Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the dependencies group across 1 directory with 8 updates #2001

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 9, 2024

Bumps the dependencies group with 8 updates in the / directory:

Package From To
ch.qos.logback:logback-classic 1.5.7 1.5.8
de.fraunhofer.iosb.ilt:FROST-Client-Dynamic 2.15 2.16
org.apache.commons:commons-lang3 3.16.0 3.17.0
org.eclipse.jetty:jetty-servlet 10.0.23 11.0.24
org.liquibase:liquibase-core 4.29.1 4.29.2
org.owasp:dependency-check-maven 10.0.3 10.0.4
org.apache.maven.plugins:maven-surefire-plugin 3.4.0 3.5.0
org.apache.maven.plugins:maven-javadoc-plugin 3.8.0 3.10.0

Updates ch.qos.logback:logback-classic from 1.5.7 to 1.5.8

Commits
  • 92e1a5e prepare release 1.5.8
  • 76d8dd8 Update README.md, comment out CI action results
  • d7e0d59 Merge branch 'master' of github.com:qos-ch/logback
  • fe3bf9d os.name property is expected to be Mac OS X on Apple computers
  • 9806273 Update README.md
  • c45f110 check for Mac OS X
  • 00c6f5e what is the os.name
  • 7d03a42 update actions/setup
  • edacb3b skip email sent termination test on MacOs
  • 3b5d041 allow more time for timetout
  • Additional commits viewable in compare view

Updates de.fraunhofer.iosb.ilt:FROST-Client-Dynamic from 2.15 to 2.16

Commits

Updates org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0

Updates org.eclipse.jetty:jetty-servlet from 10.0.23 to 11.0.24

Updates org.liquibase:liquibase-core from 4.29.1 to 4.29.2

Release notes

Sourced from org.liquibase:liquibase-core's releases.

Liquibase v4.29.2

Liquibase 4.29.2 is a patch release

[!IMPORTANT] Liquibase 4.29.2 patches minor issues found in Liquibase 4.29.1 release.

[!NOTE] See the Liquibase 4.29.2 Release Notes for the complete set of release information.

Notable Changes

[PRO]

Custom Policy Checks updates: Create and run Python-based checks which fit your specific needs.

  • Liquibase checks have been opened to the world of Python development! This release fixes some minor issues so you can use your custom Python scripts as policy checks to solve your nuanced and techstack specific conditions for better risk mitigation, compliance, code quality, security, and more.
  • Learn more https://docs.liquibase.com/custom-policy-checks
  • Get the Checks extension to enable this capability: https://docs.liquibase.com/pro-extensions

Deprecation Notice

MacOS .dmg Installer to be removed in next release.

  • This is the final Liquibase release in which the MacOS installer will be shipped. Both the tarball (the liquibase-x.y.z.tar.gz) and the .zip (liquibase-x.y.x.zip) are the preferred replaced options for MacOS users.
  • Questions or comments? https://www.liquibase.com/contact-us

[PRO] Changelog

💥 Breaking Changes

  • None

Changes

... (truncated)

Changelog

Sourced from org.liquibase:liquibase-core's changelog.

Liquibase 4.29.2 is a patch release

Liquibase 4.29.2 patches minor issues found in Liquibase 4.29.1 release.

Notable Changes

[PRO]

Custom Policy Checks updates: Create and run Python-based checks which fit your specific needs.

  • Liquibase checks have been opened to the world of Python development! This release fixes some minor issues so you can use your custom Python scripts as policy checks to solve your nuanced and techstack specific conditions for better risk mitigation, compliance, code quality, security, and more.
  • Learn more https://docs.liquibase.com/custom-policy-checks
  • Get the Checks extension to enable this capability: https://docs.liquibase.com/pro-extensions

Deprecation Notice

MacOS .dmg Installer to be removed in next release.

  • This is the final Liquibase release in which the MacOS installer will be shipped. Both the tarball (the liquibase-x.y.z.tar.gz) and the .zip (liquibase-x.y.x.zip) are the preferred replaced options for MacOS users.
  • Questions or comments? https://www.liquibase.com/contact-us

[PRO] Changelog

Changes

[OSS] Changelog

Changes

... (truncated)

Commits
  • fd04dbd Merge pull request #6279 from liquibase/release_4292_changelog
  • d822676 chore: fix changelog for 4.29.2
  • e6aa1e6 chore: restore DAT-18398 changes
  • 040b732 Sync dry-run workflows from master
  • db61d48 Changelog for 4.29.2 + revert snowflake driver + slf4j versions (#6269)
  • bb50f58 🔧 (release-published.yml): Change the condition for the 'release-docker' job ...
  • 7c963ba chore: restore DAT-18398 changes
  • 7a6015d 🔧 (create-release.yml): update condition to check for boolean false instead o...
  • 35b3ba5 🔧 (create-release.yml): add default value 'master' for branch parameter in on...
  • 57c0ae1 fix release workflows (#6260)
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 10.0.3 to 10.0.4

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 10.0.4

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 10.0.4 (2024-09-01)

  • build(deps): exclude unused dependency (#6916)
  • fix: improve regex (#6917)
  • fix: correctly handle null values in cpeMatch (#6915)
  • fix(site): Update Fluido skin to resolve broken fork-me-on-github image (#6914)
  • fix: do not report over 100% download complete (#6899)
  • fix: Correct spelling of occurring in NvdApiDataSource.java (#6883)
  • fix: skip blank lines in requirements.txt (#6867)
  • fix: correct percentage calculation (#6868)
  • docs: remove old recommendation (#6860)

See the full listing of changes.

