New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPLAT-1007 Release v3.14.2 #1532
Conversation
Bumps [mockito-core](https://github.com/mockito/mockito) from 3.7.7 to 3.8.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.7.7...v3.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [coverage](https://github.com/nedbat/coveragepy) from 5.4 to 5.5. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@coverage-5.4...coverage-5.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 8.40 to 8.41. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](checkstyle/checkstyle@checkstyle-8.40...checkstyle-8.41) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps `jmh.version` from 1.27 to 1.28. Updates `jmh-core` from 1.27 to 1.28 Updates `jmh-generator-annprocess` from 1.27 to 1.28 Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…op/com.puppycrawl.tools-checkstyle-8.41 Java: Bump checkstyle from 8.40 to 8.41 in /lib/java
Bumps [activemq-client](https://github.com/apache/activemq) from 5.15.11 to 5.16.1. - [Release notes](https://github.com/apache/activemq/releases) - [Commits](apache/activemq@activemq-5.15.11...activemq-5.16.1) Signed-off-by: dependabot[bot] <support@github.com>
…op/jmh.version-1.28 Java: Bump jmh.version from 1.27 to 1.28 in /lib/java
Bumps [libthrift](https://github.com/apache/thrift) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md) - [Commits](apache/thrift@v0.13.0...v0.14.0) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Signed-off-by: dependabot[bot] <support@github.com>
…op/coverage-5.5 Python: Bump coverage from 5.4 to 5.5 in /lib/python
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [netty-all](https://github.com/netty/netty) from 4.1.59.Final to 4.1.60.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.59.Final...netty-4.1.60.Final) Signed-off-by: dependabot[bot] <support@github.com>
…develop/org.apache.activemq-activemq-client-5.16.1 Examples: Bump activemq-client from 5.15.11 to 5.16.1 in /examples/java
…op/junit-junit-4.13.2 Java: Bump junit from 4.13.1 to 4.13.2 in /lib/java
Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [activemq-client](https://github.com/apache/activemq) from 5.15.11 to 5.16.1. - [Release notes](https://github.com/apache/activemq/releases) - [Commits](apache/activemq@activemq-5.15.11...activemq-5.16.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [libthrift](https://github.com/apache/thrift) from 0.14.0 to 0.14.1. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md) - [Commits](apache/thrift@v0.14.0...v0.14.1) Signed-off-by: dependabot[bot] <support@github.com>
…op/io.netty-netty-all-4.1.60.Final Java: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /lib/java
…on/java/frugal-integration-test/develop/io.netty-netty-all-4.1.60.Final Tests: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /test/integration/java/frugal-integration-test
…develop/io.netty-netty-all-4.1.60.Final Examples: Bump netty-all from 4.1.59.Final to 4.1.60.Final in /examples/java
…on/java/frugal-integration-test/develop/junit-junit-4.13.2 Tests: Bump junit from 4.13.1 to 4.13.2 in /test/integration/java/frugal-integration-test
…op/org.mockito-mockito-core-3.8.0 Java: Bump mockito-core from 3.7.7 to 3.8.0 in /lib/java
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
…on/java/frugal-integration-test/develop/org.apache.activemq-activemq-client-5.16.1 Tests: Bump activemq-client from 5.15.11 to 5.16.1 in /test/integration/java/frugal-integration-test
Bumps [github.com/go-stomp/stomp](https://github.com/go-stomp/stomp) from 2.1.2+incompatible to 2.1.3+incompatible. - [Release notes](https://github.com/go-stomp/stomp/releases) - [Changelog](https://github.com/go-stomp/stomp/blob/master/breaking_changes.md) - [Commits](go-stomp/stomp@v2.1.2...v2.1.3) Signed-off-by: dependabot[bot] <support@github.com>
…op/org.apache.thrift-libthrift-0.14.1 Java: Bump libthrift from 0.14.0 to 0.14.1 in /lib/java
…velop/github.com/sirupsen/logrus-1.8.1 Go: Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 in /lib/go
…go/develop/github.com/go-stomp/stomp-2.1.3incompatible go-exam: bump github.com/go-stomp/stomp from 2.1.2+incompatible to 2.1.3+incompatible in /examples/go
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.19.1 to 1.22.5. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/master/docs/CHANGELOG.md) - [Commits](urfave/cli@v1.19.1...v1.22.5) Signed-off-by: dependabot[bot] <support@github.com>
…op/flake8-3.9.0 Python: Bump flake8 from 3.8.4 to 3.9.0 in /lib/python
…velop/github.com/apache/thrift-0.14.1 Go: Bump github.com/apache/thrift from 0.14.0 to 0.14.1 in /lib/go
…go/develop/github.com/sirupsen/logrus-1.8.1 go-exam: bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 in /examples/go
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.1.9 to 2.2.0. - [Release notes](https://github.com/nats-io/nats-server/releases) - [Changelog](https://github.com/nats-io/nats-server/blob/master/.goreleaser.yml) - [Commits](nats-io/nats-server@v2.1.9...v2.2.0) Signed-off-by: dependabot[bot] <support@github.com>
…ithub.com/urfave/cli-1.22.5 go-tool: bump github.com/urfave/cli from 1.19.1 to 1.22.5
…velop/github.com/nats-io/nats-server/v2-2.2.0 Go: Bump github.com/nats-io/nats-server/v2 from 2.1.9 to 2.2.0 in /lib/go
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.7.0 to 1.8.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.7.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com>
…gration/develop/github.com/sirupsen/logrus-1.8.1 go-test: bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 in /test/integration
Bumps [github.com/apache/thrift](https://github.com/apache/thrift) from 0.14.0 to 0.14.1. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md) - [Commits](apache/thrift@v0.14.0...v0.14.1) Signed-off-by: dependabot[bot] <support@github.com>
…go/develop/github.com/apache/thrift-0.14.1 go-exam: bump github.com/apache/thrift from 0.14.0 to 0.14.1 in /examples/go
…develop/org.apache.thrift-libthrift-0.14.0 java-exam: bump libthrift from 0.13.0 to 0.14.0 in /examples/java
Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml) from 2.2.2 to 2.4.0. - [Release notes](https://github.com/go-yaml/yaml/releases) - [Commits](go-yaml/yaml@v2.2.2...v2.4.0) Signed-off-by: dependabot[bot] <support@github.com>
…opkg.in/yaml.v2-2.4.0 go-tool: bump gopkg.in/yaml.v2 from 2.2.2 to 2.4.0
fix: revert all changes from PR #1476
Security Insights(3) Vulnerable direct dependencies were detectedaiohttp < 3.7.4 via lib/python/requirements_dev_asyncio.txt org.apache.thrift:libthrift < 0.14.0 via examples/java/pom.xml org.apache.thrift:libthrift < 0.14.0 via test/integration/java/frugal-integration-test/pom.xml Action Items
Questions or Comments? Reach out on Slack: #support-infosec. |
github.com/go-stomp/stomp v2.1.2+incompatible | ||
github.com/nats-io/nats-server/v2 v2.1.9 | ||
github.com/nats-io/nats.go v1.10.0 | ||
github.com/apache/thrift v0.14.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: bumping to v0.14.1 for go
@@ -50,7 +50,7 @@ | |||
<dependency> | |||
<groupId>org.apache.thrift</groupId> | |||
<artifactId>libthrift</artifactId> | |||
<version>0.14.0</version> | |||
<version>0.13.0</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: here's the downgrade to 0.13.0 for java.
@@ -17,17 +17,17 @@ | |||
<dependency> | |||
<groupId>org.apache.thrift</groupId> | |||
<artifactId>libthrift</artifactId> | |||
<version>0.13.0</version> | |||
<version>0.14.0</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: this probably isn't desirable, but we've got a backlog of repairs to do on the examples anyway.
QA +1; tests are passing on my PR -- it's a direct revert of another PR. |
@Workiva/release-management-p for merge |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 from RM
JIRA: https://jira.atl.workiva.net/browse/SPLAT-1007
@Workiva/product2