New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump maven-shade-plugin from 3.3.0 to 3.4.0 #3276
Bump maven-shade-plugin from 3.3.0 to 3.4.0 #3276
Conversation
@dependabot recreate |
3f1f125
to
3c84cdb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review and test results:
Things to be aware of:
- Plugin used for including 3rd party libraries in the liquibase jar
- Something is off on the build status and I think it's including previous runs and somehow confused about the state of pro. The dependency upgrade is very small and if anything would fail with it it would likely have failed in the parts that ran, so I think it's fine to merge it and revert it in the odd case something surprising happens vs. spending more time fighting with it.
Things to worry about:
- Nothing
@dependabot rebase |
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
@dependabot recreate |
Bumps [maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.3.0...maven-shade-plugin-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dc77f8e
to
fb2a7e0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR updates the Maven Shade Plugin used during build.
- There are no CVEs reported by Maven Central for the jar itself.
- There is a CVE in a Maven Shade Plugin dependency.
- Liquibase end-users are not exposed because Liquibase does not ship the plugin.
- No additional testing required.
Bumps maven-shade-plugin from 3.3.0 to 3.4.0.
Commits
885de67
[maven-release-plugin] prepare release maven-shade-plugin-3.4.0dc8f067
Revert "[maven-release-plugin] prepare release maven-shade-plugin-3.3.1"dcd5cae
Revert "[maven-release-plugin] prepare for next development iteration"b2d5b53
[maven-release-plugin] prepare for next development iterationa09e6de
[maven-release-plugin] prepare release maven-shade-plugin-3.3.1875114a
[MSHADE-416] Fix Jenkins URLad2f6f8
[MSHADE-425] Relocate services name before add to serviceEntries26b5873
gha shared v33994b11
Bump xmlunit-legacy from 2.7.0 to 2.9.089d9e79
Added release drafter.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)