Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump ubuntu from 22.04 to 23.04 in /build #1

Open
wants to merge 136 commits into
base: develop
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 31, 2023

Bumps ubuntu from 22.04 to 23.04.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

david-waltermire and others added 30 commits January 10, 2023 13:13
* Many fixes to the constraints in the OSCAL metaschemas to repair broken Metapaths.
* fixing defects in metaschema constraints
* Updating to latest Metaschema toolchain. Removed use of the "require" constraint.
* updating readme with current links
…ts (#1101)

* Group scenarios and add edge case scenario
* Group the scenarios that test o:glob-as-regex.
* Add scenario for edge case where input is empty.
* For selection, augment XSpec and update XSLT
* Add XSpec tests for oscal-profile-resolve-select.xsl, mostly at the level of templates and functions.
* Minor enhancements in oscal-profile-resolve-select.xsl:
* Add support for with-parent-controls
* Generate fatal error if resource cannot be fetched
* Provide focused error message if resource has no suitable rlink
* Handle missing matching pattern
* Fix indentation
* Fix scenario that intentionally omits pattern
* Rename o:resource-or-warning as o:resource-or-error
* Attributes, not elements, for "from" and "to"
* Update expected value for 4a3cadf changes in catalog
* The abc-full_catalog.xml file has changed, so the "Loose parameters" test scenario needs adjustment.
* Reduce redundancy in expected metadata
* metadata is copied verbatim, so no need to check details in multiple test scenarios for the match=profile template
* Update verbiage to cross-reference with logged discussion pages
For consistency with select.xspec, use XSpec variable instead of entity
for the path to the profile resolution examples.
random-util.xsl provides r:make-uuid and r:make-uuid-sequence for creating one
or more random UUIDs. The r:make-random-string-sequence function supports
more flexible random patterns. Implementations here use the XPath
function, random-number-generator.

random-util.xspec provides template- and function-level tests for
code in random-util.xsl.
Implementing an idea from @wendellpiez: Instead of iterating over a
numeric sequence that represents the position of each character in a
long string, iterate over the sequence of characters.

This change is in the implementation only, not in the function output.
I used ad hoc modifications of the label="seq-length=10000" scenario
in the XSpec test to check that the original and modified functions
produce the same UUID sequence.
- Metadata tests and way of determining top UUID
- Remove global parameter assign-uuid (note backward incompatibility - is it OK?)
- Instead, support global parameters uuid-method and top-uuid, in uuid-method-choice.xsl
- Support global parameter hide-source-profile-uri
- Stub of opr:oscal-version function
- Stub of message handler template, using xsl:message for now
- Add XSpec tests
- Add table of parameters and clarify testing folder content
- Change "home" from global param to global variable; does not need to be set from outside
XSLT
- Move some code from oscal-profile-resolve-select.xsl to new file, select-or-custom-merge.xsl, and share it between Selection phase and Merge phase.
- Add error checking for multiple structuring directives.
- Finish the incomplete support for `insert-controls/@order`.
- Fix bug in support for `@with-parent-controls` in Selection phase.

XSpec
- In select.xspec, add test for order of controls matching imported document, not profile document. Also, add test for `@with-parent-controls` bug fix.
- Create merge-combine.xspec for testing combine-elements and mode="o:combine-elements" templates.
- Organize tests among merge.xspec, merge-combine.xspec, merge-as-is.xspec, and merge-custom.xspec.
- Integrate back-matter testing into template-level tests in merge.xspec and merge-as-is.xspec, and delete merge-back-matter.xspec.
* Added mapping model supporting mapping controls and control statements between two catalogs.
* Adjusted relationships based on PR #1150 discussions. Added type enumerations.
* Included a simple example
Adding the mapping model to the metaschema CI build.
Bumps [ajv-cli](https://github.com/ajv-validator/ajv-cli) from 4.2.0 to 5.0.0.
- [Release notes](https://github.com/ajv-validator/ajv-cli/releases)
- [Commits](ajv-validator/ajv-cli@v4.2.0...v5.0.0)

---
updated-dependencies:
- dependency-name: ajv-cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 3.0.0 to 4.
- [Release notes](https://github.com/peter-evans/create-issue-from-file/releases)
- [Commits](peter-evans/create-issue-from-file@97e6f90...99b87c3)

---
updated-dependencies:
- dependency-name: peter-evans/create-issue-from-file
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.9.2 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](stefanzweifel/git-auto-commit-action@be7095c...49620cd)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.83.1 to 0.101.0.
- [Release notes](https://github.com/gohugoio/hugo/releases)
- [Changelog](https://github.com/gohugoio/hugo/blob/master/goreleaser.yml)
- [Commits](gohugoio/hugo@v0.83.1...v0.101.0)

---
updated-dependencies:
- dependency-name: github.com/gohugoio/hugo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Saxon-HE from 10.6 to 10.8.

---
updated-dependencies:
- dependency-name: net.sf.saxon:Saxon-HE
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@5b949b5...2fddd88)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.2.5-100 to 1.4.1-100.
- [Release notes](https://github.com/ndw/xmlcalabash1/releases)
- [Commits](ndw/xmlcalabash1@1.2.5-100...1.4.1-100)

---
updated-dependencies:
- dependency-name: com.xmlcalabash:xmlcalabash
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.18.3-bullseye to 1.18.4-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add mapping model to docs collection.
* Revised text to address ambiguity around handling `oscal-version` in the generated catalog target based on the versions provided in the imports and source profile. Resolves #1272.
* Adding swap space to resolve memory issue with Hugo build
* Profile Resolution spec: updated names of 'remove' directives
* Resolves #1246. Also repairs a few errors in surrounding copy.
* Adding swap space to address Hugo memory exhaustion.

Co-authored-by: David Waltermire <[email protected]>
dependabot bot and others added 26 commits January 10, 2023 13:15
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.5.1 to 1.5.4.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@4a5af7c...4dcb8be)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 19eeec562b37d29a1ad055b7de9c280bd0906d8d to c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@19eeec5...c3ac5dd)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.107.0 to 0.108.0.
- [Release notes](https://github.com/gohugoio/hugo/releases)
- [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.toml)
- [Commits](gohugoio/hugo@v0.107.0...v0.108.0)

---
updated-dependencies:
- dependency-name: github.com/gohugoio/hugo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.19.3-bullseye to 1.19.4-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ops in the OSCAL namespace are properly closed and all link rels are open for extension. (#1579)
* Bump xmlcalabash from 1.5.1-100 to 1.5.3-110 in /build

Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.5.1-100 to 1.5.3-110.
- [Release notes](https://github.com/ndw/xmlcalabash1/releases)
- [Commits](ndw/xmlcalabash1@1.5.1-100...1.5.3-110)

---
updated-dependencies:
- dependency-name: com.xmlcalabash:xmlcalabash
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update pom.xml

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Waltermire <[email protected]>
* Fix Dockerfile multi-stage builds, closes #1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov/OSCAL#1600.

* Somehow, docs/run-server.sh set to non-executable again.
Dependabot couldn't find the original pull request head commit, 6a131ed2d145b11a76a8fb4e32eae5d1fa7f521c.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, bac53979a935df659c535fe2244d790a80d7495e.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 794aaad2d05b2547c7cedf8f6e975472060dcdc9.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 0fc50f7a116787dec18ce4b687a86bf3a9cb072c.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 4abee5e00492b4a66d9936deddb10a1207bf1da1.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 1ea8e7a9b954338a44e02daf43e4240da9c4808f.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.19.4-bullseye to 1.19.5-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 6e86f78b8482b07071dd6643e59ff81c569ba291.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/peaceiris/actions-gh-pages/releases)
- [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md)
- [Commits](peaceiris/actions-gh-pages@de7ea6f...64b46b4)

---
updated-dependencies:
- dependency-name: peaceiris/actions-gh-pages
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.4.0...maven-dependency-plugin-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v3.1.1...0b7f8ab)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@8c91899...64ed1c7)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/peaceiris/actions-gh-pages/releases)
- [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md)
- [Commits](peaceiris/actions-gh-pages@64b46b4...bd8c6b0)

---
updated-dependencies:
- dependency-name: peaceiris/actions-gh-pages
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.109.0 to 0.110.0.
- [Release notes](https://github.com/gohugoio/hugo/releases)
- [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.toml)
- [Commits](gohugoio/hugo@v0.109.0...v0.110.0)

---
updated-dependencies:
- dependency-name: github.com/gohugoio/hugo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@d556fea...98814c5)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ubuntu from 22.04 to 23.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Mar 31, 2023
@aj-stein-nist aj-stein-nist self-requested a review as a code owner September 28, 2023 05:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker Pull requests that update Docker code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants