Rebase main #3
Merged
Rebase main #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…h-project#3391) Bumps org.gradle.test-retry from 1.5.4 to 1.5.5. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…0.4 (opensearch-project#3392) Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.3 to 1.1.10.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xerial/snappy-java/releases">org.xerial.snappy:snappy-java's releases</a>.</em></p> <blockquote> <h2>v1.1.10.4</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Security Fix</h3> <ul> <li>Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by <a href="https://github.com/tunnelshade"><code>@tunnelshade</code></a> (<a href="https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5">code change</a>) <ul> <li>This does not affect users only using Snappy.compress/uncompress methods</li> </ul> </li> </ul> <h3>🚀 Features</h3> <ul> <li>feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by <a href="https://github.com/xerial"><code>@xerial</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/508">xerial/snappy-java#508</a></li> <li>Support JDK21 (no internal change)</li> </ul> <h3>🔗 Dependency Updates</h3> <ul> <li>Update scalafmt-core to 3.7.11 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/485">xerial/snappy-java#485</a></li> <li>Update sbt to 1.9.3 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/483">xerial/snappy-java#483</a></li> <li>Update scalafmt-core to 3.7.12 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/487">xerial/snappy-java#487</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/502">xerial/snappy-java#502</a></li> <li>Update sbt to 1.9.4 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/496">xerial/snappy-java#496</a></li> <li>Update scalafmt-core to 3.7.14 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/501">xerial/snappy-java#501</a></li> <li>Update sbt to 1.9.6 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/505">xerial/snappy-java#505</a></li> <li>Update native libraries by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/503">xerial/snappy-java#503</a></li> </ul> <h3>🛠 Internal Updates</h3> <ul> <li>Update airframe-log to 23.7.4 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/486">xerial/snappy-java#486</a></li> <li>Update airframe-log to 23.8.0 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/488">xerial/snappy-java#488</a></li> <li>Update sbt-scalafmt to 2.5.2 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/500">xerial/snappy-java#500</a></li> <li>Update airframe-log to 23.8.6 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/497">xerial/snappy-java#497</a></li> <li>Update sbt-scalafmt to 2.5.1 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/499">xerial/snappy-java#499</a></li> <li>Update airframe-log to 23.9.1 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/504">xerial/snappy-java#504</a></li> <li>Update airframe-log to 23.9.2 by <a href="https://github.com/xerial-bot"><code>@xerial-bot</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/509">xerial/snappy-java#509</a></li> </ul> <h3>Other Changes</h3> <ul> <li>Update NOTICE by <a href="https://github.com/imsudiproy"><code>@imsudiproy</code></a> in <a href="https://redirect.github.com/xerial/snappy-java/pull/492">xerial/snappy-java#492</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4">https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"><code>9f8c3cf</code></a> Merge pull request from GHSA-55g7-9cwv-5qfv</li> <li><a href="https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68"><code>49d7001</code></a> Update airframe-log to 23.9.2 (<a href="https://redirect.github.com/xerial/snappy-java/issues/509">#509</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a"><code>1f07c31</code></a> Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (<a href="https://redirect.github.com/xerial/snappy-java/issues/503">#503</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62"><code>13f8db1</code></a> Update sbt to 1.9.6 (<a href="https://redirect.github.com/xerial/snappy-java/issues/505">#505</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c"><code>f2e97f2</code></a> feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...