Commits
  • 5120cbd build: prepare release v10.0.4
  • 05df233 docs: release notes for 10.0.4
  • a3a74bc build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.0 t...
  • 67c9d9e build(deps): bump golang from 1.22.6-alpine to 1.23.0-alpine (#6893)
  • 1bc85e2 build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin
  • 2fe67ed build(deps): bump commons-codec:commons-codec from 1.17.0 to 1.17.1 (#6900)
  • e835fad build(deps): exclude unused dependency (#6916)
  • ccc151a fix: improve regex (#6917)
  • e090d40 chore: additional tests (#6918)
  • b4339ce fix: correctly handle null values in cpeMatch (#6915)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.0

Commits
  • c78365f [maven-release-plugin] prepare release surefire-3.5.0
  • 05e4681 [SUREFIRE-2227] Dynamically calculate xrefTestLocation
  • f1a419a [SUREFIRE-2228] Upgrade to Doxia 2.0.0 Milestone Stack
  • 5e14d4f [SUREFIRE-2161] Align Mojo class names and output names
  • c0784ab Bump org.apache.commons:commons-compress from 1.27.0 to 1.27.1
  • 79ea717 [SUREFIRE-2256] Upgrade to Parent 43
  • 4648b47 add Reproducible Builds badge
  • f64c1b3 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.0

Commits
  • 487e479 [maven-release-plugin] prepare release maven-javadoc-plugin-3.10.0
  • 9638a6a [MJAVADOC-785] Align plugin implementation with AbstractMavenReport (maven-re...
  • 9d33925 [MJAVADOC-784] Upgrade to Doxia 2.0.0 Milestone Stack
  • a11b921 [MJAVADOC-809] Align Mojo class names
  • 7c4b467 Bump org.apache.maven.plugins:maven-plugins from 42 to 43
  • 636442b Improve ITs
  • dbca15a Bump org.hamcrest:hamcrest-core from 2.2 to 3.0
  • d02bb88 Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0
  • 0a850a1 [MJAVADOC-807] Simplify IT for MJAVADOC-498
  • 43e901f Improve URL handling
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.7` | `1.5.8` |
| [de.fraunhofer.iosb.ilt:FROST-Client-Dynamic](https://github.com/FraunhoferIOSB/FROST-Client) | `2.15` | `2.16` |
| org.apache.commons:commons-lang3 | `3.16.0` | `3.17.0` |
| org.eclipse.jetty:jetty-servlet | `10.0.23` | `11.0.24` |
| [org.liquibase:liquibase-core](https://github.com/liquibase/liquibase) | `4.29.1` | `4.29.2` |
| [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `10.0.3` | `10.0.4` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.4.0` | `3.5.0` |
| [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.8.0` | `3.10.0` |



Updates `ch.qos.logback:logback-classic` from 1.5.7 to 1.5.8
- [Commits](qos-ch/logback@v_1.5.7...v_1.5.8)

Updates `de.fraunhofer.iosb.ilt:FROST-Client-Dynamic` from 2.15 to 2.16
- [Changelog](https://github.com/FraunhoferIOSB/FROST-Client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/FraunhoferIOSB/FROST-Client/commits)

Updates `org.apache.commons:commons-lang3` from 3.16.0 to 3.17.0

Updates `org.eclipse.jetty:jetty-servlet` from 10.0.23 to 11.0.24

Updates `org.liquibase:liquibase-core` from 4.29.1 to 4.29.2
- [Release notes](https://github.com/liquibase/liquibase/releases)
- [Changelog](https://github.com/liquibase/liquibase/blob/master/changelog.txt)
- [Commits](liquibase/liquibase@v4.29.1...v4.29.2)

Updates `org.owasp:dependency-check-maven` from 10.0.3 to 10.0.4
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v10.0.3...v10.0.4)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.4.0...surefire-3.5.0)

Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.8.0 to 3.10.0
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.8.0...maven-javadoc-plugin-3.10.0)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.ilt:FROST-Client-Dynamic
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.apache.commons:commons-lang3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: org.liquibase:liquibase-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 9, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 16, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Sep 16, 2024
@dependabot dependabot bot deleted the dependabot/maven/v2.4.x/dependencies-07f17e8d40 branch September 16, 2024 06:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants