From 4e5fc95c51a430332fe2deb9342d070351f17382 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Fri, 1 Mar 2024 10:57:07 +0100 Subject: [PATCH 1/7] #63: Upgrade dependencies (#64) --- .gitattributes | 3 + .github/workflows/broken_links_checker.yml | 2 + .github/workflows/ci-build-next-java.yml | 8 +- .github/workflows/ci-build.yml | 47 +++-- .github/workflows/dependencies_check.yml | 62 ++++++- .github/workflows/dependencies_update.yml | 169 ++++++++++++++++++ ...elease_droid_prepare_original_checksum.yml | 16 +- .../release_droid_print_quick_checksum.yml | 11 +- ...release_droid_release_on_maven_central.yml | 11 +- ...ase_droid_upload_github_release_assets.yml | 11 +- .project-keeper.yml | 8 +- .vscode/settings.json | 6 +- dependencies.md | 98 +++++----- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.12.md | 50 ++++++ pk_generated_parent.pom | 70 ++++++-- pom.xml | 46 +++-- .../modules/udflogs/LogRecorder.java | 2 +- .../exasol/udfdebugging/UdfTestSetupTest.java | 3 +- .../jprofiler/JProfilerModuleTest.java | 3 +- .../modules/udflogs/LogRecorderTest.java | 49 +++-- 21 files changed, 511 insertions(+), 165 deletions(-) create mode 100644 .github/workflows/dependencies_update.yml create mode 100644 doc/changes/changes_0.6.12.md diff --git a/.gitattributes b/.gitattributes index 9064858..2429bb3 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,9 +2,12 @@ dependencies.md linguist-genera doc/changes/changelog.md linguist-generated=true pk_generated_parent.pom linguist-generated=true .github/workflows/broken_links_checker.yml linguist-generated=true +.github/workflows/ci-build.yml linguist-generated=true .github/workflows/ci-build-next-java.yml linguist-generated=true .github/workflows/dependencies_check.yml linguist-generated=true +.github/workflows/dependencies_update.yml linguist-generated=true .github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true +.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true .github/workflows/release_droid_release_on_maven_central.yml linguist-generated=true .github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 82ec1cd..0fbcad5 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -1,3 +1,5 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/broken_links_checker.yml name: Broken Links Checker on: diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml index 7cbab08..e3acdb7 100644 --- a/.github/workflows/ci-build-next-java.yml +++ b/.github/workflows/ci-build-next-java.yml @@ -1,5 +1,6 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-next-java.yml name: CI Build next Java - on: push: branches: @@ -18,7 +19,7 @@ jobs: with: fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: "temurin" java-version: 17 @@ -26,8 +27,9 @@ jobs: - name: Run tests and build with Maven run: | mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \ + -Djava.version=17 \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - - name: Publish Test Report + - name: Publish Test Report for Java 17 uses: scacap/action-surefire-report@v1 if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} with: diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 4d3ebab..726cf2a 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -1,5 +1,6 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-db-version-matrix.yml name: CI Build - on: push: branches: @@ -7,13 +8,20 @@ on: pull_request: jobs: - build: - runs-on: ubuntu-20.04 # UDFs fail with "VM error: Internal error: VM crashed" on ubuntu-latest + matrix-build: + runs-on: ubuntu-20.04 concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }} cancel-in-progress: true + strategy: + fail-fast: false + matrix: + exasol_db_version: ["8.25.0", "7.1.25"] + env: + DEFAULT_EXASOL_DB_VERSION: "8.25.0" steps: - name: Free Disk Space + if: ${{ false }} run: | sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet @@ -21,16 +29,16 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up JDK 11 & 17 - uses: actions/setup-java@v3 + - name: Set up JDKs + uses: actions/setup-java@v4 with: distribution: "temurin" java-version: | - 17 11 + 17 cache: "maven" - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar @@ -39,23 +47,32 @@ jobs: run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" - name: Run tests and build with Maven run: | - JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode clean verify \ + mvn --batch-mode clean verify \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ - -DtrimStackTrace=false - - name: Publish Test Report + -DtrimStackTrace=false \ + -Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }} + env: + # Set additional environment variable as in scala projects the scalatest plugin does not forward + # the system property -Dcom.exasol.dockerdb.image to the test's implementation. + EXASOL_DB_VERSION: ${{ matrix.exasol_db_version }} + - name: Publish Test Report for Exasol ${{ matrix.exasol_db_version }} uses: scacap/action-surefire-report@v1 if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Sonar analysis - if: ${{ env.SONAR_TOKEN != null }} + if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }} run: | - JAVA_HOME=$JAVA_HOME_17_X64 mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ + mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ - -Dsonar.organization=exasol \ - -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.token=$SONAR_TOKEN env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + build: + needs: matrix-build + runs-on: ubuntu-latest + steps: + - run: echo "Build successful" diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 3059964..6926e55 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,20 +1,64 @@ -name: Dependencies Check - +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml +name: Report Security Issues on: + workflow_dispatch: schedule: - cron: "0 2 * * *" jobs: - build: + report_security_issues: runs-on: ubuntu-latest - + permissions: + contents: read + issues: write + outputs: + created-issues: ${{ steps.security-issues.outputs.created-issues }} steps: - uses: actions/checkout@v4 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + + - name: Set up JDKs + uses: actions/setup-java@v4 with: distribution: "temurin" - java-version: 11 + java-version: | + 11 + 17 cache: "maven" - - name: Checking dependencies for vulnerabilities - run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml + + - name: Generate ossindex report + run: | + mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ + -Dossindex.reportFile=$(pwd)/ossindex-report.json \ + -Dossindex.fail=false + + - name: Report Security Issues + id: security-issues + uses: exasol/python-toolbox/.github/actions/security-issues@main + with: + format: "maven" + command: "cat ossindex-report.json" + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Output security issues (Debugging) + run: | + echo "$CREATED_ISSUES" > test.jsonl + cat test.jsonl + env: + CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }} + + start_dependency_udpate: + needs: report_security_issues + if: ${{ needs.report_security_issues.outputs.created-issues }} + concurrency: + cancel-in-progress: true + group: "dependency_update" + # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK + secrets: inherit + permissions: + contents: write + pull-requests: write + uses: ./.github/workflows/dependencies_update.yml + with: + vulnerability_issues: ${{ needs.report_security_issues.outputs.created-issues }} diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml new file mode 100644 index 0000000..58222ba --- /dev/null +++ b/.github/workflows/dependencies_update.yml @@ -0,0 +1,169 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml +name: Update dependencies +on: + workflow_call: + inputs: + vulnerability_issues: + description: "GitHub issues for vulnerable dependencies as JSONL" + required: true + type: string + workflow_dispatch: + +jobs: + update_dependencies: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up JDKs + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: | + 11 + 17 + cache: "maven" + + - name: Print issues + run: | + echo "Issues from Action input: $ISSUES" + env: + ISSUES: ${{ inputs.vulnerability_issues }} + + - name: Fail if not running on a branch + if: ${{ !startsWith(github.ref, 'refs/heads/') }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch') + + - name: Update dependencies + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \ + -Dproject-keeper:vulnerabilities="$CREATED_ISSUES" + env: + CREATED_ISSUES: ${{ inputs.vulnerability_issues }} + + - name: Project Keeper Fix + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . + + - name: Project Keeper Fix for updated Project Keeper version + # Calling PK fix a second time is necessary because the first invocation potentially updated PK itself. + # So we need to run PK fix again with the latest PK version. + # [impl->dsn~dependency-updater.workflow.start-pk-fix~1] + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . + + - name: Generate Pull Request comment + id: pr-comment + # [impl->dsn~dependency-updater.workflow.pull-request-trigger-ci-build~1] + run: | + echo 'comment<> "$GITHUB_OUTPUT" + echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT" + if [ -n "$CREATED_ISSUES" ]; then + echo 'It updates dependencies to fix the following vulnerabilities:' >> "$GITHUB_OUTPUT" + echo $CREATED_ISSUES | jq --raw-output '. | "* Closes " + .issue_url + " (" + .cve + ")"' >> "$GITHUB_OUTPUT" + else + echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" + fi + echo >> "$GITHUB_OUTPUT" + echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT" + echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" + echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + cat "$GITHUB_OUTPUT" + env: + CREATED_ISSUES: ${{ inputs.vulnerability_issues }} + + - name: Generate Pull Request Title + id: pr-title + run: | + if [ -n "$CREATED_ISSUES" ]; then + echo "Security issues are available" + echo "title=🔐 Update dependencies to fix vulnerabilities" >> "$GITHUB_OUTPUT" + else + echo "Security issues are not available" + echo "title=Update dependencies" >> "$GITHUB_OUTPUT" + fi + + cat "$GITHUB_OUTPUT" + env: + CREATED_ISSUES: ${{ inputs.vulnerability_issues }} + + - name: Configure git + run: | + git config --global user.email "opensource@exasol.com" + git config --global user.name "Automatic Dependency Updater" + + - name: Create branch + if: ${{ github.ref == 'refs/heads/main' }} + run: | + branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")" + echo "Creating branch $branch_name" + git checkout -b "$branch_name" + + - name: Commit changes & push + if: ${{ startsWith(github.ref, 'refs/heads/' ) }} + run: | + branch_name=$(git rev-parse --abbrev-ref HEAD) + echo "Current branch: $branch_name" + echo "git diff --stat" + git diff --stat + echo "git diff --numstat" + git diff --numstat + echo "git diff --name-status" + git diff --name-status + echo "Adding untracked files:" + git add . --verbose --all + echo "Committing changes..." + git commit --message "$TITLE" + echo "Pushing branch $branch_name..." + git push --set-upstream origin "$branch_name" + echo "Done." + env: + TITLE: ${{ steps.pr-title.outputs.title }} + + - name: Create pull request + id: create-pr + if: ${{ github.ref == 'refs/heads/main' }} + run: | + pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT") + echo "Created Pull Request: $pr_url" + echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT" + env: + COMMENT: ${{ steps.pr-comment.outputs.comment }} + TITLE: ${{ steps.pr-title.outputs.title }} + GH_TOKEN: ${{ github.token }} + + - name: Report failure Status to Slack channel + # Also run this step in case of failures + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ job.status }} + token: ${{ secrets.GITHUB_TOKEN }} + notification_title: "Dependency check in {repo} has {status_message}" + message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>" + notify_when: "failure,cancelled,warnings" + env: + SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} + + - name: Report new Pull Request to Slack channel + if: ${{ steps.create-pr.outputs.pr_url }} + uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ job.status }} + token: ${{ secrets.GITHUB_TOKEN }} + notification_title: "Dependency update for {repo} created a Pull Request" + message_format: "{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}" + env: + SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml index 843604c..2ff28b3 100644 --- a/.github/workflows/release_droid_prepare_original_checksum.yml +++ b/.github/workflows/release_droid_prepare_original_checksum.yml @@ -1,13 +1,15 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_prepare_original_checksum.yml name: Release Droid - Prepare Original Checksum - on: workflow_dispatch: jobs: build: - runs-on: ubuntu-20.04 # UDFs fail with "VM error: Internal error: VM crashed" on ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Free Disk Space + if: ${{ false }} run: | sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet @@ -15,11 +17,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + - name: Set up JDKs + uses: actions/setup-java@v4 with: distribution: "temurin" - java-version: 11 + java-version: | + 11 + 17 cache: "maven" - name: Enable testcontainer reuse run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" @@ -28,7 +32,7 @@ jobs: - name: Prepare checksum run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum - name: Upload checksum to the artifactory - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: original_checksum retention-days: 5 diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml index aed4444..86979cd 100644 --- a/.github/workflows/release_droid_print_quick_checksum.yml +++ b/.github/workflows/release_droid_print_quick_checksum.yml @@ -1,5 +1,6 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_print_quick_checksum.yml name: Release Droid - Print Quick Checksum - on: workflow_dispatch: @@ -11,11 +12,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + - name: Set up JDKs + uses: actions/setup-java@v4 with: distribution: "temurin" - java-version: 11 + java-version: | + 11 + 17 cache: "maven" - name: Build with Maven skipping tests run: mvn --batch-mode clean verify -DskipTests diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml index dfdbd6a..0a5ee04 100644 --- a/.github/workflows/release_droid_release_on_maven_central.yml +++ b/.github/workflows/release_droid_release_on_maven_central.yml @@ -1,5 +1,6 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_release_on_maven_central.yml name: Release Droid - Release On Maven Central - on: workflow_dispatch: @@ -12,16 +13,20 @@ jobs: with: fetch-depth: 0 - name: Set up Maven Central Repository - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: "temurin" - java-version: 11 + java-version: | + 11 + 17 cache: "maven" server-id: ossrh server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: List secret GPG keys + run: gpg --list-secret-keys - name: Publish to Central Repository run: mvn --batch-mode -Dgpg.skip=false -DskipTests clean deploy env: diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml index 7ae8bbb..b19f7cf 100644 --- a/.github/workflows/release_droid_upload_github_release_assets.yml +++ b/.github/workflows/release_droid_upload_github_release_assets.yml @@ -1,5 +1,6 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_upload_github_release_assets.yml name: Release Droid - Upload GitHub Release Assets - on: workflow_dispatch: inputs: @@ -15,11 +16,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + - name: Set up JDKs + uses: actions/setup-java@v4 with: distribution: "temurin" - java-version: 11 + java-version: | + 11 + 17 cache: "maven" - name: Build with Maven skipping tests run: mvn --batch-mode clean verify -DskipTests diff --git a/.project-keeper.yml b/.project-keeper.yml index c6aee8f..b7df6c5 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -6,6 +6,8 @@ sources: - integration_tests linkReplacements: - "https://github.com/hamcrest/JavaHamcrest/hamcrest-all|https://github.com/hamcrest/JavaHamcrest" -excludes: - - "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build.yml'" - - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_prepare_original_checksum.yml'" +build: + runnerOs: ubuntu-20.04 + exasolDbVersions: + - "8.25.0" + - "7.1.25" diff --git a/.vscode/settings.json b/.vscode/settings.json index f1a4c2c..8778700 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,9 +1,9 @@ { "editor.formatOnSave": true, "editor.codeActionsOnSave": { - "source.organizeImports": true, - "source.generate.finalModifiers": true, - "source.fixAll": true + "source.organizeImports": "explicit", + "source.generate.finalModifiers": "explicit", + "source.fixAll": "explicit" }, "java.codeGeneration.useBlocks": true, "java.saveActions.organizeImports": true, diff --git a/dependencies.md b/dependencies.md index bea09b3..f73ddbe 100644 --- a/dependencies.md +++ b/dependencies.md @@ -20,7 +20,7 @@ | [JaCoCo :: Agent][5] | [Eclipse Public License 2.0][6] | | [JUnit Jupiter Engine][15] | [Eclipse Public License v2.0][16] | | [JUnit Jupiter Params][15] | [Eclipse Public License v2.0][16] | -| [mockito-junit-jupiter][17] | [The MIT License][18] | +| [mockito-junit-jupiter][17] | [MIT][18] | | [Hamcrest All][19] | [New BSD License][20] | | [Test containers for Exasol on Docker][21] | [MIT License][22] | | [Testcontainers :: JUnit Jupiter Extension][23] | [MIT][24] | @@ -38,29 +38,25 @@ | Dependency | License | | ------------------------------------------------------- | ---------------------------------------------- | | [SonarQube Scanner for Maven][30] | [GNU LGPL 3][31] | -| [Apache Maven Compiler Plugin][32] | [Apache-2.0][12] | -| [Apache Maven Enforcer Plugin][33] | [Apache-2.0][12] | -| [Maven Flatten Plugin][34] | [Apache Software Licenese][12] | -| [Maven Dependency Plugin][35] | [The Apache Software License, Version 2.0][36] | -| [Project keeper maven plugin][37] | [The MIT License][38] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][39] | [ASL2][36] | -| [Maven Surefire Plugin][40] | [Apache-2.0][12] | -| [Versions Maven Plugin][41] | [Apache License, Version 2.0][12] | -| [duplicate-finder-maven-plugin Maven Mojo][42] | [Apache License 2.0][43] | -| [Apache Maven Deploy Plugin][44] | [Apache-2.0][12] | -| [Apache Maven GPG Plugin][45] | [Apache-2.0][12] | -| [Apache Maven Source Plugin][46] | [Apache License, Version 2.0][12] | -| [Apache Maven Javadoc Plugin][47] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][48] | [Eclipse Public License][49] | -| [Maven Failsafe Plugin][50] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][51] | [Eclipse Public License 2.0][6] | -| [error-code-crawler-maven-plugin][52] | [MIT License][53] | -| [Reproducible Build Maven Plugin][54] | [Apache 2.0][36] | -| [Maven Clean Plugin][55] | [The Apache Software License, Version 2.0][36] | -| [Maven Resources Plugin][56] | [The Apache Software License, Version 2.0][36] | -| [Maven JAR Plugin][57] | [The Apache Software License, Version 2.0][36] | -| [Maven Install Plugin][58] | [The Apache Software License, Version 2.0][36] | -| [Maven Site Plugin 3][59] | [The Apache Software License, Version 2.0][36] | +| [Apache Maven Toolchains Plugin][32] | [Apache License, Version 2.0][12] | +| [Maven Dependency Plugin][33] | [The Apache Software License, Version 2.0][34] | +| [Project Keeper Maven plugin][35] | [The MIT License][36] | +| [Apache Maven Compiler Plugin][37] | [Apache-2.0][12] | +| [Apache Maven Enforcer Plugin][38] | [Apache-2.0][12] | +| [Maven Flatten Plugin][39] | [Apache Software Licenese][12] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][40] | [ASL2][34] | +| [Maven Surefire Plugin][41] | [Apache-2.0][12] | +| [Versions Maven Plugin][42] | [Apache License, Version 2.0][12] | +| [duplicate-finder-maven-plugin Maven Mojo][43] | [Apache License 2.0][44] | +| [Apache Maven Deploy Plugin][45] | [Apache-2.0][12] | +| [Apache Maven GPG Plugin][46] | [Apache-2.0][12] | +| [Apache Maven Source Plugin][47] | [Apache License, Version 2.0][12] | +| [Apache Maven Javadoc Plugin][48] | [Apache-2.0][12] | +| [Nexus Staging Maven Plugin][49] | [Eclipse Public License][50] | +| [Maven Failsafe Plugin][51] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][52] | [Eclipse Public License 2.0][6] | +| [error-code-crawler-maven-plugin][53] | [MIT License][54] | +| [Reproducible Build Maven Plugin][55] | [Apache 2.0][34] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -80,7 +76,7 @@ [15]: https://junit.org/junit5/ [16]: https://www.eclipse.org/legal/epl-v20.html [17]: https://github.com/mockito/mockito -[18]: https://github.com/mockito/mockito/blob/main/LICENSE +[18]: https://opensource.org/licenses/MIT [19]: https://github.com/hamcrest/JavaHamcrest [20]: http://www.opensource.org/licenses/bsd-license.php [21]: https://github.com/exasol/exasol-testcontainers/ @@ -94,31 +90,27 @@ [29]: https://github.com/eclipse-ee4j/parsson [30]: http://sonarsource.github.io/sonar-scanner-maven/ [31]: http://www.gnu.org/licenses/lgpl.txt -[32]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[33]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[34]: https://www.mojohaus.org/flatten-maven-plugin/ -[35]: http://maven.apache.org/plugins/maven-dependency-plugin/ -[36]: http://www.apache.org/licenses/LICENSE-2.0.txt -[37]: https://github.com/exasol/project-keeper/ -[38]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[39]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[40]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[41]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[42]: https://basepom.github.io/duplicate-finder-maven-plugin -[43]: http://www.apache.org/licenses/LICENSE-2.0.html -[44]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[45]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[46]: https://maven.apache.org/plugins/maven-source-plugin/ -[47]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[48]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[49]: http://www.eclipse.org/legal/epl-v10.html -[50]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[51]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[52]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[53]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[54]: http://zlika.github.io/reproducible-build-maven-plugin -[55]: http://maven.apache.org/plugins/maven-clean-plugin/ -[56]: http://maven.apache.org/plugins/maven-resources-plugin/ -[57]: http://maven.apache.org/plugins/maven-jar-plugin/ -[58]: http://maven.apache.org/plugins/maven-install-plugin/ -[59]: http://maven.apache.org/plugins/maven-site-plugin/ +[32]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[33]: http://maven.apache.org/plugins/maven-dependency-plugin/ +[34]: http://www.apache.org/licenses/LICENSE-2.0.txt +[35]: https://github.com/exasol/project-keeper/ +[36]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[37]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[38]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[39]: https://www.mojohaus.org/flatten-maven-plugin/ +[40]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[41]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[42]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[43]: https://basepom.github.io/duplicate-finder-maven-plugin +[44]: http://www.apache.org/licenses/LICENSE-2.0.html +[45]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[46]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[47]: https://maven.apache.org/plugins/maven-source-plugin/ +[48]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[49]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[50]: http://www.eclipse.org/legal/epl-v10.html +[51]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[52]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[53]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[54]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[55]: http://zlika.github.io/reproducible-build-maven-plugin diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index c404b40..6637ca7 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.12](changes_0.6.12.md) * [0.6.11](changes_0.6.11.md) * [0.6.10](changes_0.6.10.md) * [0.6.9](changes_0.6.9.md) diff --git a/doc/changes/changes_0.6.12.md b/doc/changes/changes_0.6.12.md new file mode 100644 index 0000000..2b7fbb4 --- /dev/null +++ b/doc/changes/changes_0.6.12.md @@ -0,0 +1,50 @@ +# Udf Debugging Java 0.6.12, released 2024-03-01 + +Code name: Fix CVE-2024-25710 and CVE-2024-26308 in compile dependency `org.apache.commons:commons-compress` + +## Summary + +This release fixes vulnerabilities CVE-2024-25710 and CVE-2024-26308 in compile dependency `org.apache.commons:commons-compress`. + +## Security + +* #63: Fixed CVE-2024-25710 and CVE-2024-26308 in compile dependency `org.apache.commons:commons-compress` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `com.exasol:bucketfs-java:3.1.0` to `3.1.2` +* Updated `jakarta.json:jakarta.json-api:2.1.2` to `2.1.3` +* Updated `org.apache.commons:commons-compress:1.24.0` to `1.26.0` +* Updated `org.jacoco:org.jacoco.core:0.8.10` to `0.8.11` +* Updated `org.slf4j:slf4j-jdk14:2.0.9` to `2.0.12` + +### Runtime Dependency Updates + +* Updated `org.eclipse.parsson:parsson:1.1.4` to `1.1.5` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:6.6.2` to `7.0.1` +* Updated `com.exasol:test-db-builder-java:3.5.0` to `3.5.3` +* Updated `org.jacoco:org.jacoco.agent:0.8.10` to `0.8.11` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.0` to `5.10.2` +* Updated `org.junit.jupiter:junit-jupiter-params:5.10.0` to `5.10.2` +* Updated `org.mockito:mockito-junit-jupiter:5.5.0` to `5.10.0` +* Updated `org.testcontainers:junit-jupiter:1.19.0` to `1.19.6` + +### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `2.0.0` +* Updated `com.exasol:project-keeper-maven-plugin:2.9.12` to `4.1.0` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.11.0` to `3.12.1` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.1.2` to `3.2.5` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.5.0` to `3.6.3` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.1.2` to `3.2.5` +* Added `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.5.0` to `1.6.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.2` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 4c5de41..2c847f9 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,12 +3,14 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.11 + 0.6.12 pom UTF-8 UTF-8 11 + exasol + https://sonarcloud.io true @@ -48,21 +50,46 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.9.1.2184 + 3.10.0.2594 + + + org.apache.maven.plugins + maven-toolchains-plugin + 3.1.0 + + + + toolchain + + + + + + + ${java.version} + + + org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.12.1 ${java.version} ${java.version} + true + + + -Xlint:all,-processing + + org.apache.maven.plugins maven-enforcer-plugin - 3.4.0 + 3.4.1 enforce-maven @@ -72,8 +99,11 @@ - [3.8.7,3.9.0) + 3.6.3 + + 17 + @@ -82,7 +112,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.5.0 + 1.6.0 true oss @@ -121,7 +151,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.1.2 + 3.2.5 @@ -132,7 +162,7 @@ org.codehaus.mojo versions-maven-plugin - 2.16.0 + 2.16.2 display-updates @@ -145,6 +175,17 @@ file:///${project.basedir}/versionsMavenPluginRules.xml + false + true + true + true + false + true + true + true + false + true + true @@ -219,7 +260,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.5.0 + 3.6.3 attach-javadocs @@ -234,6 +275,8 @@ true true true + true + ${java.version} @@ -260,10 +303,9 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.1.2 + 3.2.5 - + -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} ${test.excludeTags} @@ -281,7 +323,7 @@ org.jacoco jacoco-maven-plugin - 0.8.10 + 0.8.11 prepare-agent @@ -322,7 +364,7 @@ com.exasol error-code-crawler-maven-plugin - 1.3.0 + 2.0.0 verify diff --git a/pom.xml b/pom.xml index 95a8455..d92dcb6 100644 --- a/pom.xml +++ b/pom.xml @@ -2,24 +2,24 @@ 4.0.0 udf-debugging-java - 0.6.11 + 0.6.12 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ - 5.10.0 - 0.8.10 + 5.10.2 + 0.8.11 jakarta.json jakarta.json-api - 2.1.2 + 2.1.3 org.eclipse.parsson parsson - 1.1.4 + 1.1.5 runtime @@ -42,12 +42,12 @@ com.exasol bucketfs-java - 3.1.0 + 3.1.2 com.exasol exasol-test-setup-abstraction-java - 2.0.3 + 2.1.0 @@ -75,7 +75,7 @@ org.mockito mockito-junit-jupiter - 5.5.0 + 5.10.0 test @@ -88,19 +88,19 @@ com.exasol exasol-testcontainers - 6.6.2 + 7.0.1 test org.testcontainers junit-jupiter - 1.19.0 + 1.19.6 test com.exasol test-db-builder-java - 3.5.0 + 3.5.3 test @@ -113,7 +113,7 @@ org.slf4j slf4j-jdk14 - 2.0.9 + 2.0.12 @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 2.9.12 + 4.1.0 @@ -148,6 +148,18 @@ + + org.apache.maven.plugins + maven-compiler-plugin + + + + -Xlint:all,-path + -Werror + + + org.sonatype.ossindex.maven ossindex-maven-plugin @@ -157,10 +169,6 @@ CVE-2020-36641 is reported to be fixed in aXMLRPC 1.12.1. We use version 1.13.0, so this is a false positive. --> CVE-2020-36641 - - CVE-2023-4586 @@ -169,7 +177,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.11 + 0.6.12 pk_generated_parent.pom diff --git a/src/main/java/com/exasol/udfdebugging/modules/udflogs/LogRecorder.java b/src/main/java/com/exasol/udfdebugging/modules/udflogs/LogRecorder.java index d7d0363..01dee15 100644 --- a/src/main/java/com/exasol/udfdebugging/modules/udflogs/LogRecorder.java +++ b/src/main/java/com/exasol/udfdebugging/modules/udflogs/LogRecorder.java @@ -37,7 +37,7 @@ public LogRecorder(final Consumer logFileHandler) { } @Override - public void close() throws Exception { + public void close() throws IOException { this.server.close(); } diff --git a/src/test/java/com/exasol/udfdebugging/UdfTestSetupTest.java b/src/test/java/com/exasol/udfdebugging/UdfTestSetupTest.java index ff22f50..2090a56 100644 --- a/src/test/java/com/exasol/udfdebugging/UdfTestSetupTest.java +++ b/src/test/java/com/exasol/udfdebugging/UdfTestSetupTest.java @@ -76,6 +76,7 @@ void testCoverageEnabled() { } @Test + @SuppressWarnings("try") // Try-with-resources variable not used in try block void testUdfLogsEnabled() throws SQLException { final Statement statement = mock(Statement.class); when(this.connection.createStatement()).thenReturn(statement); @@ -102,4 +103,4 @@ void testDebuggingDisabled() { assertThat(jvmOptions, not(hasItem(EXPECTED_DEBUG_JVM_OPTION))); } } -} \ No newline at end of file +} diff --git a/src/test/java/com/exasol/udfdebugging/modules/jprofiler/JProfilerModuleTest.java b/src/test/java/com/exasol/udfdebugging/modules/jprofiler/JProfilerModuleTest.java index 261838c..0e33f13 100644 --- a/src/test/java/com/exasol/udfdebugging/modules/jprofiler/JProfilerModuleTest.java +++ b/src/test/java/com/exasol/udfdebugging/modules/jprofiler/JProfilerModuleTest.java @@ -24,6 +24,7 @@ static void beforeAll() { } @Test + @SuppressWarnings("try") // Try-with-resources variable not used in try block void testUpload() throws BucketAccessException, TimeoutException, FileNotFoundException { final Bucket bucket = mock(Bucket.class); try (final JProfilerModule jProfilerModule = new JProfilerModule(bucket)) { @@ -43,4 +44,4 @@ void testGetJvmOptions() { + "=port=11002")); } } -} \ No newline at end of file +} diff --git a/src/test/java/com/exasol/udfdebugging/modules/udflogs/LogRecorderTest.java b/src/test/java/com/exasol/udfdebugging/modules/udflogs/LogRecorderTest.java index f759e6e..f9dad16 100644 --- a/src/test/java/com/exasol/udfdebugging/modules/udflogs/LogRecorderTest.java +++ b/src/test/java/com/exasol/udfdebugging/modules/udflogs/LogRecorderTest.java @@ -1,6 +1,9 @@ package com.exasol.udfdebugging.modules.udflogs; import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.jupiter.api.Assertions.assertAll; import java.io.*; import java.net.Socket; @@ -9,7 +12,6 @@ import java.util.ArrayList; import java.util.List; -import org.hamcrest.Matchers; import org.junit.jupiter.api.Test; class LogRecorderTest { @@ -17,55 +19,50 @@ class LogRecorderTest { @Test void testLogsAreWrittenAsFile() throws Exception { final List logFiles = new ArrayList<>(); - final LogRecorder logRecorder = new LogRecorder(logFiles::add); - final StreamToLogger connection = new StreamToLogger(logRecorder.getPort()); - connection.write("test"); - assertThat(logFiles, Matchers.hasSize(1)); - assertThat(Files.readString(logFiles.get(0)), Matchers.equalTo("test")); - connection.close(); - logRecorder.close(); + try (final LogRecorder logRecorder = new LogRecorder(logFiles::add); + final StreamToLogger connection = new StreamToLogger(logRecorder.getPort());) { + connection.write("test"); + assertAll(() -> assertThat(logFiles, hasSize(1)), + () -> assertThat(Files.readString(logFiles.get(0)), equalTo("test"))); + } } @Test void testParallelStreams() throws Exception { final List logFiles = new ArrayList<>(); - final LogRecorder logRecorder = new LogRecorder(logFiles::add); - final StreamToLogger connection1 = new StreamToLogger(logRecorder.getPort()); - connection1.write("test"); - assertThat(logFiles, Matchers.hasSize(1)); - assertThat(Files.readString(logFiles.get(0)), Matchers.equalTo("test")); - final StreamToLogger connection2 = new StreamToLogger(logRecorder.getPort()); - connection2.write("other"); - assertThat(logFiles, Matchers.hasSize(2)); - assertThat(Files.readString(logFiles.get(1)), Matchers.equalTo("other")); - connection1.close(); - connection2.close(); - logRecorder.close(); + try (final LogRecorder logRecorder = new LogRecorder(logFiles::add); + final StreamToLogger connection1 = new StreamToLogger(logRecorder.getPort());) { + connection1.write("test"); + assertAll(() -> assertThat(logFiles, hasSize(1)), + () -> assertThat(Files.readString(logFiles.get(0)), equalTo("test"))); + try (final StreamToLogger connection2 = new StreamToLogger(logRecorder.getPort())) { + connection2.write("other"); + assertAll(() -> assertThat(logFiles, hasSize(2)), + () -> assertThat(Files.readString(logFiles.get(1)), equalTo("other"))); + } + } } private static class StreamToLogger implements Closeable { private final Socket socket; - private final OutputStream outputStream; private final PrintWriter writer; public StreamToLogger(final int port) throws IOException { this.socket = new Socket("localhost", port); - this.outputStream = this.socket.getOutputStream(); - this.writer = new PrintWriter(this.outputStream); + this.writer = new PrintWriter(this.socket.getOutputStream()); } @SuppressWarnings("java:S2925") // sleep is required public void write(final String message) throws InterruptedException { this.writer.write(message); this.writer.flush(); - Thread.sleep(100); + Thread.sleep(400); } @Override public void close() throws IOException { this.writer.close(); - this.outputStream.close(); this.socket.close(); } } -} \ No newline at end of file +} From 3b29bbc9bc803261245920c3c243c856fb0bf713 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com> Date: Tue, 9 Apr 2024 08:19:12 +0200 Subject: [PATCH 2/7] #65: Update dependencies (#66) --- .gitattributes | 21 +- .github/workflows/broken_links_checker.yml | 3 + .github/workflows/ci-build-next-java.yml | 6 + .github/workflows/ci-build.yml | 153 +++++++++--- .github/workflows/dependencies_check.yml | 78 ++++--- .github/workflows/dependencies_update.yml | 133 ++++++----- .github/workflows/release.yml | 219 ++++++++++++++++++ ...elease_droid_prepare_original_checksum.yml | 39 ---- .../release_droid_print_quick_checksum.yml | 26 --- ...release_droid_release_on_maven_central.yml | 35 --- ...ase_droid_upload_github_release_assets.yml | 47 ---- .project-keeper.yml | 6 +- dependencies.md | 6 +- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.13.md | 40 ++++ pk_generated_parent.pom | 17 +- pom.xml | 27 ++- release_config.yml | 4 - 18 files changed, 545 insertions(+), 316 deletions(-) create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/release_droid_prepare_original_checksum.yml delete mode 100644 .github/workflows/release_droid_print_quick_checksum.yml delete mode 100644 .github/workflows/release_droid_release_on_maven_central.yml delete mode 100644 .github/workflows/release_droid_upload_github_release_assets.yml create mode 100644 doc/changes/changes_0.6.13.md delete mode 100644 release_config.yml diff --git a/.gitattributes b/.gitattributes index 2429bb3..be0dddc 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,15 +1,12 @@ -dependencies.md linguist-generated=true -doc/changes/changelog.md linguist-generated=true -pk_generated_parent.pom linguist-generated=true -.github/workflows/broken_links_checker.yml linguist-generated=true -.github/workflows/ci-build.yml linguist-generated=true -.github/workflows/ci-build-next-java.yml linguist-generated=true -.github/workflows/dependencies_check.yml linguist-generated=true -.github/workflows/dependencies_update.yml linguist-generated=true -.