From 26e66731a23fb6ab422e53d590a320003f340c62 Mon Sep 17 00:00:00 2001 From: lprimak Date: Mon, 8 Jan 2024 00:15:44 -0600 Subject: [PATCH 001/166] bugfix(jakarta-ee-integration): removed chrome and gecko driver system property propagation from failsafe config --- integration-tests/jakarta-ee/pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/integration-tests/jakarta-ee/pom.xml b/integration-tests/jakarta-ee/pom.xml index 29502708c2..df3675ec1f 100644 --- a/integration-tests/jakarta-ee/pom.xml +++ b/integration-tests/jakarta-ee/pom.xml @@ -242,9 +242,7 @@ ${gh_user} ${gh_token} ${webdriver.browser} - ${webdriver.chrome.driver} ${webdriver.chrome.binary} - ${webdriver.gecko.driver} ${webdriver.firefox.binary} ${failsafe.argLine} ${payara.argLine} From 2629e0a0d0b762131be487fbcc268919887e6d7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 18:01:18 +0000 Subject: [PATCH 002/166] build(deps): bump org.owasp:dependency-check-maven from 9.0.7 to 9.0.8 Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 9.0.7 to 9.0.8. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/jeremylong/DependencyCheck/compare/v9.0.7...v9.0.8) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e3302b3fd3..ce8546cab3 100644 --- a/pom.xml +++ b/pom.xml @@ -415,7 +415,7 @@ org.owasp dependency-check-maven - 9.0.7 + 9.0.8 com.github.siom79.japicmp From 4d9c520be153ae4deb821d4364a5a5625d4aa32d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:08:53 +0000 Subject: [PATCH 003/166] build(deps): bump slf4j.version from 2.0.10 to 2.0.11 Bumps `slf4j.version` from 2.0.10 to 2.0.11. Updates `org.slf4j:slf4j-api` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-simple` from 2.0.10 to 2.0.11 Updates `org.slf4j:jcl-over-slf4j` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-jdk14` from 2.0.10 to 2.0.11 Updates `org.slf4j:slf4j-reload4j` from 2.0.10 to 2.0.11 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:jcl-over-slf4j dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-jdk14 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-reload4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- integration-tests/meecrowave-support/pom.xml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-tests/meecrowave-support/pom.xml b/integration-tests/meecrowave-support/pom.xml index cddabfe34d..ba56ef3722 100644 --- a/integration-tests/meecrowave-support/pom.xml +++ b/integration-tests/meecrowave-support/pom.xml @@ -60,7 +60,7 @@ org.slf4j jcl-over-slf4j - 2.0.10 + 2.0.11 runtime diff --git a/pom.xml b/pom.xml index ce8546cab3..3e46d1fe50 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,7 @@ 2.3.2 - 2.0.10 + 2.0.11 2.22.1 5.3.31 2.7.18 From 7998e0cf5035c112212dc61462bc9accb38a13a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:09:36 +0000 Subject: [PATCH 004/166] build(deps-dev): bump tomcat.version from 10.1.17 to 10.1.18 Bumps `tomcat.version` from 10.1.17 to 10.1.18. Updates `org.apache.tomcat:tomcat-jasper` from 10.1.17 to 10.1.18 Updates `org.apache.tomcat:tomcat-jasper-el` from 10.1.17 to 10.1.18 --- updated-dependencies: - dependency-name: org.apache.tomcat:tomcat-jasper dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.tomcat:tomcat-jasper-el dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- samples/web-jakarta/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/web-jakarta/pom.xml b/samples/web-jakarta/pom.xml index ff95cb60c9..1389e13890 100644 --- a/samples/web-jakarta/pom.xml +++ b/samples/web-jakarta/pom.xml @@ -33,7 +33,7 @@ 1.2.15 - 10.1.17 + 10.1.18 true From bb2bdbcdcb2432fff0cd997f60ba45c3748bd1c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:11:06 +0000 Subject: [PATCH 005/166] build(deps): bump org.apache.rat:apache-rat-plugin from 0.15 to 0.16 Bumps org.apache.rat:apache-rat-plugin from 0.15 to 0.16. --- updated-dependencies: - dependency-name: org.apache.rat:apache-rat-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ce8546cab3..6888a50a62 100644 --- a/pom.xml +++ b/pom.xml @@ -1498,7 +1498,7 @@ org.apache.rat apache-rat-plugin - 0.15 + 0.16 false From fb245f8d117c84ab5d09350462312b4ffb6652d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 17:06:21 +0000 Subject: [PATCH 006/166] build(deps): bump actions/cache from 3.3.2 to 3.3.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d6586a72ab..3f660c9349 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Cache local Maven repository - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2 + uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c #v3.3.3 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} From 3666422e62654de3f8b0f5ceac991944d33efef4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 17:29:37 +0000 Subject: [PATCH 007/166] build(deps): bump org.apache.karaf.features:framework Bumps org.apache.karaf.features:framework from 4.4.4 to 4.4.5. --- updated-dependencies: - dependency-name: org.apache.karaf.features:framework dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- support/features/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/features/pom.xml b/support/features/pom.xml index 4918f6ca03..e9ecda6087 100644 --- a/support/features/pom.xml +++ b/support/features/pom.xml @@ -40,7 +40,7 @@ 3.2.2 - 4.4.4 + 4.4.5 From 5d77228bed015985da5ac5afdb9ed54f97017c4f Mon Sep 17 00:00:00 2001 From: lprimak Date: Thu, 11 Jan 2024 22:13:07 -0600 Subject: [PATCH 008/166] enh(jakarta-ee): added system properties to override resubmit URI bugfix(jakarta-ee): fixed secure-cookie configuration logic --- .../shiro/ee/filters/FormResubmitSupport.java | 42 +++++++++++++++---- .../listeners/EnvironmentLoaderListener.java | 4 +- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java index 8ef3c8e39a..673db571b7 100644 --- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java +++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java @@ -29,6 +29,7 @@ import static org.apache.shiro.ee.filters.FormResubmitSupportCookies.deleteCookie; import static org.apache.shiro.ee.filters.FormResubmitSupportCookies.getCookieAge; import static org.apache.shiro.ee.filters.FormResubmitSupportCookies.getSessionCookieName; +import java.net.URISyntaxException; import java.util.Collections; import org.apache.shiro.ee.filters.Forms.FallbackPredicate; import org.apache.shiro.ee.filters.ShiroFilter.WrappedSecurityManager; @@ -82,7 +83,7 @@ */ @Slf4j @NoArgsConstructor(access = AccessLevel.PRIVATE) -@SuppressWarnings("HideUtilityClassConstructor") +@SuppressWarnings({"checkstyle:HideUtilityClassConstructor", "checkstyle:MethodCount"}) public class FormResubmitSupport { static final String SHIRO_FORM_DATA_KEY = "org.apache.shiro.form-data-key"; static final String SESSION_EXPIRED_PARAMETER = "org.apache.shiro.sessionExpired"; @@ -97,6 +98,11 @@ public class FormResubmitSupport { = Pattern.compile(String.format("[\\&]?%s.\\w+=[\\w\\s:%%\\d]*", PARTIAL_VIEW)); private static final Pattern INITIAL_AMPERSAND = Pattern.compile("^\\&"); private static final String FORM_DATA_CACHE = "org.apache.shiro.form-data-cache"; + private static final String FORM_RESUBMIT_HOST = "org.apache.shiro.form-resubmit-host"; + private static final String FORM_RESUBMIT_PORT = "org.apache.shiro.form-resubmit-port"; + private static final Optional RESUBMIT_HOST = Optional.ofNullable(System.getProperty(FORM_RESUBMIT_HOST)); + private static final Optional RESUBMIT_PORT = Optional.ofNullable(System.getProperty(FORM_RESUBMIT_PORT)) + .map(Integer::valueOf); static class HttpMethod { static final String GET = "GET"; @@ -369,13 +375,22 @@ static String resubmitSavedForm(@NonNull String savedFormData, @NonNull String s originalResponse.setStatus(AUTHFAIL); return resubmitResponseCleanup(originalRequest); } - var savedRequestURI = URI.create(savedRequest); - HttpClient client = buildHttpClient(savedRequestURI, servletContext, originalRequest); - PartialAjaxResult decodedFormData = parseFormData(savedFormData, savedRequestURI, client, servletContext); - HttpRequest postRequest = constructPostRequest(savedRequestURI, decodedFormData.result); - HttpResponse response = sendResubmitRequest(client, postRequest); + URI overriddenRequestURI = overrideSavedRequestURI(URI.create(savedRequest)); + HttpClient client = buildHttpClient(overriddenRequestURI, servletContext, originalRequest); + HttpResponse response; + PartialAjaxResult decodedFormData; + try { + decodedFormData = parseFormData(savedFormData, overriddenRequestURI, client, servletContext); + HttpRequest postRequest = constructPostRequest(overriddenRequestURI, decodedFormData.result); + response = sendResubmitRequest(client, postRequest); + } catch (IOException e) { + log.warn("Unable to resubmit form to {}" + System.lineSeparator() + + "perhaps set org.apache.shiro.form-resubmit-host or " + + "org.apache.shiro.form-resubmit-port system property?", overriddenRequestURI, e); + return savedRequest; + } if (rememberedAjaxResubmit && !decodedFormData.isStatelessRequest) { - HttpRequest redirectRequest = constructPostRequest(savedRequestURI, savedFormData); + HttpRequest redirectRequest = constructPostRequest(overriddenRequestURI, savedFormData); var redirectResponse = client.send(redirectRequest, HttpResponse.BodyHandlers.ofString()); log.debug("Redirect request: {}, response: {}", redirectRequest, redirectResponse); return processResubmitResponse(redirectResponse, originalRequest, originalResponse, @@ -389,6 +404,19 @@ static String resubmitSavedForm(@NonNull String savedFormData, @NonNull String s } } + @SneakyThrows(URISyntaxException.class) + private static URI overrideSavedRequestURI(URI savedRequestURI) { + if (RESUBMIT_HOST.isPresent() || RESUBMIT_PORT.isPresent()) { + var uri = new URI(savedRequestURI.getScheme(), savedRequestURI.getRawUserInfo(), + RESUBMIT_HOST.orElse(savedRequestURI.getHost()), RESUBMIT_PORT.orElse(savedRequestURI.getPort()), + savedRequestURI.getRawPath(), savedRequestURI.getRawQuery(), savedRequestURI.getRawFragment()); + log.debug("Form Resubmit - Overriding URI {} with {}", savedRequestURI, uri); + return uri; + } else { + return savedRequestURI; + } + } + private static HttpRequest constructPostRequest(URI request, String body) { return HttpRequest.newBuilder().uri(request) .POST(HttpRequest.BodyPublishers.ofString(body)) diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java index 0fcba304c2..bd219c0dca 100644 --- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java +++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java @@ -13,6 +13,7 @@ */ package org.apache.shiro.ee.listeners; +import java.util.Optional; import java.util.Set; import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; @@ -61,7 +62,8 @@ public void contextInitialized(ServletContextEvent sce) { sce.getServletContext().setAttribute(FORM_RESUBMIT_DISABLED_PARAM, Boolean.TRUE); } String secureCookiesStr = sce.getServletContext().getInitParameter(FORM_RESUBMIT_SECURE_COOKIES); - if (secureCookiesStr == null || Boolean.parseBoolean(secureCookiesStr)) { + if (Optional.ofNullable(System.getProperty(FORM_RESUBMIT_SECURE_COOKIES)).map(Boolean::valueOf) + .or(() -> Optional.ofNullable(secureCookiesStr).map(Boolean::valueOf)).orElse(true)) { sce.getServletContext().setAttribute(FORM_RESUBMIT_SECURE_COOKIES, Boolean.TRUE); } else { sce.getServletContext().setAttribute(FORM_RESUBMIT_SECURE_COOKIES, Boolean.FALSE); From 8829f84ff74be816073a4b5798d7a86e5ba62704 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jan 2024 17:40:53 +0000 Subject: [PATCH 009/166] build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index c8af8c7881..7ba3fb2c44 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -98,7 +98,7 @@ jobs: -Pskip_jakarta_ee_tests - name: Archive test run logs - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 if: always() with: name: test-logs-${{ matrix.os }}-${{ matrix.jdk }}-${{ matrix.dist }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a3b4b09968..3bad190983 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,7 +66,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # tag=v4.0.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # tag=v4.1.0 with: name: SARIF file path: results.sarif From 2e4532005d60a09fe0a65af821f2e8d222bc9870 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 18:00:47 +0000 Subject: [PATCH 010/166] build(deps): bump mockito.version from 5.8.0 to 5.9.0 Bumps `mockito.version` from 5.8.0 to 5.9.0. Updates `org.mockito:mockito-core` from 5.8.0 to 5.9.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.8.0...v5.9.0) Updates `org.mockito:mockito-junit-jupiter` from 5.8.0 to 5.9.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.8.0...v5.9.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45edbc838c..28b9e2543a 100644 --- a/pom.xml +++ b/pom.xml @@ -118,7 +118,7 @@ 5.2.0 - 5.8.0 + 5.9.0 1.14.11 3.0.2 4.0.17 From 8832050bc290eeac2409914e3ec330dc27aed38d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 18:01:11 +0000 Subject: [PATCH 011/166] build(deps): bump org.htmlunit:htmlunit from 3.9.0 to 3.10.0 Bumps [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/HtmlUnit/htmlunit/releases) - [Commits](https://github.com/HtmlUnit/htmlunit/compare/3.9.0...3.10.0) --- updated-dependencies: - dependency-name: org.htmlunit:htmlunit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45edbc838c..93c4807006 100644 --- a/pom.xml +++ b/pom.xml @@ -113,7 +113,7 @@ 2.7.18 4.2.3 2.1.6 - 3.9.0 + 3.10.0 1.77 From d7a3beaf4093f1cfa14d6dfc91b4d902c4ae35d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 17:55:09 +0000 Subject: [PATCH 012/166] build(deps): bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom Bumps [org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom](https://github.com/shrinkwrap/resolver) from 3.2.1 to 3.3.0. - [Commits](https://github.com/shrinkwrap/resolver/compare/3.2.1...3.3.0) --- updated-dependencies: - dependency-name: org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- integration-tests/jakarta-ee/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-tests/jakarta-ee/pom.xml b/integration-tests/jakarta-ee/pom.xml index df3675ec1f..c134f02f44 100644 --- a/integration-tests/jakarta-ee/pom.xml +++ b/integration-tests/jakarta-ee/pom.xml @@ -207,7 +207,7 @@ org.jboss.shrinkwrap.resolver shrinkwrap-resolver-bom - 3.2.1 + 3.3.0 pom import From 9f5eb626b4fec6f7b1bf4f19f29042f0fc82522c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 17:05:16 +0000 Subject: [PATCH 013/166] build(deps): bump actions/cache from 3.3.3 to 4.0.0 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.3 to 4.0.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/e12d46a63a90f2fae62d114769bbf2a179198b5c...13aacd865c20de90d75de3b17ebe84f7a17d57d2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3f660c9349..67e4819203 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Cache local Maven repository - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c #v3.3.3 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 #v4.0.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} From 101182106702f440dd2f3426d1442fca1348c25b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 17:19:41 +0000 Subject: [PATCH 014/166] build(deps): bump org.owasp:dependency-check-maven from 9.0.8 to 9.0.9 Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 9.0.8 to 9.0.9. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/jeremylong/DependencyCheck/compare/v9.0.8...v9.0.9) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index de5951bf52..600c3efd03 100644 --- a/pom.xml +++ b/pom.xml @@ -415,7 +415,7 @@ org.owasp dependency-check-maven - 9.0.8 + 9.0.9 com.github.siom79.japicmp From 15a108ef9f094dc4d8a161fb4d8d0b2f0f88a190 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 17:06:58 +0000 Subject: [PATCH 015/166] build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/1eb3cb2b3e0f29609092a73eb033bb759a334595...694cdabd8bdb0f10b2cea11669e1bf5453eed0a6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 7ba3fb2c44..458c655754 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -98,7 +98,7 @@ jobs: -Pskip_jakarta_ee_tests - name: Archive test run logs - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 if: always() with: name: test-logs-${{ matrix.os }}-${{ matrix.jdk }}-${{ matrix.dist }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3bad190983..77c23afbee 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,7 +66,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # tag=v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # tag=v4.2.0 with: name: SARIF file path: results.sarif From d78292340e58e007cb8f0a439a1ce9e404221942 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 17:08:53 +0000 Subject: [PATCH 016/166] build(deps): bump groovy.version from 4.0.17 to 4.0.18 Bumps `groovy.version` from 4.0.17 to 4.0.18. Updates `org.apache.groovy:groovy-all` from 4.0.17 to 4.0.18 - [Commits](https://github.com/apache/groovy/commits) Updates `org.apache.groovy:groovy` from 4.0.17 to 4.0.18 - [Commits](https://github.com/apache/groovy/commits) --- updated-dependencies: - dependency-name: org.apache.groovy:groovy-all dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.groovy:groovy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 600c3efd03..4ecee40c02 100644 --- a/pom.xml +++ b/pom.xml @@ -121,7 +121,7 @@ 5.9.0 1.14.11 3.0.2 - 4.0.17 + 4.0.18 5.10.1 3.1.1 5.6.15.Final From 4787ccc076ac2396e70b5081b68997fc3bb7b0f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jan 2024 17:52:36 +0000 Subject: [PATCH 017/166] build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/694cdabd8bdb0f10b2cea11669e1bf5453eed0a6...26f96dfa697d77e81fd5907df203aa23a56210a8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 458c655754..0b2a2947f6 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -98,7 +98,7 @@ jobs: -Pskip_jakarta_ee_tests - name: Archive test run logs - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 if: always() with: name: test-logs-${{ matrix.os }}-${{ matrix.jdk }}-${{ matrix.dist }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 77c23afbee..bdf0da917b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,7 +66,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # tag=v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # tag=v4.3.0 with: name: SARIF file path: results.sarif From 1f13f8b9230e812205af2288cf5a5afe86767961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jan 2024 17:19:41 +0000 Subject: [PATCH 018/166] build(deps-dev): bump org.assertj:assertj-core from 3.25.1 to 3.25.2 Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.1 to 3.25.2. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.25.1...assertj-build-3.25.2) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4ecee40c02..28df8c7b95 100644 --- a/pom.xml +++ b/pom.xml @@ -865,7 +865,7 @@ org.assertj assertj-core - 3.25.1 + 3.25.2 test From 3f67bfa1d53c5f7c7ec6974948de51ea511945b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Jan 2024 17:40:05 +0000 Subject: [PATCH 019/166] build(deps): bump mockito.version from 5.9.0 to 5.10.0 Bumps `mockito.version` from 5.9.0 to 5.10.0. Updates `org.mockito:mockito-core` from 5.9.0 to 5.10.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.9.0...v5.10.0) Updates `org.mockito:mockito-junit-jupiter` from 5.9.0 to 5.10.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.9.0...v5.10.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 28df8c7b95..9271acb18d 100644 --- a/pom.xml +++ b/pom.xml @@ -118,7 +118,7 @@ 5.2.0 - 5.9.0 + 5.10.0 1.14.11 3.0.2 4.0.18 From 9128731047fcd6203809260ce38c76a583baaa0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:07:10 +0000 Subject: [PATCH 020/166] build(deps): bump com.puppycrawl.tools:checkstyle Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 10.12.7 to 10.13.0. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-10.12.7...checkstyle-10.13.0) --- updated-dependencies: - dependency-name: com.puppycrawl.tools:checkstyle dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9271acb18d..6f1abb153c 100644 --- a/pom.xml +++ b/pom.xml @@ -563,7 +563,7 @@ com.puppycrawl.tools checkstyle - 10.12.7 + 10.13.0 From 08379a3769d794313a7a16eac424571ca970fe83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:07:42 +0000 Subject: [PATCH 021/166] build(deps): bump org.apache.rat:apache-rat-plugin from 0.16 to 0.16.1 Bumps org.apache.rat:apache-rat-plugin from 0.16 to 0.16.1. --- updated-dependencies: - dependency-name: org.apache.rat:apache-rat-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9271acb18d..0eb4782ad6 100644 --- a/pom.xml +++ b/pom.xml @@ -1498,7 +1498,7 @@ org.apache.rat apache-rat-plugin - 0.16 + 0.16.1 false From e965118f6179f28f07d72bbb158ecfe77a7722b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 17:51:42 +0000 Subject: [PATCH 022/166] build(deps-dev): bump org.assertj:assertj-core from 3.25.2 to 3.25.3 Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.2 to 3.25.3. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.25.2...assertj-build-3.25.3) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f26721ffd7..ff1db5a87b 100644 --- a/pom.xml +++ b/pom.xml @@ -865,7 +865,7 @@ org.assertj assertj-core - 3.25.2 + 3.25.3 test From 54a4962ac60539e42abf17511d525567fb74a678 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 17:52:27 +0000 Subject: [PATCH 023/166] build(deps): bump junit.version from 5.10.1 to 5.10.2 Bumps `junit.version` from 5.10.1 to 5.10.2. Updates `org.junit:junit-bom` from 5.10.1 to 5.10.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2) Updates `org.junit.jupiter:junit-jupiter-params` from 5.10.1 to 5.10.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.junit.jupiter:junit-jupiter-params dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f26721ffd7..8e4be96d01 100644 --- a/pom.xml +++ b/pom.xml @@ -122,7 +122,7 @@ 1.14.11 3.0.2 4.0.18 - 5.10.1 + 5.10.2 3.1.1 5.6.15.Final 1.2.5 From 94ae4c335bb2be5e4a54da5d97e13fdda369f73f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 17:46:10 +0000 Subject: [PATCH 024/166] build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 0b2a2947f6..2a6cc0fc59 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -98,7 +98,7 @@ jobs: -Pskip_jakarta_ee_tests - name: Archive test run logs - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: always() with: name: test-logs-${{ matrix.os }}-${{ matrix.jdk }}-${{ matrix.dist }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index bdf0da917b..b0049b6605 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,7 +66,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # tag=v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # tag=v4.3.1 with: name: SARIF file path: results.sarif From 8630718a8bb53eff7800a67b1769ec8097fd22ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 17:58:38 +0000 Subject: [PATCH 025/166] build(deps): bump slf4j.version from 2.0.11 to 2.0.12 Bumps `slf4j.version` from 2.0.11 to 2.0.12. Updates `org.slf4j:slf4j-api` from 2.0.11 to 2.0.12 Updates `org.slf4j:slf4j-simple` from 2.0.11 to 2.0.12 Updates `org.slf4j:jcl-over-slf4j` from 2.0.11 to 2.0.12 Updates `org.slf4j:slf4j-jdk14` from 2.0.11 to 2.0.12 Updates `org.slf4j:slf4j-reload4j` from 2.0.11 to 2.0.12 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:jcl-over-slf4j dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-jdk14 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-reload4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- integration-tests/meecrowave-support/pom.xml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-tests/meecrowave-support/pom.xml b/integration-tests/meecrowave-support/pom.xml index ba56ef3722..f31800873a 100644 --- a/integration-tests/meecrowave-support/pom.xml +++ b/integration-tests/meecrowave-support/pom.xml @@ -60,7 +60,7 @@ org.slf4j jcl-over-slf4j - 2.0.11 + 2.0.12 runtime diff --git a/pom.xml b/pom.xml index cdd67165a0..3da20fe347 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,7 @@ 2.3.2 - 2.0.11 + 2.0.12 2.22.1 5.3.31 2.7.18 From 