</li> <li><a href="https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b"><code>98b2225</code></a> Update airframe-log to 23.9.1 (<a href="https://redirect.github.com/xerial/snappy-java/issues/504">#504</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf"><code>9f29b5c</code></a> Update NOTICE (<a href="https://redirect.github.com/xerial/snappy-java/issues/492">#492</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955"><code>55639b5</code></a> Update sbt-scalafmt to 2.5.1 (<a href="https://redirect.github.com/xerial/snappy-java/issues/499">#499</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d"><code>a5d81a6</code></a> Update airframe-log to 23.8.6 (<a href="https://redirect.github.com/xerial/snappy-java/issues/497">#497</a>)</li> <li><a href="https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570"><code>6495da1</code></a> Update scalafmt-core to 3.7.14 (<a href="https://redirect.github.com/xerial/snappy-java/issues/501">#501</a>)</li> <li>Additional commits viewable in <a href="https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….21.1 to 2.22.0 (opensearch-project#3393) Bumps [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) from 2.21.1 to 2.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/error-prone/releases">com.google.errorprone:error_prone_annotations's releases</a>.</em></p> <blockquote> <h2>Error Prone 2.22.0</h2> <p>We are considering raising the minimum supported JDK from JDK 11 to JDK 17 in a future release of Error Prone, see <a href="https://redirect.github.com/google/error-prone/issues/3803">#3803</a>. Note that using a newer JDK version to run javac during the build doesn't prevent building code that is deployed to earlier versions, for example it's supported to use the JDK 17 javac and pass <code>--release 11</code> to compile Java 11 code that is deployed to a JDK 11 runtime. If you have feedback, please comment on <a href="https://redirect.github.com/google/error-prone/issues/3803">#3803</a>.</p> <p>New checks:</p> <ul> <li><a href="https://errorprone.info/bugpattern/ClosingStandardOutputStreams"><code>ClosingStandardOutputStreams</code></a>: Prevents accidentally closing <code>System.{out,err}</code> with try-with-resources</li> <li><a href="https://errorprone.info/bugpattern/TruthContainsExactlyElementsInUsage"><code>TruthContainsExactlyElementsInUsage</code></a>: <code>containsExactly</code> is preferred over <code>containsExactlyElementsIn</code> when creating new iterables</li> <li><a href="https://errorprone.info/bugpattern/UnnecessaryAsync"><code>UnnecessaryAsync</code></a>: detects unnecessary use of async primitives in local (and hence single-threaded) scopes</li> <li><a href="https://errorprone.info/bugpattern/ReturnAtTheEndOfVoidFunction"><code>ReturnAtTheEndOfVoidFunction</code></a>: detects unnecessary <code>return</code> statements at the end of <code>void</code> functions</li> <li><a href="https://errorprone.info/bugpattern/MultimapKeys"><code>MultimapKeys</code></a>: Suggests using <code>keySet()</code> instead of iterating over <code>Multimap.keys()</code>, which does not collapse duplicates</li> </ul> <p>Bug fixes and improvements:</p> <ul> <li>Don't complain about literal IP addresses in <code>AddressSelection</code> (<a href="https://github.com/google/error-prone/commit/44b65527debbc57892f21ca3ba458b16771e423e">https://github.com/google/error-prone/commit/44b65527debbc57892f21ca3ba458b16771e423e</a>)</li> <li>Prevent SuggestedFixes#renameMethod from modifying return type declaration (<a href="https://redirect.github.com/google/error-prone/issues/4043">#4043</a>)</li> <li>Fix UnusedVariable false positives for private record parameters (<a href="https://redirect.github.com/google/error-prone/issues/2713">#2713</a>)</li> <li>When running in conservative mode, no longer assume that implementations of <code>Map.get</code>, etc. return <code>null</code> (<a href="https://redirect.github.com/google/error-prone/issues/2910">#2910</a>)</li> <li>CanIgnoreReturnValueSuggester: Support additional exempting method annotations (<a href="https://redirect.github.com/google/error-prone/issues/4009">#4009</a>)</li> <li>UnusedVariable: exclude junit5's <code>@RegisterExtension</code> (<a href="https://redirect.github.com/google/error-prone/issues/3892">#3892</a>)</li> <li>Support running all available patch checks (<a href="https://redirect.github.com/google/error-prone/issues/947">#947</a>)</li> <li>Upgrade java-diff-utils 4.0 -> 4.12 (<a href="https://redirect.github.com/google/error-prone/issues/4081">#4081</a>)</li> <li>Flag unused Refaster template parameters (<a href="https://redirect.github.com/google/error-prone/issues/4060">#4060</a>)</li> <li>Support <code>@SuppressWarnings("all")</code> (<a href="https://redirect.github.com/google/error-prone/issues/4065">#4065</a>)</li> <li>Prevent Refaster <code>UMemberSelect</code> from matching method parameters (<a href="https://redirect.github.com/google/error-prone/issues/2456">#2456</a>)</li> <li>MissingDefault : Don't require <code>// fall out</code> comments on expression switches (<a href="https://redirect.github.com/google/error-prone/issues/2709">#2709</a>)</li> <li>Skip UnnecessaryLambda findings for usages in enhanced for loops (<a href="https://redirect.github.com/google/error-prone/issues/2518">#2518</a>)</li> <li>Fix bug where nested MissingBraces violations' suggested fixes result in broken code (<a href="https://redirect.github.com/google/error-prone/issues/3797">#3797</a>)</li> <li>Add support for specifying <code>exemptPrefixes</code>/<code>exemptNames</code> for UnusedVariable via flags (<a href="https://redirect.github.com/google/error-prone/issues/2753">#2753</a>)</li> <li>UnusedMethod: Added exempting variable annotations (<a href="https://redirect.github.com/google/error-prone/issues/2881">#2881</a>)</li> </ul> <p>Full Changelog: <a href="https://github.com/google/error-prone/compare/v2.21.1...v2.22.0">https://github.com/google/error-prone/compare/v2.21.1...v2.22.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/error-prone/commit/7114c31a8819c5b5debd4506f7aca5fd4fe6bc15"><code>7114c31</code></a> Release Error Prone 2.22.0</li> <li><a href="https://github.com/google/error-prone/commit/c94d74da01c750923eb51c9bfeb274ddacaea012"><code>c94d74d</code></a> Update release.yml - temporarily disable sonatype deployments</li> <li><a href="https://github.com/google/error-prone/commit/080411ec38e78e8677afa61cbf3fd061b7923134"><code>080411e</code></a> Added exempting variable annotations</li> <li><a href="https://github.com/google/error-prone/commit/737dec07570ae14f71c808281187adbb5cd947cb"><code>737dec0</code></a> Remove DiffNotApplicableException</li> <li><a href="https://github.com/google/error-prone/commit/f3a2bf8ea5bf9687cb7a42ad25db01dfb96cb84e"><code>f3a2bf8</code></a> Update ci.yml for JDK 21 release</li> <li><a href="https://github.com/google/error-prone/commit/1d2bc93bfab99cc08f96e9c4c534a829ece8da2b"><code>1d2bc93</code></a> Introduce <code>ErrorProneFlags.get{Set,List}OrEmpty</code>, because basically every cal...</li> <li><a href="https://github.com/google/error-prone/commit/1bec842493f2fabbb808e0d8f2074083df5b742f"><code>1bec842</code></a> Fix a crash in UnnecessaryAsync</li> <li><a href="https://github.com/google/error-prone/commit/d2ee28e8576e5b23cb7538078e1b75484af9c15a"><code>d2ee28e</code></a> Fix a crash in TimeUnitConversionChecker</li> <li><a href="https://github.com/google/error-prone/commit/ac424d0ce91c9ccb89be611f5e915d384df19d5b"><code>ac424d0</code></a> Tighten the return types in Fix.</li> <li><a href="https://github.com/google/error-prone/commit/58e5bb8a3cf65b800102832d6fe65a55e46161c4"><code>58e5bb8</code></a> Update and wordsmith the <code>@CompileTimeConstant</code> documentation to reflect chan...</li> <li>Additional commits viewable in <a href="https://github.com/google/error-prone/compare/v2.21.1...v2.22.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
opensearch-project#3390) Bumps [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) from 5.3.29 to 5.3.30. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-core's releases</a>.</em></p> <blockquote> <h2>v5.3.30</h2> <h2>:star: New Features</h2> <ul> <li>Optimize <code>ClassUtils#getMostSpecificMethod</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31100">#31100</a></li> <li>Optimize whitespace checks in <code>StringUtils</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31069">#31069</a></li> <li>Align validation metadata handling in <code>PayloadMethodArgumentResolver</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31056">#31056</a></li> <li>Register an override for an existing adapter in <code>ReactiveAdapterRegistry</code> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31048">#31048</a></li> <li>Make bean initialization deterministic for multiple <code>@Autowired</code> methods on same bean class <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30994">#30994</a></li> <li>Performance bottlenecks while creating scoped bean instances <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30892">#30892</a></li> </ul> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>Possible classloader leak through incomplete clearing of annotation caches <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31176">#31176</a></li> <li>Spring <code>LogFactory</code> implementation deviates from original Apache <code>LogFactory</code> in terms of abstract method declarations <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31167">#31167</a></li> <li>Bean injection fails due to <code>nullSafeConciseToString()</code> invoking <code>isEmpty()</code> on a <code>Map</code>/<code>Collection</code> proxy <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31156">#31156</a></li> <li>SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31099">#31099</a></li> <li><code>@DynamicPropertySource</code> in <code>@nested</code> test class cannot override dynamic properties from enclosing class <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31085">#31085</a></li> <li><code>TransactionalApplicationListenerMethodAdapter</code> should find <code>@TransactionalEventListener</code> on target class method <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31037">#31037</a></li> <li>ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31020">#31020</a></li> <li>Permgen memory leak due to <code>ClassInfo</code> caching in <code>java.beans.Introspector</code> on JDK 11/17 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31005">#31005</a></li> <li><code>MethodIntrospector.selectMethods(?)</code> fails to find methods in case of special bridge method arrangement <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30907">#30907</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31229">#31229</a></li> <li>Refine CORS documentation for wildcard processing <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31168">#31168</a></li> <li>Propagation REQUIRES_NEW may cause connection pool deadlock <a href="https://redirect.github.com/spring-projects/spring-framework/issues/31040">#31040</a></li> <li>Clarify R2DBC <code>ConnectionAccessor</code> and <code>DatabasePopulator</code> exception declarations <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30933">#30933</a></li> <li>Doc: Avoid deadlock in <code>@PostConstruct</code> through SmartInitializingSingleton or ContextRefreshedEvent <a href="https://redirect.github.com/spring-projects/spring-framework/issues/30889">#30889</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-framework/commit/e5d99ecf984537ab52825292d5ce76130b425e3e"><code>e5d99ec</code></a> Release v5.3.30</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/f7bf2431fb6f923ae484d6b5cdc5547c3fe04c72"><code>f7bf243</code></a> Clarify IN clause resolution with List/Iterable parameter</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/40678bb981bf5f8c0127bdd54976df6ede08b1ad"><code>40678bb</code></a> Refine CORS documentation for wildcard processing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/75faf698afd2dd0f93fe3b03cc896e94085328d2"><code>75faf69</code></a> Refine CORS documentation for wildcard processing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/39c225c813f67c9e45dee755c1a297a82f97d1c6"><code>39c225c</code></a> AnnotationUtils.clearCache() includes all annotation caches</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/0c3d8d7a44fa057dd1c8bf62732cd23dc6220303"><code>0c3d8d7</code></a> Align abstract method signatures with original Commons Logging API</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/ddcae04ad57ffb2e03f28fa56ff258d5e0e02b1b"><code>ddcae04</code></a> Do not invoke [Map|Collection].isEmpty() in nullSafeConciseToString()</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/994bbec0c3ae081b1c81aa5d9335bf5f47964dbf"><code>994bbec</code></a> Polishing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/afb378a59fb4bbc24af0cacc0e7acb86e170d66c"><code>afb378a</code></a> Consistently throw ParseException instead of IllegalStateException</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/a4fc7d3c117c40d71046850a56957a229ba48524"><code>a4fc7d3</code></a> Optimize ClassUtils#getMostSpecificMethod</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-framework/compare/v5.3.29...v5.3.30">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…oject#3394) Bumps [org.passay:passay](https://github.com/vt-middleware/passay) from 1.6.3 to 1.6.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vt-middleware/passay/releases">org.passay:passay's releases</a>.</em></p> <blockquote> <h2>v1.6.4 Release</h2> <p>See <a href="https://www.passay.org/download.html">https://www.passay.org/download.html</a> for change log and binaries.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vt-middleware/passay/commit/c43f1847ebe58d24abee83b61d806f2e9e3d535a"><code>c43f184</code></a> Update version for 1.6.4 release.</li> <li><a href="https://github.com/vt-middleware/passay/commit/67d6cd6f26f135735d8d6b3e66da3f680bbffafc"><code>67d6cd6</code></a> Update library and plugin dependencies.