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true -.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true -.github/workflows/release_droid_release_on_maven_central.yml linguist-generated=true -.github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true +dependencies.md linguist-generated=true +doc/changes/changelog.md linguist-generated=true +pk_generated_parent.pom linguist-generated=true +.github/workflows/broken_links_checker.yml linguist-generated=true +.github/workflows/ci-build.yml linguist-generated=true +.github/workflows/ci-build-next-java.yml linguist-generated=true +.github/workflows/dependencies_check.yml linguist-generated=true +.github/workflows/dependencies_update.yml linguist-generated=true +.github/workflows/release.yml linguist-generated=true .settings/org.eclipse.jdt.core.prefs linguist-generated=true .settings/org.eclipse.jdt.ui.prefs linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 0fbcad5..d7a38b4 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,9 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + defaults: + run: + shell: "bash" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml index e3acdb7..8886e10 100644 --- a/.github/workflows/ci-build-next-java.yml +++ b/.github/workflows/ci-build-next-java.yml @@ -10,6 +10,12 @@ on: jobs: java-17-compatibility: runs-on: ubuntu-latest + defaults: + run: + shell: "bash" + permissions: + contents: read + checks: write # Allow scacap/action-surefire-report concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 726cf2a..7b0fc70 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -1,78 +1,165 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-db-version-matrix.yml +# This file was generated by Project Keeper. name: CI Build on: push: - branches: - - main - pull_request: - + branches: [ + main + ] + + pull_request: null jobs: matrix-build: runs-on: ubuntu-20.04 - concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }} + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + checks: write + } + concurrency: { + group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}', cancel-in-progress: true + } strategy: fail-fast: false matrix: - exasol_db_version: ["8.25.0", "7.1.25"] - env: - DEFAULT_EXASOL_DB_VERSION: "8.25.0" + exasol_db_version: [ + 8.26.0, + 7.1.26 + ] + + env: { + DEFAULT_EXASOL_DB_VERSION: 8.26.0 + } steps: - name: Free Disk Space + id: free-disk-space if: ${{ false }} run: | sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet - name: Checkout the repository + id: checkout uses: actions/checkout@v4 - with: + with: { fetch-depth: 0 + } - name: Set up JDKs + id: setup-java uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" + cache: maven - name: Cache SonarCloud packages + id: cache-sonar uses: actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Enable testcontainer reuse + with: { + path: ~/.sonar/cache, + key: '${{ runner.os }}-sonar', + restore-keys: '${{ runner.os }}-sonar' + } + - { + name: Enable testcontainer reuse, + id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" + } - name: Run tests and build with Maven + id: build-pk-verify run: | mvn --batch-mode clean verify \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ -Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }} - env: - # Set additional environment variable as in scala projects the scalatest plugin does not forward - # the system property -Dcom.exasol.dockerdb.image to the test's implementation. - EXASOL_DB_VERSION: ${{ matrix.exasol_db_version }} - - name: Publish Test Report for Exasol ${{ matrix.exasol_db_version }} - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} + env: { + EXASOL_DB_VERSION: '${{ matrix.exasol_db_version }}' + } - name: Sonar analysis + id: sonar-analysis if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }} run: | mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ -Dsonar.token=$SONAR_TOKEN - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', + SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}' + } + - name: Verify Release Artifacts + id: verify-release-artifacts + run: "print_message() {\n local -r message=$1\n echo \"$message\"\n echo \"$message\" >> \"$GITHUB_STEP_SUMMARY\"\n}\n\nprint_message \"### Release Artifacts\"\n\nIFS=$'\\n' artifacts_array=($ARTIFACTS)\nmissing_files=()\nfor file in \"${artifacts_array[@]}\";\ndo \n echo \"Checking if file $file exists...\"\n if ! [[ -f \"$file\" ]]; then\n print_message \"* ⚠️ \\`$file\\` does not exist ⚠️\"\n echo \"Content of directory $(dirname \"$file\"):\"\n ls \"$(dirname \"$file\")\"\n missing_files+=(\"$file\")\n else\n print_message \"* \\`$file\\` ✅\" \n fi\ndone\nprint_message \"\"\nnumber_of_missing_files=${#missing_files[@]}\nif [[ $number_of_missing_files -gt 0 ]]; then\n print_message \"⚠️ $number_of_missing_files release artifact(s) missing ⚠️\"\n exit 1\nfi\n" + env: { + ARTIFACTS: '${{ steps.build-pk-verify.outputs.release-artifacts }}' + } + - name: Upload artifacts + id: upload-artifacts + uses: actions/upload-artifact@v4 + with: { + name: 'artifacts-exasol-${{ matrix.exasol_db_version }}', + path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', + retention-days: 5 + } build: needs: matrix-build runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: read + } + outputs: { + release-required: '${{ steps.check-release.outputs.release-required }}' + } steps: - - run: echo "Build successful" + - name: Checkout the repository + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDKs + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Check if release is needed + id: check-release + run: | + if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then + echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" + echo "release-required=true" >> "$GITHUB_OUTPUT" + else + echo "### 🛑 Not all release preconditions met, skipping release" >> "$GITHUB_STEP_SUMMARY" + echo "See log output for details." >> "$GITHUB_STEP_SUMMARY" + echo "release-required=false" >> "$GITHUB_OUTPUT" + fi + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + } + start_release: + needs: build + if: ${{ github.ref == 'refs/heads/main' && needs.build.outputs.release-required == 'true' }} + concurrency: { + cancel-in-progress: false, + group: release + } + secrets: inherit + permissions: { + contents: write, + actions: read, + issues: read + } + uses: ./.github/workflows/release.yml + with: { + started-from-ci: true + } diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 6926e55..9c2365c 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,64 +1,80 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml +# This file was generated by Project Keeper. name: Report Security Issues on: - workflow_dispatch: + workflow_dispatch: null schedule: - - cron: "0 2 * * *" - + - { + cron: 0 2 * * * + } jobs: report_security_issues: runs-on: ubuntu-latest - permissions: - contents: read + defaults: + run: { + shell: bash + } + permissions: { + contents: read, issues: write - outputs: - created-issues: ${{ steps.security-issues.outputs.created-issues }} + } + outputs: { + created-issues: '${{ steps.security-issues.outputs.created-issues }}' + } + concurrency: { + group: '${{ github.workflow }}-report_security_issues', + cancel-in-progress: true + } steps: - - uses: actions/checkout@v4 - + - { + name: Checkout, + id: checkout, + uses: actions/checkout@v4 + } - name: Set up JDKs + id: setup-jdks uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" - + cache: maven - name: Generate ossindex report + id: ossindex-report run: | mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ -Dossindex.reportFile=$(pwd)/ossindex-report.json \ -Dossindex.fail=false - - name: Report Security Issues id: security-issues uses: exasol/python-toolbox/.github/actions/security-issues@main - with: - format: "maven" - command: "cat ossindex-report.json" - github-token: ${{ secrets.GITHUB_TOKEN }} - + with: { + format: maven, + command: cat ossindex-report.json, + github-token: '${{ secrets.GITHUB_TOKEN }}' + } - name: Output security issues (Debugging) + id: debug-print-security-issues run: | echo "$CREATED_ISSUES" > test.jsonl cat test.jsonl - env: - CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }} - + env: { + CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}' + } start_dependency_udpate: needs: report_security_issues if: ${{ needs.report_security_issues.outputs.created-issues }} - concurrency: - cancel-in-progress: true - group: "dependency_update" - # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK + concurrency: { + group: '${{ github.workflow }}-start_dependency_update', + cancel-in-progress: false + } secrets: inherit - permissions: - contents: write + permissions: { + contents: write, pull-requests: write + } uses: ./.github/workflows/dependencies_update.yml - with: - vulnerability_issues: ${{ needs.report_security_issues.outputs.created-issues }} + with: { + vulnerability_issues: '${{ needs.report_security_issues.outputs.created-issues }}' + } diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index 58222ba..9f536ee 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -1,70 +1,76 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml +# This file was generated by Project Keeper. name: Update dependencies on: workflow_call: inputs: - vulnerability_issues: - description: "GitHub issues for vulnerable dependencies as JSONL" - required: true + vulnerability_issues: { + description: GitHub issues for vulnerable dependencies as JSONL, + required: true, type: string - workflow_dispatch: - + } + workflow_dispatch: null jobs: update_dependencies: runs-on: ubuntu-latest - permissions: - contents: write + defaults: + run: { + shell: bash + } + permissions: { + contents: write, pull-requests: write - + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } steps: - uses: actions/checkout@v4 - with: + id: checkout + with: { fetch-depth: 0 - + } - name: Set up JDKs + id: setup-jdks uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" - + cache: maven - name: Print issues + id: debug-print-issues run: | echo "Issues from Action input: $ISSUES" - env: - ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Fail if not running on a branch + id: check-branch if: ${{ !startsWith(github.ref, 'refs/heads/') }} uses: actions/github-script@v7 with: script: | core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch') - - name: Update dependencies + id: update-dependencies run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \ -Dproject-keeper:vulnerabilities="$CREATED_ISSUES" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Project Keeper Fix + id: project-keeper-fix run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Project Keeper Fix for updated Project Keeper version - # Calling PK fix a second time is necessary because the first invocation potentially updated PK itself. - # So we need