Generalize workflow #1

derek-ho commented Feb 17, 2024

Generalize workflow #1

Generalize workflow #1

Conversation

derek-ho commented Feb 17, 2024

Description

Issues Resolved

Testing

Check List