5b4992a6e62236b489543162b4f01bb31cc4f6b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 17:38:25 +0000 Subject: [PATCH 026/166] build(deps): bump org.htmlunit:htmlunit from 3.10.0 to 3.11.0 Bumps [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit) from 3.10.0 to 3.11.0. - [Release notes](https://github.com/HtmlUnit/htmlunit/releases) - [Commits](https://github.com/HtmlUnit/htmlunit/compare/3.10.0...3.11.0) --- updated-dependencies: - dependency-name: org.htmlunit:htmlunit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3da20fe347..43d6b2503d 100644 --- a/pom.xml +++ b/pom.xml @@ -113,7 +113,7 @@ 2.7.18 4.2.3 2.1.6 - 3.10.0 + 3.11.0 1.77 From 9296b3661cd603871bcfe8f2cdd299e1671a4b7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 17:58:43 +0000 Subject: [PATCH 027/166] build(deps): bump jetty.version Bumps `jetty.version` from 9.4.53.v20231009 to 9.4.54.v20240208. Updates `org.eclipse.jetty:jetty-maven-plugin` from 9.4.53.v20231009 to 9.4.54.v20240208 Updates `org.eclipse.jetty:jetty-server` from 9.4.53.v20231009 to 9.4.54.v20240208 Updates `org.eclipse.jetty:jetty-webapp` from 9.4.53.v20231009 to 9.4.54.v20240208 Updates `org.eclipse.jetty:apache-jsp` from 9.4.53.v20231009 to 9.4.54.v20240208 Updates `org.eclipse.jetty:apache-jstl` from 9.4.53.v20231009 to 9.4.54.v20240208 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-webapp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:apache-jsp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:apache-jstl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 43d6b2503d..d9554ccd0c 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 1.3.2 1.1.1 11 - 9.4.53.v20231009 + 9.4.54.v20240208 1.2.3 From 90037bf9475b6e36d2436048a57f6fdd9a1ee6ba Mon Sep 17 00:00:00 2001 From: lprimak Date: Wed, 14 Feb 2024 17:49:20 -0600 Subject: [PATCH 028/166] bugfix: Newer AspectJ is not compatible with JDK 11 --- .github/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 23521d8c45..d2729ecbdd 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -58,6 +58,9 @@ updates: - dependency-name: "org.omnifaces:omnifaces" update-types: [ "version-update:semver-major" ] + - dependency-name: "org.aspectj:*" + update-types: [ "version-update:semver-patch" ] + - dependency-name: "org.springframework*:*" update-types: [ "version-update:semver-major" ] - dependency-name: "com.flowlogix:flowlogix-jee" From e67a5a8c9fdd61a0367ceec2e09e42b5efe8d848 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 17:47:59 +0000 Subject: [PATCH 029/166] build(deps): bump spring.version from 5.3.31 to 5.3.32 Bumps `spring.version` from 5.3.31 to 5.3.32. Updates `org.springframework:spring-context` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) Updates `org.springframework:spring-web` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) Updates `org.springframework:spring-jdbc` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) Updates `org.springframework:spring-orm` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) Updates `org.springframework:spring-webmvc` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) Updates `org.springframework:spring-test` from 5.3.31 to 5.3.32 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-jdbc dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-orm dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-webmvc dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-test dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d9554ccd0c..9ac3cc7f8e 100644 --- a/pom.xml +++ b/pom.xml @@ -109,7 +109,7 @@ 2.3.2 2.0.12 2.22.1 - 5.3.31 + 5.3.32 2.7.18 4.2.3 2.1.6 From f5576fc9fa2fe963aae7b6886e17c121b7042bc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Feb 2024 17:13:14 +0000 Subject: [PATCH 030/166] build(deps): bump bytebuddy.version from 1.14.11 to 1.14.12 Bumps `bytebuddy.version` from 1.14.11 to 1.14.12. Updates `net.bytebuddy:byte-buddy` from 1.14.11 to 1.14.12 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.11...byte-buddy-1.14.12) Updates `net.bytebuddy:byte-buddy-agent` from 1.14.11 to 1.14.12 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.11...byte-buddy-1.14.12) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: net.bytebuddy:byte-buddy-agent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9ac3cc7f8e..a6dc50baf0 100644 --- a/pom.xml +++ b/pom.xml @@ -119,7 +119,7 @@ 5.2.0 5.10.0 - 1.14.11 + 1.14.12 3.0.2 4.0.18 5.10.2 From acec94d3989a46238f9913c238baec6d5a1a2086 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Feb 2024 17:13:37 +0000 Subject: [PATCH 031/166] build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin Bumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.18.3 to 0.18.4. - [Release notes](https://github.com/siom79/japicmp/releases) - [Changelog](https://github.com/siom79/japicmp/blob/master/release.py) - [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.18.3...japicmp-base-0.18.4) --- updated-dependencies: - dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9ac3cc7f8e..c9b89868a7 100644 --- a/pom.xml +++ b/pom.xml @@ -420,7 +420,7 @@ com.github.siom79.japicmp japicmp-maven-plugin - 0.18.3 + 0.18.4 From a385227a1b5a4203b6ee847c8d1d053c99f56f3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 17:44:40 +0000 Subject: [PATCH 032/166] build(deps): bump com.flowlogix:flowlogix-jee from 5.5.2 to 5.5.3 Bumps com.flowlogix:flowlogix-jee from 5.5.2 to 5.5.3. --- updated-dependencies: - dependency-name: com.flowlogix:flowlogix-jee dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- integration-tests/jakarta-ee/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-tests/jakarta-ee/pom.xml b/integration-tests/jakarta-ee/pom.xml index c134f02f44..aa50142c99 100644 --- a/integration-tests/jakarta-ee/pom.xml +++ b/integration-tests/jakarta-ee/pom.xml @@ -149,7 +149,7 @@ com.flowlogix flowlogix-jee - 5.5.2 + 5.5.3 From 02ca3fb0d83b96d09ff913da9197c00423671284 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 17:44:48 +0000 Subject: [PATCH 033/166] build(deps-dev): bump tomcat.version from 10.1.18 to 10.1.19 Bumps `tomcat.version` from 10.1.18 to 10.1.19. Updates `org.apache.tomcat:tomcat-jasper` from 10.1.18 to 10.1.19 Updates `org.apache.tomcat:tomcat-jasper-el` from 10.1.18 to 10.1.19 --- updated-dependencies: - dependency-name: org.apache.tomcat:tomcat-jasper dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.tomcat:tomcat-jasper-el dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- samples/web-jakarta/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/web-jakarta/pom.xml b/samples/web-jakarta/pom.xml index 1389e13890..2d04ba413d 100644 --- a/samples/web-jakarta/pom.xml +++ b/samples/web-jakarta/pom.xml @@ -33,7 +33,7 @@ 1.2.15 - 10.1.18 + 10.1.19 true From bcbb087ccf5149eec37b74f1fc97fd4fc6f9663a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 17:45:34 +0000 Subject: [PATCH 034/166] build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin Bumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.18.4 to 0.18.5. - [Release notes](https://github.com/siom79/japicmp/releases) - [Changelog](https://github.com/siom79/japicmp/blob/master/release.py) - [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.18.4...japicmp-base-0.18.5) --- updated-dependencies: - dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b70521fc81..2a907d781e 100644 --- a/pom.xml +++ b/pom.xml @@ -420,7 +420,7 @@ com.github.siom79.japicmp japicmp-maven-plugin - 0.18.4 + 0.18.5 From 76830bb3e0fdbeb96bd87081657ea15b5294226d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Feb 2024 17:21:15 +0000 Subject: [PATCH 035/166] build(deps): bump log4j.version from 2.22.1 to 2.23.0 Bumps `log4j.version` from 2.22.1 to 2.23.0. Updates `org.apache.logging.log4j:log4j-slf4j2-impl` from 2.22.1 to 2.23.0 Updates `org.apache.logging.log4j:log4j-core-test` from 2.22.1 to 2.23.0 Updates `org.apache.logging.log4j:log4j-api` from 2.22.1 to 2.23.0 Updates `org.apache.logging.log4j:log4j-core` from 2.22.1 to 2.23.0 Updates `org.apache.logging.log4j:log4j-jul` from 2.22.1 to 2.23.0 Updates `org.apache.logging.log4j:log4j-to-slf4j` from 2.22.1 to 2.23.0 --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-slf4j2-impl dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-core-test dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-api dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-jul dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-to-slf4j dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2a907d781e..cc7f864598 100644 --- a/pom.xml +++ b/pom.xml @@ -108,7 +108,7 @@ modules' OSGi metadata: --> 2.3.2 2.0.12 - 2.22.1 + 2.23.0 5.3.32 2.7.18 4.2.3 From 86d600283ae68c5fd47b7dbb2658a6630d204884 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Feb 2024 17:20:29 +0000 Subject: [PATCH 036/166] build(deps): bump org.codehaus.mojo:exec-maven-plugin Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.1.1 to 3.2.0. - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/3.1.1...3.2.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- integration-tests/jakarta-ee/pom.xml | 2 +- samples/quickstart-guice/pom.xml | 2 +- samples/quickstart/pom.xml | 2 +- samples/spring/pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/integration-tests/jakarta-ee/pom.xml b/integration-tests/jakarta-ee/pom.xml index aa50142c99..0e90a009ea 100644 --- a/integration-tests/jakarta-ee/pom.xml +++ b/integration-tests/jakarta-ee/pom.xml @@ -369,7 +369,7 @@ org.codehaus.mojo exec-maven-plugin - 3.1.1 + 3.2.0 ${project.build.directory}/dependency/payara5/bin/${asadmin.cmd} ${payara.start.skip} diff --git a/samples/quickstart-guice/pom.xml b/samples/quickstart-guice/pom.xml index 49532a8d4c..d8d940a650 100644 --- a/samples/quickstart-guice/pom.xml +++ b/samples/quickstart-guice/pom.xml @@ -38,7 +38,7 @@ org.codehaus.mojo exec-maven-plugin - 3.1.1 + 3.2.0 diff --git a/samples/quickstart/pom.xml b/samples/quickstart/pom.xml index 318f35ad8c..b91c606048 100644 --- a/samples/quickstart/pom.xml +++ b/samples/quickstart/pom.xml @@ -40,7 +40,7 @@ org.codehaus.mojo exec-maven-plugin - 3.1.1 + 3.2.0 diff --git a/samples/spring/pom.xml b/samples/spring/pom.xml index f567d05ea9..cda3d4e5f6 100644 --- a/samples/spring/pom.xml +++ b/samples/spring/pom.xml @@ -72,7 +72,7 @@ org.codehaus.mojo exec-maven-plugin - 3.1.1 + 3.2.0 org.apache.shiro.samples.spring.CliApp From f1c158f68f2ce4e3ad98147635d9269f82a653d7 Mon Sep 17 00:00:00 2001 From: lprimak Date: Thu, 22 Feb 2024 10:06:53 -0800 Subject: [PATCH 037/166] enh: added ManifestResourceTransformer to shade plugin --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index cc7f864598..d090b951c4 100644 --- a/pom.xml +++ b/pom.xml @@ -485,6 +485,8 @@ + From 0ffde75ce11d95168f6f083161554ff7d6b403b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 17:50:31 +0000 Subject: [PATCH 038/166] build(deps): bump io.openliberty.tools:liberty-maven-plugin Bumps [io.openliberty.tools:liberty-maven-plugin](https://github.com/OpenLiberty/ci.maven) from 3.10 to 3.10.1. - [Release notes](https://github.com/OpenLiberty/ci.maven/releases) - [Commits](https://github.com/OpenLiberty/ci.maven/compare/liberty-maven-3.10...liberty-maven-3.10.1) --- updated-dependencies: - dependency-name: io.openliberty.tools:liberty-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- integration-tests/jaxrs/openliberty/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-tests/jaxrs/openliberty/pom.xml b/integration-tests/jaxrs/openliberty/pom.xml index faf2d77cc2..5a1b809029 100644 --- a/integration-tests/jaxrs/openliberty/pom.xml +++ b/integration-tests/jaxrs/openliberty/pom.xml @@ -60,7 +60,7 @@ io.openliberty.tools liberty-maven-plugin - 3.10 + 3.10.1 shiro-its-jaxrs-openliberty From c20d30993c33cae33704cfea7242ec15a167503c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:38:02 +0000 Subject: [PATCH 039/166] build(deps): bump actions/setup-java from 4.0.0 to 4.1.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/387ac29b308b003ca37ba93a6cab5eb57c8f5f93...9704b39bf258b59bc04b50fa2dd55e9ed76b47a8) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 2a6cc0fc59..5d1b37b1c9 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 with: java-version: 11 distribution: temurin @@ -80,7 +80,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 with: java-version: ${{ matrix.jdk }} distribution: ${{ matrix.dist }} From c32fd3be4aaaf502a10f7194fae9e4ea8aea4d82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:46:31 +0000 Subject: [PATCH 040/166] build(deps): bump com.puppycrawl.tools:checkstyle Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 10.13.0 to 10.14.0. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-10.13.0...checkstyle-10.14.0) --- updated-dependencies: - dependency-name: com.puppycrawl.tools:checkstyle dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d090b951c4..d166aec1b8 100644 --- a/pom.xml +++ b/pom.xml @@ -565,7 +565,7 @@ com.puppycrawl.tools checkstyle - 10.13.0 + 10.14.0 From 15f566b115a3ab91effc96cde57e7f7e4ccca685 Mon Sep 17 00:00:00 2001 From: lprimak Date: Wed, 28 Feb 2024 19:54:35 -0600 Subject: [PATCH 041/166] enh: updated versions and using actual link versions for javadoc --- pom.xml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/pom.xml b/pom.xml index d166aec1b8..6bc80a4683 100644 --- a/pom.xml +++ b/pom.xml @@ -107,6 +107,7 @@ 2.3.2 + 2.3.0 2.0.12 2.23.0 5.3.32 @@ -297,6 +298,17 @@ maven-javadoc-plugin org.apache.shiro.samples.* + true + + https://docs.oracle.com/javase/${jdk.version}/docs/api/ + https://www.slf4j.org/api/ + https://docs.spring.io/spring/docs/${spring.version}/javadoc-api/ + https://docs.spring.io/spring-boot/docs/${spring-boot.version}/api/ + https://junit.org/junit5/docs/${junit.version}/api/ + https://easymock.org/api/ + https://javadoc.io/doc/org.mockito/mockito-core/${mockito.version}/org/mockito/Mockito.html + https://www.quartz-scheduler.org/api/${quartz.docs.version}/ + @@ -1429,20 +1441,8 @@ maven-javadoc-plugin + false - true - - https://docs.oracle.com/javase/11/docs/api/ - https://docs.oracle.com/javaee/7/api/ - https://www.slf4j.org/api/ - https://docs.spring.io/spring/docs/2.5.x/javadoc-api/ - https://junit.org/junit4/javadoc/4.12/ - https://easymock.org/api/ - https://javadoc.io/doc/org.mockito/mockito-core/${mockito.version}/org/mockito/Mockito.html - https://www.quartz-scheduler.org/api/1.8.6/ - - - org.apache.shiro.samples.*