</li> <li><a href="https://github.com/vt-middleware/passay/commit/7bf0b4045bb319be866ec093193ffb833a25e322"><code>7bf0b40</code></a> Haveibeenpwnd review (<a href="https://redirect.github.com/vt-middleware/passay/issues/148">#148</a>)</li> <li><a href="https://github.com/vt-middleware/passay/commit/5d1d3184ef21b1c1b12bedee97454f52137c767d"><code>5d1d318</code></a> Update library and plugin dependencies.</li> <li><a href="https://github.com/vt-middleware/passay/commit/f1265192425e24d4b7ed381510d54d28e7a1c7b6"><code>f126519</code></a> Add missing Polish characters: ł, ń (<a href="https://redirect.github.com/vt-middleware/passay/issues/142">#142</a>)</li> <li><a href="https://github.com/vt-middleware/passay/commit/33848520f5e403e4381b092aa34eab5e4d57bce2"><code>3384852</code></a> Bump version to 1.6.4-SNAPSHOT.</li> <li>See full diff in <a href="https://github.com/vt-middleware/passay/compare/v1.6.3...v1.6.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rch-project#3395) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tibdex/github-app-token/releases">tibdex/github-app-token's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <p>Projects willing to keep the token alive after the end of the job can pass <code>revoke: false</code> as an input.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tibdex/github-app-token/commit/3beb63f4bd073e61482598c45c71c1019b59b73a"><code>3beb63f</code></a> release v2.1.0</li> <li><a href="https://github.com/tibdex/github-app-token/commit/3eb77c7243b85c65e84acfa93fdbac02fb6bd532"><code>3eb77c7</code></a> Add option to not revoke token (<a href="https://redirect.github.com/tibdex/github-app-token/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/tibdex/github-app-token/compare/v2.0.0...v2.1.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…opensearch-project#3383) ### Description Coming from opensearch-project/job-scheduler#492 As mitigation, removing `.opendistro-job-scheduler-lock` from list of protected indices for 3.x/2.x. The lock index will still remain as a system index. ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [X] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Joshua Palis <[email protected]>
…earch-project#3359) Change routs for audit and security configuration PUT methods. The previous configuration used the `{name}` parameter which is confusing since `config` the only allowed value for this parameter. This PR changes routes' configuration and removes useless validation for them. Signed-off-by: Andrey Pleskach <[email protected]>
…pensearch-project#3408) ### Description Allow for automatic merging of dependabot changes after checks pass ### Issues Resolved - Related opensearch-project/OpenSearch#10211 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [X] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Peter Nied <[email protected]>
…#3329) This change requires an alternative to the default credentials for the admin user. The credentials can be provided to the script via: - `initialAdminPassword` environment variable - a file with a single line that contains the password. The admin password for the cluster will be printed to the console output of the `tools/install_demo_configuration.(bat|sh)` Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Peter Nied <[email protected]> Co-authored-by: Peter Nied <[email protected]>
Use custom serialization in security plugin. - Resolves opensearch-project#2780 Signed-off-by: Paras Jain <[email protected]> Signed-off-by: Peter Nied <[email protected]> Co-authored-by: Paras Jain <[email protected]> Co-authored-by: Peter Nied <[email protected]>
…0.5 (opensearch-project#3435) Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.4 to 1.1.10.5. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…3433) Bumps org.ow2.asm:asm from 9.5 to 9.6. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…21.1 (opensearch-project#3432) Bumps org.apache.camel:camel-xmlsecurity from 3.21.0 to 3.21.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…4.3 (opensearch-project#3434) Bumps [com.github.wnameless.json:json-base](https://github.com/wnameless/json-base) from 2.4.2 to 2.4.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wnameless/json-base/blob/master/release-notes">com.github.wnameless.json:json-base's changelog</a>.</em></p> <blockquote> <p>Version 1.0.0</p> <ul> <li>First release</li> </ul> <p>Version 1.1.0</p> <ul> <li>Support Java 9 Module</li> <li>Add isEmpty() to JsonArrayBase and JsonObjectBase</li> </ul> <ul> <li>Change package name from com.github.wnameless.json to com.github.wnameless.json.base</li> </ul> <p>Version 1.1.1</p> <ul> <li>Using "requires static" on Gson and Jackson</li> </ul> <p>Version 1.2.0</p> <ul> <li>Add Jsonable interface</li> </ul> <p>Version 2.0.0</p> <ul> <li>Add #asBigInteger, #asBigDecimal, #asNumber, #asNull</li> <li>Add #toMap, #toList</li> <li>Add JsonValueCore, JsonObjectCore, JsonArrayCore, JsonCore, JsonSource</li> <li>Add JsonPrinter, JsonValueUtils</li> </ul> <p>Version 2.1.0</p> <ul> <li>Fix JsonProter#prettyPrint bug</li> <li>Improve module-info.java</li> </ul> <p>Version 2.2.0</p> <ul> <li>Alter all "requires static transitive" to "requires static" in module-info.java to avoid "module not found" error while compiling by other projects</li> </ul> <p>Version 2.2.1</p> <ul> <li>Fix JsonPrinter bug on the edge case: having backslash before ending double quotes</li> </ul> <p>Version 2.3.0</p> <ul> <li>Add org.json lib support</li> <li>Add Jakarta lib support</li> </ul> <ul> <li>Change the return type of JsonArrayCore#remove(int) from boolean to JsonArrayCore</li> <li>Increase JUnit code coverage to 100%</li> </ul> <ul> <li>Remove Cobertura maven dependency</li> </ul> <p>Version 2.4.0</p> <ul> <li>Add #stream to JsonArrayBase and JsonObjectBase</li> </ul> <p>Version 2.4.1</p> <ul> <li>Improve OrgJsonValue#asNumber</li> </ul> <ul> <li>Add JsonPrinter#toJsonString</li> </ul> <p>Version 2.4.2</p> <ul> <li>Upgrade POM</li> </ul> <p>Version 2.4.3</p> <ul> <li>Modify JsonValueUtils#toJavaNumber for preserving precise scale of the float number</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wnameless/json-base/commit/a2785b7b1c777b591a1d8724382c85f9dface1ba"><code>a2785b7</code></a> [maven-release-plugin] prepare release json-base-2.4.3</li> <li><a href="https://github.com/wnameless/json-base/commit/849d039bf8f1728a2b091c6c6490eb4e00550c10"><code>849d039</code></a> Improve GsonJsonValue implementation</li> <li><a href="https://github.com/wnameless/json-base/commit/244205004471e47cfde08a8139ff6d4f52917ca5"><code>2442050</code></a> To preserve precise scale of the float number</li> <li><a href="https://github.com/wnameless/json-base/commit/10f6d999541a98d52c8a97e117dd916fad989634"><code>10f6d99</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/wnameless/json-base/compare/json-base-2.4.2...json-base-2.4.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rch-project#3431) Bumps commons-io:commons-io from 2.13.0 to 2.14.0. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Setup auth token utils for obo (opensearch-project#3419) --------- Signed-off-by: Ryan Liang <[email protected]>
… before sending the response to the channel (opensearch-project#3411) Prior to this change, the ip auth failure listener was not called upon challengeAuthenticator check invocation, which caused AddressBasedRateLimiter to not be invoked. With this change AddressBasedRateLimiter will be invoked upon multiple wrong requests from an ip. Signed-off-by: Darshit Chanpura <[email protected]>
…nsearch-project#3264) Instead of setting `SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION` settings to update security configuration using `PATCH` or `PUT` a new permission was added: `restapi:admin/config/update`. So far I decided to keep this flag as it is due to a backward compatibility and log a deprecation message that these settings will be removed in the future. Maybe it is better to remove it completely. Besides, added the missed test for `SecurityConfigApiAction` Signed-off-by: Andrey Pleskach <[email protected]>
…search-project#3458) Update custom serialization min supported version, should be 2.11.0 since the features backport [1] was merged. - [1] opensearch-project#3444 Signed-off-by: Peter Nied <[email protected]>
* Redirect deprecation messages to stderr to differentiate between the two streams to make debugging and troubleshooting more efficient. Signed-off-by: David Osorno <[email protected]>
### Description Add tracer to fix the breaking issue. ### Issues Resolved - opensearch-project#3462 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Gagan Juneja <[email protected]> Co-authored-by: Gagan Juneja <[email protected]>
…-project#3430) Introduced a new abstraction, SecurityRequest & SecurityRequestChannel, to streamline and secure the authentication process in the OpenSearch Security plugin. By isolating the essential request components needed for authentication, we minimize potential risks associated with previous designs and provide a more maintainable architecture. Signed-off-by: Peter Nied <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
[Describe what this change achieves]
Issues Resolved
[List any issues this PR will resolve]
Is this a backport? If so, please add backport PR # and/or commits #
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.