Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.3] Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE. #602 #603

Merged
merged 30 commits into from
Feb 29, 2024
Merged

[Backport 1.3] Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE. #602 #603

merged 30 commits into from
Feb 29, 2024

Conversation

AWSHurneyt
Copy link
Collaborator

Description

Manual backport of PR #602

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@AWSHurneyt AWSHurneyt added the v1.3.15 Issues targeting release v1.3.15 label Feb 29, 2024
@AWSHurneyt AWSHurneyt changed the base branch from main to 1.3 February 29, 2024 00:28
adityaj1107 and others added 19 commits February 28, 2024 16:29
@adityaj1107 @zhongnansu
@dai-chen @joshuali925 @AWSHurneyt
Merge changes in the main branch to the 1.x branch. (opensearch-proje…
10ac92e 
…ct#42)

* Update Release Notes for GA (opensearch-project#36)

* Update Release Notes for GA

* Update Release Notes for GA include RC1 Changes as well.

Signed-off-by: Aditya Jindal <aditjind@amazon.com>

* add method type in CustomWebhook data model (opensearch-project#39)

Signed-off-by: Zhongnan Su <szhongna@amazon.com>

* Fix class loader issue for notifications response (opensearch-project#40)

* Fix class loader issue for notifications

Signed-off-by: Joshua Li <joshuali925@gmail.com>

* Fix formatting

Signed-off-by: Joshua Li <joshuali925@gmail.com>

* Refactor creation of action listener object

Signed-off-by: Joshua Li <joshuali925@gmail.com>

* Fix indentation

Signed-off-by: Joshua Li <joshuali925@gmail.com>

* Remove unused suppresses

Signed-off-by: Joshua Li <joshuali925@gmail.com>

* Add UT for notification API

Signed-off-by: Chen Dai <daichen@amazon.com>

* Add UT for notification API

Signed-off-by: Chen Dai <daichen@amazon.com>

* Add UT for send notification API

Signed-off-by: Chen Dai <daichen@amazon.com>

* Fix Github workflow failure

Signed-off-by: Chen Dai <daichen@amazon.com>

* Fix Github workflow failure

Signed-off-by: Chen Dai <daichen@amazon.com>

* Refactor UT code

Signed-off-by: Chen Dai <daichen@amazon.com>

Co-authored-by: Joshua Li <joshuali925@gmail.com>

Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Chen Dai <46505291+dai-chen@users.noreply.github.com>
Co-authored-by: Joshua Li <joshuali925@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@saratvemulapalli @AWSHurneyt
[1.x] Bumping common-utils to build with OpenSearch(1.x) 1.1.0 (opens…
800c0d5 
…earch-project#52)

* Bumping common-utils to build with OpenSearch(main) 1.1.0 (opensearch-project#48)

Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>

* Updating 1.x to work with OpenSearch 1.x

Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@skkosuri-amzn @adityaj1107
@VachaShah @dblock @bowenlan-amzn @thalurur @AWSHurneyt
Backport 1.1 changes to 1.x (opensearch-project#72)
694781e 
* Add Commits related to Snapshot build of Common Utils on 1.1 (opensearch-project#67)

* Using 1.1 snapshot version for OpenSearch (opensearch-project#57)

Signed-off-by: Vacha <vachshah@amazon.com>

* Build snapshot build by default with the same version as OpenSearch. (opensearch-project#58)

Signed-off-by: dblock <dblock@amazon.com>

* Update build.gradle to reflect 1.1.0.0 version

Co-authored-by: Vacha <vachshah@amazon.com>
Co-authored-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>

* Build snapshot build by default with the same version as OpenSearch. (opensearch-project#58) (opensearch-project#69)

Signed-off-by: dblock <dblock@amazon.com>

* Adding an utility method that allows consumers to set custom thread context property in InjectSecurity class (opensearch-project#47) (opensearch-project#70)

Signed-off-by: Ravi Thaluru <ravi1092@gmail.com>

Co-authored-by: Ravi <6005951+thalurur@users.noreply.github.com>

* Add release notes for version 1.1.0.0

* Add release notes for version 1.1.0.0

Co-authored-by: Aditya Jindal <13850971+aditjind@users.noreply.github.com>
Co-authored-by: Vacha <vachshah@amazon.com>
Co-authored-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>
Co-authored-by: Bowen Lan <62091230+bowenlan-amzn@users.noreply.github.com>
Co-authored-by: Ravi <6005951+thalurur@users.noreply.github.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@lezzago @downsrob
@dblock @qreshi @mch2 @AWSHurneyt
Backport main changes to 1.x (opensearch-project#93)
a6987af 
* Add themed logo to README (opensearch-project#41)

Signed-off-by: Miki <mehranb@amazon.com>

* Updates common-utils version to 1.2 (opensearch-project#77)

* Updates common-utils version to 1.2 and Uses Maven for 1.2 dependencies

Signed-off-by: Clay Downs <downsrob@amazon.com>

* Publish .md5 and .sha1 signatures. (opensearch-project#79) (opensearch-project#80)

* Publish .md5 and .sha1 signatures.

Signed-off-by: dblock <dblock@dblock.org>

* Use OpenSearch 1.1.

Signed-off-by: dblock <dblock@dblock.org>

* Publish source and javadoc checksums. (opensearch-project#81)

Signed-off-by: dblock <dblock@dblock.org>

* Update copyright notice (opensearch-project#90)

Signed-off-by: Mohammad Qureshi <qreshi@amazon.com>

* Update maven publication to include cksums. (opensearch-project#91)

This change adds a local staging repo task that will include cksums.  It will also update build.sh to use this new task and copy the contents of the staging repo to the output directory.
The maven publish plugin will not include these cksums when publishing to maven local but will when published to a separate folder.

Signed-off-by: Marc Handalian <handalm@amazon.com>

* Add release notes for version 1.2.0.0 (opensearch-project#92)

* Add release notes for version 1.2.0.0

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>

Co-authored-by: Miki <mehranb@amazon.com>
Co-authored-by: Clay Downs <89109232+downsrob@users.noreply.github.com>
Co-authored-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>
Co-authored-by: Mohammad Qureshi <47198598+qreshi@users.noreply.github.com>
Co-authored-by: Marc Handalian <handalm@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@getsaurabh02 @lezzago
@mch2 @ryanbogan @dblock @peternied @VachaShah @dbbaughe @mend-for-github-com @AWSHurneyt
Backport main changes to 1.x (opensearch-project#126)
1a8a885 
* Fix copyright notice and add DCO check workflow (opensearch-project#94)

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>

* Update build.sh script to include optional platform param. (opensearch-project#95)

Signed-off-by: Marc Handalian <handalm@amazon.com>

* Add codeowners support for repo (opensearch-project#96)

Signed-off-by: Ryan Bogan <10944539+ryanbogan@users.noreply.github.com>

* Bump version to 1.3 (opensearch-project#99)

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>

* Auto-increment version on new release tags. (opensearch-project#106)

Signed-off-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>

* Remove jcenter repository (opensearch-project#115)

Signed-off-by: Peter Nied <peternied@hotmail.com>

* Using Github App token to trigger CI for version increment PRs (opensearch-project#116)

Signed-off-by: Vacha Shah <vachshah@amazon.com>

* Fixes copyright headers (opensearch-project#117)

Signed-off-by: Drew Baugher <46505179+dbbaughe@users.noreply.github.com>

* Remove jcenter repository missed on first pass (opensearch-project#118)

Signed-off-by: Peter Nied <petern@amazon.com>

* Run CI/CD on Java 8, 11, 14 and 17. (opensearch-project#121)

* Run CI/CD on Java 8, 11, 14 and 17.

Signed-off-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>

* Add JDK 17.

Signed-off-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>

* Add .whitesource configuration file (opensearch-project#109)

Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>

Co-authored-by: Ashish Agrawal <ashisagr@amazon.com>
Co-authored-by: Marc Handalian <handalm@amazon.com>
Co-authored-by: Ryan Bogan <10944539+ryanbogan@users.noreply.github.com>
Co-authored-by: Daniel Doubrovkine (dB.) <dblock@dblock.org>
Co-authored-by: Peter Nied <peternied@hotmail.com>
Co-authored-by: Vacha Shah <vachshah@amazon.com>
Co-authored-by: Drew Baugher <46505179+dbbaughe@users.noreply.github.com>
Co-authored-by: Peter Nied <petern@amazon.com>
Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@getsaurabh02 @AWSHurneyt
Add release notes for version 1.3.0.0 (opensearch-project#134)
fac9347 
Signed-off-by: Saurabh Singh <sisurab@amazon.com>

Co-authored-by: Saurabh Singh <sisurab@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@gaiksaya @AWSHurneyt
Bump version to 1.3.1 (opensearch-project#145)
9701933 
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Incremented version to 1.3.2 (opensearch-project#148)
4a1a6d0 
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>

Co-authored-by: opensearch-ci-bot <opensearch-ci-bot@users.noreply.github.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @VachaShah @AWSHurneyt
Adding signoff option for version workflow PR (opensearch-project#143) (
91e387a 
opensearch-project#150)

Signed-off-by: Vacha Shah <vachshah@amazon.com>
(cherry picked from commit 6e78f69)

Co-authored-by: Vacha Shah <vachshah@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@dblock @AWSHurneyt
Incremented version to 1.3.3. (opensearch-project#180)
e759eaf 
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@zelinh @AWSHurneyt
Incremented version to 1.3.4. (opensearch-project#198)
b34e23c 
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @prudhvigodithi @AWSHurneyt
Staging for version increment automation (opensearch-project#200) (op…
281bb54 
…ensearch-project#208)

* Version increment automation

Signed-off-by: pgodithi <pgodithi@amazon.com>

* Version increment automation: task rename updateVersion

Signed-off-by: pgodithi <pgodithi@amazon.com>
(cherry picked from commit 366bf16)
Signed-off-by: prudhvigodithi <pgodithi@amazon.com>

Signed-off-by: pgodithi <pgodithi@amazon.com>
Signed-off-by: prudhvigodithi <pgodithi@amazon.com>
Co-authored-by: Prudhvi Godithi <pgodithi@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@prudhvigodithi @AWSHurneyt
release 1.3.5 (opensearch-project#219)
c73cbc7 
Signed-off-by: prudhvigodithi <pgodithi@amazon.com>

Signed-off-by: prudhvigodithi <pgodithi@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @AWSHurneyt
Increment version to 1.3.6-SNAPSHOT (opensearch-project#243)
b6e99b5 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @peterzhuamazon @AWSHurneyt
Change TrustStoreTest to use File.separator to support Windows path (o…
9b54a95 
…pensearch-project#258) (opensearch-project#260)

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
(cherry picked from commit 7dcb3a0)

Co-authored-by: Peter Zhu <zhujiaxi@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@sbcd90 @AWSHurneyt
disable detekt so that snakeyaml <= 1.31 is not used (opensearch-proj…
dfd68f8 
…ect#266)

* disable detekt so that snakeyaml <= 1.31 is not used

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@sbcd90 @AWSHurneyt
add release-notes for 1.3.6 (opensearch-project#267)
686e180 
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot
@peterzhuamazon @AWSHurneyt
[AUTO] Increment version to 1.3.7-SNAPSHOT (opensearch-project#276)
01d719d 
* Increment version to 1.3.7-SNAPSHOT

Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>

* empty commit trigger

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: Peter Zhu <zhujiaxi@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@sbcd90 @eirsep @AWSHurneyt
Adding CI workflow for Windows OS (opensearch-project#333)
1770dab 
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
Co-authored-by: Surya Sashank Nistala <sashank.nistala@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
opensearch-trigger-bot bot and others added 10 commits February 28, 2024 16:29
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.8-SNAPSHOT (opensearch-project#338)
292c4ce 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>

Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @cwperks @AWSHurneyt
Add auto-release workflow (opensearch-project#376) (opensearch-projec…
1d06557 
…t#377)

Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit 89b7457)

Co-authored-by: Craig Perkins <craig5008@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.9-SNAPSHOT (opensearch-project#355)
d620c32 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Incremented version to 1.3.10 (opensearch-project#388)
384af9e 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: opensearch-ci-bot <opensearch-ci-bot@users.noreply.github.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.11-SNAPSHOT (opensearch-project#453)
57a5a2c 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.12-SNAPSHOT (opensearch-project#471)
a628e45 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.13-SNAPSHOT (opensearch-project#504)
33f5f7a 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot @AWSHurneyt
Increment version to 1.3.14-SNAPSHOT (opensearch-project#540)
2b56ba4 
Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@opensearch-trigger-bot @opensearch-ci-bot
@lezzago @AWSHurneyt
[AUTO] Increment version to 1.3.15-SNAPSHOT (opensearch-project#575)
a45cd3c 
* Increment version to 1.3.15-SNAPSHOT

Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>

* Empty-Commit

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>

* Remove jdk 8 CI test

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>

---------

Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com>
Co-authored-by: Ashish Agrawal <ashisagr@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 …
10966b8 
…to address CVE. (opensearch-project#602)

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Merge branch '1.3' into 1.3-pr602-backport
aa44b3f 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt AWSHurneyt merged commit a0baf55 into opensearch-project:1.3 Feb 29, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@engechas engechas engechas approved these changes

@lezzago lezzago lezzago approved these changes

@qreshi qreshi Awaiting requested review from qreshi

@bowenlan-amzn bowenlan-amzn Awaiting requested review from bowenlan-amzn

@rishabhmaurya rishabhmaurya Awaiting requested review from rishabhmaurya

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02

@eirsep eirsep Awaiting requested review from eirsep

@sbcd90 sbcd90 Awaiting requested review from sbcd90

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn

Assignees
No one assigned
Labels
v1.3.15 Issues targeting release v1.3.15
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.