SPLAT-1007 Release v3.14.2 #1532
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [mockito-core](https://github.com/mockito/mockito) from 3.7.7 to 3.8.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.7.7...v3.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [coverage](https://github.com/nedbat/coveragepy) from 5.4 to 5.5. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@coverage-5.4...coverage-5.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 8.40 to 8.41. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](checkstyle/checkstyle@checkstyle-8.40...checkstyle-8.41) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps `jmh.version` from 1.27 to 1.28. Updates `jmh-core` from 1.27 to 1.28 Updates `jmh-generator-annprocess` from 1.27 to 1.28 Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…op/com.puppycrawl.tools-checkstyle-8.41 Java: Bump checkstyle from 8.40 to 8.41 in /lib/java
Bumps [activemq-client](https://github.com/apache/activemq) from 5.15.11 to 5.16.1. - [Release notes](https://github.com/apache/activemq/releases) - [Commits](apache/activemq@activemq-5.15.11...activemq-5.16.1) Signed-off-by: dependabot[bot] <support@github.com>
…op/jmh.version-1.28 Java: Bump jmh.version from 1.27 to 1.28 in /lib/java
Bumps [libthrift](https://github.com/apache/thrift) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md) - [Commits](apache/thrift@v0.13.0...v0.14.0) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Signed-off-by: dependabot[bot] <support@github.com>
…op/coverage-5.5 Python: Bump coverage from 5.4 to 5.5 in /lib/python
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
…develop/org.apache.activemq-activemq-client-5.16.1 Examples: Bump activemq-client from 5.15.11 to 5.16.1 in /examples/java
…op/junit-junit-4.13.2 Java: Bump junit from 4.13.1 to 4.13.2 in /lib/java
Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [activemq-client](https://github.com/apache/activemq) from 5.15.11 to 5.16.1. - [Release notes](https://github.com/apache/activemq/releases) - [Commits](apache/activemq@activemq-5.15.11...activemq-5.16.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [libthrift](https://github.com/apache/thrift) from 0.14.0 to 0.14.1. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md) - [Commits](apache/thrift@v0.14.0...v0.14.1) Signed-off-by: dependabot[bot] <support@github.com>
…op/io.netty-netty-all-4.1.60.Final Java: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /lib/java
…on/java/frugal-integration-test/develop/io.netty-netty-all-4.1.60.Final Tests: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /test/integration/java/frugal-integration-test
…develop/io.netty-netty-all-4.1.60.Final Examples: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /examples/java
…on/java/frugal-integration-test/develop/junit-junit-4.13.2 Tests: Bump junit from 4.13.1 to 4.13.2 in /test/integration/java/frugal-integration-test
…op/org.mockito-mockito-core-3.8.0 Java: Bump mockito-core from 3.7.7 to 3.8.0 in /lib/java
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
…on/java/frugal-integration-test/develop/org.apache.activemq-activemq-client-5.16.1 Tests: Bump activemq-client from 5.15.11 to 5.16.1 in /test/integration/java/frugal-integration-test
Bumps [github.com/go-stomp/stomp](https://github.com/go-stomp/stomp) from 2.1.2+incompatible to 2.1.3+incompatible. - [Release notes](https://github.com/go-stomp/stomp/releases) - [Changelog](https://github.com/go-stomp/stomp/blob/master/breaking_changes.md) - [Commits](go-stomp/stomp@v2.1.2...v2.1.3) Signed-off-by: dependabot[bot] <support@github.com>
…op/org.apache.thrift-libthrift-0.14.1 Java: Bump libthrift from 0.14.0 to 0.14.1 in /lib/java
…velop/github.com/sirupsen/logrus-1.8.1 Go: Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 in /lib/go
…go/develop/github.com/go-stomp/stomp-2.1.3incompatible go-exam: bump github.com/go-stomp/stomp from 2.1.2+incompatible to 2.1.3+incompatible in /examples/go
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.19.1 to 1.22.5. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/master/docs/CHANGELOG.md) - [Commits](urfave/cli@v1.19.1...v1.22.5) Signed-off-by: dependabot[bot] <support@github.com>
…op/flake8-3.9.0 Python: Bump flake8 from 3.8.4 to 3.9.0 in /lib/python
…velop/github.com/apache/thrift-0.14.1 Go: Bump github.com/apache/thrift from 0.14.0 to 0.14.1 in /lib/go
…go/develop/github.com/sirupsen/logrus-1.8.1 go-exam: bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 in /examples/go
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.1.9 to 2.2.0. - [Release notes](https://github.com/nats-io/nats-server/releases) - [Changelog](https://github.com/nats-io/nats-server/blob/master/.goreleaser.yml) - [Commits](nats-io/nats-server@v2.1.9...v2.2.0) Signed-off-by: dependabot[bot] <support@github.com>
…ithub.com/urfave/cli-1.22.5 go-tool: bump github.com/urfave/cli from 1.19.1 to 1.22.5
…velop/github.com/nats-io/nats-server/v2-2.2.0 Go: Bump github.com/nats-io/nats-server/v2 from 2.1.9 to 2.2.0 in /lib/go
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.7.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.7.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
…gration/develop/github.com/sirupsen/logrus-1.8.1 go-test: bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 in /test/integration
Bumps [github.com/apache/thrift](https://github.com/apache/thrift) from 0.14.0 to 0.14.1. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md) - [Commits](apache/thrift@v0.14.0...v0.14.1) Signed-off-by: dependabot[bot] <support@github.com>
…go/develop/github.com/apache/thrift-0.14.1 go-exam: bump github.com/apache/thrift from 0.14.0 to 0.14.1 in /examples/go
…develop/org.apache.thrift-libthrift-0.14.0 java-exam: bump libthrift from 0.13.0 to 0.14.0 in /examples/java
Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml) from 2.2.2 to 2.4.0. - [Release notes](https://github.com/go-yaml/yaml/releases) - [Commits](go-yaml/yaml@v2.2.2...v2.4.0) Signed-off-by: dependabot[bot] <support@github.com>
…opkg.in/yaml.v2-2.4.0 go-tool: bump gopkg.in/yaml.v2 from 2.2.2 to 2.4.0
fix: revert all changes from PR #1476
Security Insights(3) Vulnerable direct dependencies were detectedaiohttp < 3.7.4 via lib/python/requirements_dev_asyncio.txtorg.apache.thrift:libthrift < 0.14.0 via examples/java/pom.xmlorg.apache.thrift:libthrift < 0.14.0 via test/integration/java/frugal-integration-test/pom.xmlAction Items
Questions or Comments? Reach out on Slack: #support-infosec. |
houstonking-wf
approved these changes
Mar 26, 2021
| github.com/go-stomp/stomp v2.1.2+incompatible | ||
| github.com/nats-io/nats-server/v2 v2.1.9 | ||
| github.com/nats-io/nats.go v1.10.0 | ||
| github.com/apache/thrift v0.14.1 |
There was a problem hiding this comment.
Note: bumping to v0.14.1 for go
| @@ -50,7 +50,7 @@ | |||
| <dependency> | |||
| <groupId>org.apache.thrift</groupId> | |||
| <artifactId>libthrift</artifactId> | |||
| <version>0.14.0</version> | |||
| <version>0.13.0</version> | |||
There was a problem hiding this comment.
Note: here's the downgrade to 0.13.0 for java.
| @@ -17,17 +17,17 @@ | |||
| <dependency> | |||
| <groupId>org.apache.thrift</groupId> | |||
| <artifactId>libthrift</artifactId> | |||
| <version>0.13.0</version> | |||
| <version>0.14.0</version> | |||
There was a problem hiding this comment.
Note: this probably isn't desirable, but we've got a backlog of repairs to do on the examples anyway.
|
QA +1; tests are passing on my PR -- it's a direct revert of another PR. |
|
@Workiva/release-management-p for merge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JIRA: https://jira.atl.workiva.net/browse/SPLAT-1007
@Workiva/product2