to run PK fix again with the latest PK version. - # [impl->dsn~dependency-updater.workflow.start-pk-fix~1] + id: project-keeper-fix-2 run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Generate Pull Request comment id: pr-comment - # [impl->dsn~dependency-updater.workflow.pull-request-trigger-ci-build~1] run: | echo 'comment<> "$GITHUB_OUTPUT" echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT" @@ -81,9 +87,9 @@ jobs: echo 'EOF' >> "$GITHUB_OUTPUT" cat "$GITHUB_OUTPUT" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Generate Pull Request Title id: pr-title run: | @@ -96,22 +102,23 @@ jobs: fi cat "$GITHUB_OUTPUT" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Configure git + id: configure-git run: | git config --global user.email "opensource@exasol.com" git config --global user.name "Automatic Dependency Updater" - - name: Create branch + id: create-branch if: ${{ github.ref == 'refs/heads/main' }} run: | branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")" echo "Creating branch $branch_name" git checkout -b "$branch_name" - - name: Commit changes & push + id: publish-branch if: ${{ startsWith(github.ref, 'refs/heads/' ) }} run: | branch_name=$(git rev-parse --abbrev-ref HEAD) @@ -129,9 +136,9 @@ jobs: echo "Pushing branch $branch_name..." git push --set-upstream origin "$branch_name" echo "Done." - env: - TITLE: ${{ steps.pr-title.outputs.title }} - + env: { + TITLE: '${{ steps.pr-title.outputs.title }}' + } - name: Create pull request id: create-pr if: ${{ github.ref == 'refs/heads/main' }} @@ -139,31 +146,35 @@ jobs: pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT") echo "Created Pull Request: $pr_url" echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT" - env: - COMMENT: ${{ steps.pr-comment.outputs.comment }} - TITLE: ${{ steps.pr-title.outputs.title }} - GH_TOKEN: ${{ github.token }} - + env: { + COMMENT: '${{ steps.pr-comment.outputs.comment }}', + TITLE: '${{ steps.pr-title.outputs.title }}', + GH_TOKEN: '${{ github.token }}' + } - name: Report failure Status to Slack channel - # Also run this step in case of failures + id: report-failure-slack if: ${{ always() }} uses: ravsamhq/notify-slack-action@v2 - with: - status: ${{ job.status }} - token: ${{ secrets.GITHUB_TOKEN }} - notification_title: "Dependency check in {repo} has {status_message}" - message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>" - notify_when: "failure,cancelled,warnings" - env: - SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} - + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency check in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } - name: Report new Pull Request to Slack channel + id: report-pr-slack if: ${{ steps.create-pr.outputs.pr_url }} uses: ravsamhq/notify-slack-action@v2 - with: - status: ${{ job.status }} - token: ${{ secrets.GITHUB_TOKEN }} - notification_title: "Dependency update for {repo} created a Pull Request" - message_format: "{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}" - env: - SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency update for {repo} created a Pull Request', + message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..5be64c8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,219 @@ +# This file was generated by Project Keeper. +name: Release +on: + workflow_call: + inputs: + started-from-ci: { + description: 'Marks this release as started from CI, skipping precondition check', + type: boolean, + required: true, + default: false + } + workflow_dispatch: + inputs: + skip-maven-central: { + description: Skip deployment to Maven Central, + required: true, + type: boolean, + default: false + } + skip-github-release: { + description: Skip creating the GitHub release, + required: true, + type: boolean, + default: false + } +jobs: + release: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + permissions: { + contents: write, + actions: read, + issues: read + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up Maven Central Repository + id: configure-maven-central-credentials + if: ${{ true }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Set up JDKs + id: setup-jdks + if: ${{ ! true }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Fail if not running on main branch + id: check-main-branch + if: ${{ github.ref != 'refs/heads/main' }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main') + - name: Check CI build of this commit succeeded + id: check-ci-build-status + if: ${{ ! inputs.started-from-ci }} + run: | + echo "Commit SHA: $COMMIT_SHA" + gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA + ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}') + echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'" + if [[ "$ci_build_status" != "success" ]]; then + gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY + echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY + cat $GITHUB_STEP_SUMMARY + exit 1 + fi + env: { + COMMIT_SHA: '${{ github.sha }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Verify release preconditions + id: verify-release + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects . + echo "$GITHUB_OUTPUT" + env: { + GITHUB_TOKEN: '${{ github.token }}' + } + - { + name: Build project, + id: build, + run: mvn --batch-mode -DskipTests clean verify + } + - { + name: List secret GPG keys, + id: list-secret-gpg-keys, + if: '${{ true && (! inputs.skip-maven-central) }}', + run: gpg --list-secret-keys + } + - name: Publish to Central Repository + id: deploy-maven-central + if: ${{ true && (! inputs.skip-maven-central) }} + run: | + echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY" + mvn --batch-mode -Dgpg.skip=false -DskipTests deploy + echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + env: { + MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}', + MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}', + MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}' + } + - name: Calculate Artifact Checksums + id: artifact-checksum + if: ${{ ! inputs.skip-github-release }} + run: | + echo "Calculating sha256 checksum for artifact files" + echo "artifacts<> "$GITHUB_OUTPUT" + IFS=$'\n' artifacts_array=($ARTIFACTS) + for file in "${artifacts_array[@]}"; + do + full_path=$(realpath "$file") + echo "Calculate sha256sum for file '$full_path'" + file_dir="$(dirname "$full_path")" + file_name=$(basename "$full_path") + pushd "$file_dir" + checksum_file_name="${file_name}.sha256" + sha256sum "$file_name" > "$checksum_file_name" + echo "$full_path" >> "$GITHUB_OUTPUT" + echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT" + popd + done + echo "EOF" >> "$GITHUB_OUTPUT" + echo "Full artifact file list" + cat "$GITHUB_OUTPUT" + env: { + ARTIFACTS: '${{ steps.verify-release.outputs.release-artifacts }}' + } + - name: Create GitHub Release + id: create-github-release + if: ${{ ! inputs.skip-github-release }} + run: | + echo "### GitHub Release" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' artifacts_array=($ARTIFACTS) + echo "#### Attaching Release Artifacts" >> "$GITHUB_STEP_SUMMARY" + for file in "${artifacts_array[@]}"; + do + echo "Attaching artifact '$file'" + echo "* \`$file\`" >> "$GITHUB_STEP_SUMMARY" + done + echo "" >> "$GITHUB_STEP_SUMMARY" + release_url=$(gh release create --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}") + echo "Created release $TAG with title '$TITLE' at $release_url ✅" >> "$GITHUB_STEP_SUMMARY" + echo "release-url=$release_url" >> "$GITHUB_OUTPUT" + + # [impl->dsn~release-workflow.create-golang-tags~1] + echo "#### Creating Additional Tags" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' tags_array=($ADDITIONAL_TAGS) + for tag in "${tags_array[@]}"; + do + echo "Creating tag '$tag'" + git tag "$tag" + git push origin "$tag" + echo "* \`$tag\`" >> "$GITHUB_STEP_SUMMARY" + done + + git fetch --tags origin + env: { + GH_TOKEN: '${{ github.token }}', + TAG: '${{ steps.verify-release.outputs.release-tag }}', + ADDITIONAL_TAGS: '${{ steps.verify-release.outputs.additional-release-tags }}', + NOTES: '${{ steps.verify-release.outputs.release-notes }}', + TITLE: '${{ steps.verify-release.outputs.release-title }}', + ARTIFACTS: '${{ steps.artifact-checksum.outputs.artifacts }}' + } + - name: Report failure Status to Slack channel + id: report-failure-status-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings,skipped' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new release to Slack channel + id: report-new-release-slack + if: ${{ steps.create-github-release.outputs.release-url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build for {repo} created a new release', + message_format: '{workflow} created release ${{ steps.create-github-release.outputs.release-url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml deleted file mode 100644 index 2ff28b3..0000000 --- a/.github/workflows/release_droid_prepare_original_checksum.yml +++ /dev/null @@ -1,39 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_prepare_original_checksum.yml -name: Release Droid - Prepare Original Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-20.04 - steps: - - name: Free Disk Space - if: ${{ false }} - run: | - sudo rm -rf /usr/local/lib/android - sudo rm -rf /usr/share/dotnet - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Enable testcontainer reuse - run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" - - name: Run tests and build with Maven - run: mvn --batch-mode clean verify --file pom.xml - - name: Prepare checksum - run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum - - name: Upload checksum to the artifactory - uses: actions/upload-artifact@v4 - with: - name: original_checksum - retention-days: 5 - path: original_checksum diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml deleted file mode 100644 index 86979cd..0000000 --- a/.github/workflows/release_droid_print_quick_checksum.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_print_quick_checksum.yml -name: Release Droid - Print Quick Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Print checksum - run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end' diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml deleted file mode 100644 index 0a5ee04..0000000 --- a/.github/workflows/release_droid_release_on_maven_central.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_release_on_maven_central.yml -name: Release Droid - Release On Maven Central -on: - workflow_dispatch: - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Maven Central Repository - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - name: List secret GPG keys - run: gpg --list-secret-keys - - name: Publish to Central Repository - run: mvn --batch-mode -Dgpg.skip=false -DskipTests clean deploy - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml deleted file mode 100644 index b19f7cf..0000000 --- a/.github/workflows/release_droid_upload_github_release_assets.yml +++ /dev/null @@ -1,47 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_upload_github_release_assets.yml -name: Release Droid - Upload GitHub Release Assets -on: - workflow_dispatch: - inputs: - upload_url: - description: "Assets upload URL" - required: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Generate sha256sum files - run: | - cd target - find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \; - - name: Upload assets to the GitHub release draft - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.jar - - name: Upload sha256sum files - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.sha256 - - name: Upload error-code-report - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/error_code_report.json diff --git a/.project-keeper.yml b/.project-keeper.yml index b7df6c5..8531de6 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -9,5 +9,7 @@ linkReplacements: build: runnerOs: ubuntu-20.04 exasolDbVersions: - - "8.25.0" - - "7.1.25" + - "8.26.0" + - "7.1.26" +excludes: + - "E-PK-CORE-17: Missing required file: 'release_config.yml'" diff --git a/dependencies.md b/dependencies.md index f73ddbe..b14126d 100644 --- a/dependencies.md +++ b/dependencies.md @@ -7,7 +7,7 @@ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------ | | [Jakarta JSON Processing API][0] | [Eclipse Public License 2.0][1]; [GNU General Public License, version 2 with the GNU Classpath Exception][2] | | [error-reporting-java][3] | [MIT License][4] | -| [JaCoCo :: Core][5] | [Eclipse Public License 2.0][6] | +| [JaCoCo :: Core][5] | [EPL-2.0][6] | | [BucketFS Java][7] | [MIT License][8] | | [exasol-test-setup-abstraction-java][9] | [MIT License][10] | | [Apache Commons Compress][11] | [Apache-2.0][12] | @@ -17,7 +17,7 @@ | Dependency | License | | ----------------------------------------------- | --------------------------------- | -| [JaCoCo :: Agent][5] | [Eclipse Public License 2.0][6] | +| [JaCoCo :: Agent][5] | [EPL-2.0][6] | | [JUnit Jupiter Engine][15] | [Eclipse Public License v2.0][16] | | [JUnit Jupiter Params][15] | [Eclipse Public License v2.0][16] | | [mockito-junit-jupiter][17] | [MIT][18] | @@ -54,7 +54,7 @@ | [Apache Maven Javadoc Plugin][48] | [Apache-2.0][12] | | [Nexus Staging Maven Plugin][49] | [Eclipse Public License][50] | | [Maven Failsafe Plugin][51] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][52] | [Eclipse Public License 2.0][6] | +| [JaCoCo :: Maven Plugin][52] | [EPL-2.0][6] | | [error-code-crawler-maven-plugin][53] | [MIT License][54] | | [Reproducible Build Maven Plugin][55] | [Apache 2.0][34] | diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 6637ca7..106aecf 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.13](changes_0.6.13.md) * [0.6.12](changes_0.6.12.md) * [0.6.11](changes_0.6.11.md) * [0.6.10](changes_0.6.10.md) diff --git a/doc/changes/changes_0.6.13.md b/doc/changes/changes_0.6.13.md new file mode 100644 index 0000000..3bb0cfa --- /dev/null +++ b/doc/changes/changes_0.6.13.md @@ -0,0 +1,40 @@ +# Udf Debugging Java 0.6.13, released 2024-04-09 + +Code name: Fixes CVE-2024-29025 in io.netty:netty-codec-http:jar:4.1.100.Final:provided + +## Summary + +This release fixes vulnerability CVE-2024-29025 in `io.netty:netty-codec-http:jar:4.1.100.Final:provided`. + +**Excluded vulnerability** This release contains vulnerability CVE-2017-10355 in `fr.turri:aXMLRPC` for connecting to ExaOperation during tests. We accept this vulnerability (CWE-833: Deadlock) as we assume that we only connect to the known endpoint ExaOperations. + +## Security + +* #65: Fixed CVE-2024-29025 in `io.netty:netty-codec-http:jar:4.1.100.Final:provided` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `org.apache.commons:commons-compress:1.26.0` to `1.26.1` +* Updated `org.jacoco:org.jacoco.core:0.8.11` to `0.8.12` + +### Runtime Dependency Updates + +* Updated `org.eclipse.parsson:parsson:1.1.5` to `1.1.6` + +### Test Dependency Updates + +* Updated `com.exasol:test-db-builder-java:3.5.3` to `3.5.4` +* Updated `org.jacoco:org.jacoco.agent:0.8.11` to `0.8.12` +* Updated `org.mockito:mockito-junit-jupiter:5.10.0` to `5.11.0` +* Updated `org.testcontainers:junit-jupiter:1.19.6` to `1.19.7` + +### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.0` to `2.0.2` +* Updated `com.exasol:project-keeper-maven-plugin:4.1.0` to `4.3.0` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.12.1` to `3.13.0` +* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.1.0` to `3.2.2` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 2c847f9..fea4b89 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.12 + 0.6.13 pom UTF-8 @@ -50,7 +50,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.10.0.2594 + 3.11.0.3922 org.apache.maven.plugins @@ -74,15 +74,14 @@ org.apache.maven.plugins maven-compiler-plugin - 3.12.1 + 3.13.0 ${java.version} ${java.version} true - - -Xlint:all,-processing - + -Xlint:all + -Werror @@ -224,7 +223,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.1.0 + 3.2.2 sign-artifacts @@ -323,7 +322,7 @@ org.jacoco jacoco-maven-plugin - 0.8.11 + 0.8.12 prepare-agent @@ -364,7 +363,7 @@ com.exasol error-code-crawler-maven-plugin - 2.0.0 + 2.0.2 verify diff --git a/pom.xml b/pom.xml index d92dcb6..62d0b00 100644 --- a/pom.xml +++ b/pom.xml @@ -2,13 +2,13 @@ 4.0.0 udf-debugging-java - 0.6.12 + 0.6.13 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ 5.10.2 - 0.8.11 + 0.8.12 @@ -19,7 +19,7 @@ org.eclipse.parsson parsson - 1.1.5 + 1.1.6 runtime @@ -47,7 +47,7 @@ com.exasol exasol-test-setup-abstraction-java - 2.1.0 + 2.1.2 @@ -75,7 +75,7 @@ org.mockito mockito-junit-jupiter - 5.10.0 + 5.11.0 test @@ -94,13 +94,13 @@ org.testcontainers junit-jupiter - 1.19.6 + 1.19.7 test com.exasol test-db-builder-java - 3.5.3 + 3.5.4 test @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 4.1.0 + 4.3.0 @@ -165,10 +165,9 @@ ossindex-maven-plugin - - CVE-2020-36641 + + CVE-2017-10355 @@ -177,7 +176,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.12 + 0.6.13 pk_generated_parent.pom diff --git a/release_config.yml b/release_config.yml deleted file mode 100644 index 473c219..0000000 --- a/release_config.yml +++ /dev/null @@ -1,4 +0,0 @@ -release-platforms: - - GitHub - - Maven -language: Java From 8153cef68b45694d23899cf6d11f9b3d5dc4e3dd Mon Sep 17 00:00:00 2001 From: YotillaAntoni <92581297+YotillaAntoni@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:33:17 +0100 Subject: [PATCH 3/7] Fix CVE-2024-47535: io.netty:netty-common:jar:4.1.108.Final:runtime (#68) * generate new version. update keeper * update versions * added feedback: explicitly state that is a transitive production dependency * added feedback: explicitly state that is a transitive production dependency * fixed release date --- .github/workflows/broken_links_checker.yml | 2 + .github/workflows/ci-build-next-java.yml | 52 +++++------ .github/workflows/ci-build.yml | 7 +- .github/workflows/dependencies_check.yml | 2 +- .github/workflows/dependencies_update.yml | 16 ++-- .github/workflows/release.yml | 4 +- .settings/org.eclipse.jdt.core.prefs | 28 ++++-- .settings/org.eclipse.jdt.ui.prefs | 6 ++ dependencies.md | 103 ++++++++++++--------- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.14.md | 54 +++++++++++ pk_generated_parent.pom | 63 ++++++++++--- pom.xml | 30 +++--- 13 files changed, 237 insertions(+), 131 deletions(-) create mode 100644 doc/changes/changes_0.6.14.md diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index d7a38b4..39612b7 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,8 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: shell: "bash" diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml index 8886e10..712a7cb 100644 --- a/.github/workflows/ci-build-next-java.yml +++ b/.github/workflows/ci-build-next-java.yml @@ -1,43 +1,39 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-next-java.yml +# This file was generated by Project Keeper. name: CI Build next Java on: push: - branches: - - main - pull_request: - + branches: [ + main + ] + + pull_request: null jobs: - java-17-compatibility: + next-java-compatibility: runs-on: ubuntu-latest defaults: - run: - shell: "bash" - permissions: + run: { + shell: bash + } + permissions: { contents: read - checks: write # Allow scacap/action-surefire-report - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + } + concurrency: { + group: '${{ github.workflow }}-${{ github.ref }}', cancel-in-progress: true + } steps: - name: Checkout the repository uses: actions/checkout@v4 - with: + with: { fetch-depth: 0 + } - name: Set up JDK 17 uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: 17 - cache: "maven" - - name: Run tests and build with Maven + with: { + distribution: temurin, + java-version: '17', + cache: maven + } + - name: Run tests and build with Maven 17 run: | - mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \ - -Djava.version=17 \ - -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - - name: Publish Test Report for Java 17 - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - fail_if_no_tests: false + mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 7b0fc70..05a0e2c 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -15,8 +15,7 @@ jobs: shell: bash } permissions: { - contents: read, - checks: write + contents: read } concurrency: { group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}', @@ -51,7 +50,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -128,7 +127,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 9c2365c..02c5aa0 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -35,7 +35,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index 9f536ee..c901506 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -35,7 +35,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -61,14 +61,6 @@ jobs: env: { CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' } - - name: Project Keeper Fix - id: project-keeper-fix - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Project Keeper Fix for updated Project Keeper version - id: project-keeper-fix-2 - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - name: Generate Pull Request comment id: pr-comment run: | @@ -81,7 +73,11 @@ jobs: echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" fi echo >> "$GITHUB_OUTPUT" - echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT" + echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT" + echo '## Run PK fix manually' >> "$GITHUB_OUTPUT" + echo 'Due to restrictions workflow `dependencies_update.yml` cannot update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT" + echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT" + echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT" echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" echo 'EOF' >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5be64c8..e4682a3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,7 +52,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -67,7 +67,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index bb40c3f..43365b0 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -1,15 +1,19 @@ eclipse.preferences.version=1 +org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore -org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull +org.eclipse.jdt.core.compiler.annotation.nonnull=javax.annotation.Nonnull org.eclipse.jdt.core.compiler.annotation.nonnull.secondary= -org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault +org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=javax.annotation.ParametersAreNonnullByDefault org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary= -org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable +org.eclipse.jdt.core.compiler.annotation.notowning=org.eclipse.jdt.annotation.NotOwning +org.eclipse.jdt.core.compiler.annotation.nullable=javax.annotation.Nullable org.eclipse.jdt.core.compiler.annotation.nullable.secondary= -org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled +org.eclipse.jdt.core.compiler.annotation.nullanalysis=enabled +org.eclipse.jdt.core.compiler.annotation.owning=org.eclipse.jdt.annotation.Owning +org.eclipse.jdt.core.compiler.annotation.resourceanalysis=disabled org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate +org.eclipse.jdt.core.compiler.codegen.methodParameters=generate org.eclipse.jdt.core.compiler.codegen.targetPlatform=11 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve org.eclipse.jdt.core.compiler.compliance=11 @@ -17,6 +21,7 @@ org.eclipse.jdt.core.compiler.debug.lineNumber=generate org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate org.eclipse.jdt.core.compiler.problem.APILeak=warning +org.eclipse.jdt.core.compiler.problem.annotatedTypeArgumentToUnannotated=info org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.autoboxing=ignore @@ -39,8 +44,10 @@ org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning org.eclipse.jdt.core.compiler.problem.includeNullInfoFromAsserts=disabled org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning +org.eclipse.jdt.core.compiler.problem.incompatibleOwningContract=warning org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=warning org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore +org.eclipse.jdt.core.compiler.problem.insufficientResourceAnalysis=warning org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning org.eclipse.jdt.core.compiler.problem.missingDefaultCase=ignore @@ -56,15 +63,15 @@ org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning -org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error +org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=warning org.eclipse.jdt.core.compiler.problem.nullReference=warning -org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error -org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning +org.eclipse.jdt.core.compiler.problem.nullSpecViolation=warning +org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=ignore org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore -org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore +org.eclipse.jdt.core.compiler.problem.potentialNullReference=warning org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=ignore org.eclipse.jdt.core.compiler.problem.rawTypeReference=warning org.eclipse.jdt.core.compiler.problem.redundantNullAnnotation=warning @@ -78,7 +85,8 @@ org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled -org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled +org.eclipse.jdt.core.compiler.problem.suppressWarningsNotFullyAnalysed=info +org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=enabled org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning diff --git a/.settings/org.eclipse.jdt.ui.prefs b/.settings/org.eclipse.jdt.ui.prefs index 1add06a..54d02ac 100644 --- a/.settings/org.eclipse.jdt.ui.prefs +++ b/.settings/org.eclipse.jdt.ui.prefs @@ -76,6 +76,7 @@ sp_cleanup.add_missing_nls_tags=false sp_cleanup.add_missing_override_annotations=true sp_cleanup.add_missing_override_annotations_interface_methods=true sp_cleanup.add_serial_version_id=false +sp_cleanup.also_simplify_lambda=false sp_cleanup.always_use_blocks=true sp_cleanup.always_use_parentheses_in_expressions=true sp_cleanup.always_use_this_for_non_static_field_access=true @@ -130,6 +131,7 @@ sp_cleanup.one_if_rather_than_duplicate_blocks_that_fall_through=false sp_cleanup.operand_factorization=false sp_cleanup.organize_imports=true sp_cleanup.overridden_assignment=false +sp_cleanup.overridden_assignment_move_decl=false sp_cleanup.plain_replacement=false sp_cleanup.precompile_regex=false sp_cleanup.primitive_comparison=false @@ -159,10 +161,12 @@ sp_cleanup.remove_unnecessary_casts=true sp_cleanup.remove_unnecessary_nls_tags=true sp_cleanup.remove_unused_imports=true sp_cleanup.remove_unused_local_variables=false +sp_cleanup.remove_unused_method_parameters=false sp_cleanup.remove_unused_private_fields=true sp_cleanup.remove_unused_private_members=false sp_cleanup.remove_unused_private_methods=true sp_cleanup.remove_unused_private_types=true +sp_cleanup.replace_deprecated_calls=false sp_cleanup.return_expression=false sp_cleanup.simplify_lambda_expression_and_method_ref=false sp_cleanup.single_used_field=false @@ -174,6 +178,8 @@ sp_cleanup.strictly_equal_or_different=false sp_cleanup.stringbuffer_to_stringbuilder=false sp_cleanup.stringbuilder=false sp_cleanup.stringbuilder_for_local_vars=false +sp_cleanup.stringconcat_stringbuffer_stringbuilder=false +sp_cleanup.stringconcat_to_textblock=false sp_cleanup.substring=false sp_cleanup.switch=false sp_cleanup.system_property=false diff --git a/dependencies.md b/dependencies.md index b14126d..af7d03f 100644 --- a/dependencies.md +++ b/dependencies.md @@ -37,26 +37,31 @@ | Dependency | License | | ------------------------------------------------------- | ---------------------------------------------- | -| [SonarQube Scanner for Maven][30] | [GNU LGPL 3][31] | -| [Apache Maven Toolchains Plugin][32] | [Apache License, Version 2.0][12] | -| [Maven Dependency Plugin][33] | [The Apache Software License, Version 2.0][34] | -| [Project Keeper Maven plugin][35] | [The MIT License][36] | -| [Apache Maven Compiler Plugin][37] | [Apache-2.0][12] | -| [Apache Maven Enforcer Plugin][38] | [Apache-2.0][12] | -| [Maven Flatten Plugin][39] | [Apache Software Licenese][12] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][40] | [ASL2][34] | -| [Maven Surefire Plugin][41] | [Apache-2.0][12] | -| [Versions Maven Plugin][42] | [Apache License, Version 2.0][12] | -| [duplicate-finder-maven-plugin Maven Mojo][43] | [Apache License 2.0][44] | -| [Apache Maven Deploy Plugin][45] | [Apache-2.0][12] | -| [Apache Maven GPG Plugin][46] | [Apache-2.0][12] | -| [Apache Maven Source Plugin][47] | [Apache License, Version 2.0][12] | -| [Apache Maven Javadoc Plugin][48] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][49] | [Eclipse Public License][50] | -| [Maven Failsafe Plugin][51] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][52] | [EPL-2.0][6] | -| [error-code-crawler-maven-plugin][53] | [MIT License][54] | -| [Reproducible Build Maven Plugin][55] | [Apache 2.0][34] | +| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | +| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | +| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | +| [Apache Maven Site Plugin][33] | [Apache License, Version 2.0][12] | +| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | +| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | +| [Maven Dependency Plugin][37] | [The Apache Software License, Version 2.0][38] | +| [Project Keeper Maven plugin][39] | [The MIT License][40] | +| [Apache Maven Compiler Plugin][41] | [Apache-2.0][12] | +| [Apache Maven Enforcer Plugin][42] | [Apache-2.0][12] | +| [Maven Flatten Plugin][43] | [Apache Software Licenese][12] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][44] | [ASL2][38] | +| [Maven Surefire Plugin][45] | [Apache-2.0][12] | +| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | +| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | +| [Apache Maven Deploy Plugin][49] | [Apache-2.0][12] | +| [Apache Maven GPG Plugin][50] | [Apache-2.0][12] | +| [Apache Maven Source Plugin][51] | [Apache License, Version 2.0][12] | +| [Apache Maven Javadoc Plugin][52] | [Apache-2.0][12] | +| [Nexus Staging Maven Plugin][53] | [Eclipse Public License][54] | +| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | +| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | +| [error-code-crawler-maven-plugin][59] | [MIT License][60] | +| [Reproducible Build Maven Plugin][61] | [Apache 2.0][38] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -88,29 +93,35 @@ [27]: https://github.com/itsallcode/junit5-system-extensions [28]: http://www.eclipse.org/legal/epl-v20.html [29]: https://github.com/eclipse-ee4j/parsson -[30]: http://sonarsource.github.io/sonar-scanner-maven/ -[31]: http://www.gnu.org/licenses/lgpl.txt -[32]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[33]: http://maven.apache.org/plugins/maven-dependency-plugin/ -[34]: http://www.apache.org/licenses/LICENSE-2.0.txt -[35]: https://github.com/exasol/project-keeper/ -[36]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[37]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[38]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[39]: https://www.mojohaus.org/flatten-maven-plugin/ -[40]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[41]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[42]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[43]: https://basepom.github.io/duplicate-finder-maven-plugin -[44]: http://www.apache.org/licenses/LICENSE-2.0.html -[45]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[46]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[47]: https://maven.apache.org/plugins/maven-source-plugin/ -[48]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[49]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[50]: http://www.eclipse.org/legal/epl-v10.html -[51]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[52]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[53]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[54]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[55]: http://zlika.github.io/reproducible-build-maven-plugin +[30]: https://maven.apache.org/plugins/maven-clean-plugin/ +[31]: https://maven.apache.org/plugins/maven-install-plugin/ +[32]: https://maven.apache.org/plugins/maven-resources-plugin/ +[33]: https://maven.apache.org/plugins/maven-site-plugin/ +[34]: http://sonarsource.github.io/sonar-scanner-maven/ +[35]: http://www.gnu.org/licenses/lgpl.txt +[36]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[37]: http://maven.apache.org/plugins/maven-dependency-plugin/ +[38]: http://www.apache.org/licenses/LICENSE-2.0.txt +[39]: https://github.com/exasol/project-keeper/ +[40]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[41]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[42]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[43]: https://www.mojohaus.org/flatten-maven-plugin/ +[44]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[45]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[46]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[47]: https://basepom.github.io/duplicate-finder-maven-plugin +[48]: http://www.apache.org/licenses/LICENSE-2.0.html +[49]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[50]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[51]: https://maven.apache.org/plugins/maven-source-plugin/ +[52]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[53]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[54]: http://www.eclipse.org/legal/epl-v10.html +[55]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[56]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[57]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[58]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[59]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[60]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[61]: http://zlika.github.io/reproducible-build-maven-plugin diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 106aecf..616e9f0 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.14](changes_0.6.14.md) * [0.6.13](changes_0.6.13.md) * [0.6.12](changes_0.6.12.md) * [0.6.11](changes_0.6.11.md) diff --git a/doc/changes/changes_0.6.14.md b/doc/changes/changes_0.6.14.md new file mode 100644 index 0000000..124e9a2 --- /dev/null +++ b/doc/changes/changes_0.6.14.md @@ -0,0 +1,54 @@ +# Udf Debugging Java 0.6.14, released 2024-11-19 + +Code name: Fix CVE-2024-47535: io.netty:netty-common:jar:4.1.108.Final:provided + +## Summary + +This release fixes CVE-2024-47535 in transitive production dependency `io.netty:netty-common:jar:4.1.108.Final:provided` added by `com.exasol:exasol-test-setup-abstraction-java`. + +## Security + +* #67: Fixed CVE-2024-47535 in `io.netty:netty-common:jar:4.1.108.Final:provided` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `com.exasol:bucketfs-java:3.1.2` to `3.2.0` +* Updated `org.apache.commons:commons-compress:1.26.1` to `1.27.1` +* Updated `org.slf4j:slf4j-jdk14:2.0.12` to `2.0.16` + +### Runtime Dependency Updates + +* Updated `org.eclipse.parsson:parsson:1.1.6` to `1.1.7` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.0.1` to `7.1.1` +* Updated `com.exasol:test-db-builder-java:3.5.4` to `3.6.0` +* Updated `org.itsallcode:junit5-system-extensions:1.2.0` to `1.2.2` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.3` +* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.3` +* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.14.2` +* Updated `org.testcontainers:junit-jupiter:1.19.7` to `1.20.3` + +### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3` +* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.4.0` +* Added `com.exasol:quality-summarizer-maven-plugin:0.2.0` +* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17` +* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.2` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.5` to `3.5.1` +* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.7` +* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.10.1` +* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1` +* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1` +* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121` +* Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index fea4b89..32c5a9f 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.13 + 0.6.14 pom UTF-8 @@ -47,15 +47,35 @@ + + org.apache.maven.plugins + maven-clean-plugin + 3.4.0 + + + org.apache.maven.plugins + maven-install-plugin + 3.1.3 + + + org.apache.maven.plugins + maven-resources-plugin + 3.3.1 + + + org.apache.maven.plugins + maven-site-plugin + 3.9.1 + org.sonarsource.scanner.maven sonar-maven-plugin - 3.11.0.3922 + 4.0.0.4121 org.apache.maven.plugins maven-toolchains-plugin - 3.1.0 + 3.2.0 @@ -88,7 +108,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.4.1 + 3.5.0 enforce-maven @@ -150,7 +170,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.5 + 3.5.1 @@ -161,7 +181,7 @@ org.codehaus.mojo versions-maven-plugin - 2.16.2 + 2.17.1 display-updates @@ -215,7 +235,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.1.1 + 3.1.2 true @@ -223,7 +243,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.2.2 + 3.2.7 sign-artifacts @@ -244,8 +264,8 @@ org.apache.maven.plugins maven-source-plugin + Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (attach-sources) on project project-keeper-shared-model-classes: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them. + Using goal "jar-no-fork" didn't help. See https://stackoverflow.com/questions/76305897/maven-build-fails-after-upgrading-to-maven-source-plugin-from-3-2-1-to-3-3-0 --> 3.2.1 @@ -259,7 +279,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.6.3 + 3.10.1 attach-javadocs @@ -281,7 +301,7 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.13 + 1.7.0 true ossrh @@ -302,7 +322,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.2.5 + 3.5.1 -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} @@ -360,10 +380,23 @@ + + com.exasol + quality-summarizer-maven-plugin + 0.2.0 + + + summarize-metrics + + summarize + + + + com.exasol error-code-crawler-maven-plugin - 2.0.2 + 2.0.3 verify @@ -376,7 +409,7 @@ io.github.zlika reproducible-build-maven-plugin - 0.16 + 0.17 strip-jar diff --git a/pom.xml b/pom.xml index 62d0b00..40a8ca8 100644 --- a/pom.xml +++ b/pom.xml @@ -2,12 +2,12 @@ 4.0.0 udf-debugging-java - 0.6.13 + 0.6.14 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ - 5.10.2 + 5.11.3 0.8.12 @@ -19,7 +19,7 @@ org.eclipse.parsson parsson - 1.1.6 + 1.1.7 runtime @@ -42,22 +42,22 @@ com.exasol bucketfs-java - 3.1.2 + 3.2.0 com.exasol exasol-test-setup-abstraction-java - 2.1.2 + 2.1.6 + in methods that are meant to be used with the exasol-test-setup-abstraction-java. --> provided org.apache.commons commons-compress - 1.26.1 + 1.27.1 @@ -75,7 +75,7 @@ org.mockito mockito-junit-jupiter - 5.11.0 + 5.14.2 test @@ -88,32 +88,32 @@ com.exasol exasol-testcontainers - 7.0.1 + 7.1.1 test org.testcontainers junit-jupiter - 1.19.7 + 1.20.3 test com.exasol test-db-builder-java - 3.5.4 + 3.6.0 test org.itsallcode junit5-system-extensions - 1.2.0 + 1.2.2 test org.slf4j slf4j-jdk14 - 2.0.12 + 2.0.16 @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 4.3.0 + 4.4.0 @@ -176,7 +176,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.13 + 0.6.14 pk_generated_parent.pom From fccf0a3160a89339b54b361223441f2ff3f581ec Mon Sep 17 00:00:00 2001 From: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com> Date: Wed, 12 Feb 2025 12:34:35 +0100 Subject: [PATCH 4/7] #69 #70: Upgrade dependencies (#71) --- .github/workflows/broken_links_checker.yml | 4 -- .github/workflows/ci-build-next-java.yml | 39 ------------ .github/workflows/ci-build.yml | 71 +++++++++++++++++++-- .project-keeper.yml | 17 +++-- .settings/org.eclipse.jdt.core.prefs | 8 +-- dependencies.md | 72 +++++++++++----------- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.15.md | 40 ++++++++++++ pk_generated_parent.pom | 16 ++--- pom.xml | 18 +++--- 10 files changed, 176 insertions(+), 110 deletions(-) delete mode 100644 .github/workflows/ci-build-next-java.yml create mode 100644 doc/changes/changes_0.6.15.md diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 39612b7..90488ca 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -5,10 +5,6 @@ name: Broken Links Checker on: schedule: - cron: "0 5 * * 0" - push: - branches: - - main - pull_request: jobs: linkChecker: diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml deleted file mode 100644 index 712a7cb..0000000 --- a/.github/workflows/ci-build-next-java.yml +++ /dev/null @@ -1,39 +0,0 @@ -# This file was generated by Project Keeper. -name: CI Build next Java -on: - push: - branches: [ - main - ] - - pull_request: null -jobs: - next-java-compatibility: - runs-on: ubuntu-latest - defaults: - run: { - shell: bash - } - permissions: { - contents: read - } - concurrency: { - group: '${{ github.workflow }}-${{ github.ref }}', - cancel-in-progress: true - } - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: { - fetch-depth: 0 - } - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: { - distribution: temurin, - java-version: '17', - cache: maven - } - - name: Run tests and build with Maven 17 - run: | - mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 05a0e2c..062a061 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -9,7 +9,7 @@ on: pull_request: null jobs: matrix-build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest defaults: run: { shell: bash @@ -25,12 +25,12 @@ jobs: fail-fast: false matrix: exasol_db_version: [ - 8.26.0, - 7.1.26 + 8.32.0, + 7.1.30 ] env: { - DEFAULT_EXASOL_DB_VERSION: 8.26.0 + DEFAULT_EXASOL_DB_VERSION: 8.32.0 } steps: - name: Free Disk Space @@ -67,6 +67,11 @@ jobs: id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" } + - { + name: Fix VM Crash in UDFs, + id: fix-vm-crash, + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + } - name: Run tests and build with Maven id: build-pk-verify run: | @@ -103,8 +108,61 @@ jobs: path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', retention-days: 5 } + - name: Configure broken links checker + id: configure-link-check + run: | + mkdir -p ./target + echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json + - uses: gaurav-nelson/github-action-markdown-link-check@v1 + id: run-link-check + with: { + use-quiet-mode: yes, + use-verbose-mode: yes, + config-file: ./target/broken_links_checker.json + } + next-java-compatibility: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read + } + concurrency: { + group: '${{ github.workflow }}-next-java-${{ github.ref }}', + cancel-in-progress: true + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDK 17 + id: setup-java + uses: actions/setup-java@v4 + with: { + distribution: temurin, + java-version: '17', + cache: maven + } + - { + name: Run tests and build with Maven 17, + id: build-next-java, + run: mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 + } build: - needs: matrix-build + needs: [ + matrix-build, + next-java-compatibility + ] runs-on: ubuntu-latest defaults: run: { @@ -119,11 +177,13 @@ jobs: } steps: - name: Checkout the repository + id: checkout uses: actions/checkout@v4 with: { fetch-depth: 0 } - name: Set up JDKs + id: setup-java uses: actions/setup-java@v4 with: distribution: temurin @@ -133,6 +193,7 @@ jobs: cache: maven - name: Check if release is needed id: check-release + if: ${{ github.ref == 'refs/heads/main' }} run: | if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" diff --git a/.project-keeper.yml b/.project-keeper.yml index 8531de6..e9264e9 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -7,9 +7,16 @@ sources: linkReplacements: - "https://github.com/hamcrest/JavaHamcrest/hamcrest-all|https://github.com/hamcrest/JavaHamcrest" build: - runnerOs: ubuntu-20.04 exasolDbVersions: - - "8.26.0" - - "7.1.26" -excludes: - - "E-PK-CORE-17: Missing required file: 'release_config.yml'" + - "8.32.0" + - "7.1.30" + workflows: + - name: ci-build.yml + stepCustomizations: + - action: INSERT_AFTER + job: matrix-build + stepId: enable-testcontainer-reuse + content: + name: Fix VM Crash in UDFs + id: fix-vm-crash + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 43365b0..6d0c568 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -2,14 +2,14 @@ eclipse.preferences.version=1 org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore -org.eclipse.jdt.core.compiler.annotation.nonnull=javax.annotation.Nonnull +org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull org.eclipse.jdt.core.compiler.annotation.nonnull.secondary= -org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=javax.annotation.ParametersAreNonnullByDefault +org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary= org.eclipse.jdt.core.compiler.annotation.notowning=org.eclipse.jdt.annotation.NotOwning -org.eclipse.jdt.core.compiler.annotation.nullable=javax.annotation.Nullable +org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable org.eclipse.jdt.core.compiler.annotation.nullable.secondary= -org.eclipse.jdt.core.compiler.annotation.nullanalysis=enabled +org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled org.eclipse.jdt.core.compiler.annotation.owning=org.eclipse.jdt.annotation.Owning org.eclipse.jdt.core.compiler.annotation.resourceanalysis=disabled org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled diff --git a/dependencies.md b/dependencies.md index af7d03f..db51a8a 100644 --- a/dependencies.md +++ b/dependencies.md @@ -35,33 +35,33 @@ ## Plugin Dependencies -| Dependency | License | -| ------------------------------------------------------- | ---------------------------------------------- | -| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | -| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | -| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | -| [Apache Maven Site Plugin][33] | [Apache License, Version 2.0][12] | -| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | -| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | -| [Maven Dependency Plugin][37] | [The Apache Software License, Version 2.0][38] | -| [Project Keeper Maven plugin][39] | [The MIT License][40] | -| [Apache Maven Compiler Plugin][41] | [Apache-2.0][12] | -| [Apache Maven Enforcer Plugin][42] | [Apache-2.0][12] | -| [Maven Flatten Plugin][43] | [Apache Software Licenese][12] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][44] | [ASL2][38] | -| [Maven Surefire Plugin][45] | [Apache-2.0][12] | -| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | -| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | -| [Apache Maven Deploy Plugin][49] | [Apache-2.0][12] | -| [Apache Maven GPG Plugin][50] | [Apache-2.0][12] | -| [Apache Maven Source Plugin][51] | [Apache License, Version 2.0][12] | -| [Apache Maven Javadoc Plugin][52] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][53] | [Eclipse Public License][54] | -| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | -| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | -| [error-code-crawler-maven-plugin][59] | [MIT License][60] | -| [Reproducible Build Maven Plugin][61] | [Apache 2.0][38] | +| Dependency | License | +| ------------------------------------------------------- | --------------------------------- | +| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | +| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | +| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | +| [Apache Maven Site Plugin][33] | [Apache-2.0][12] | +| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | +| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | +| [Apache Maven Dependency Plugin][37] | [Apache-2.0][12] | +| [Project Keeper Maven plugin][38] | [The MIT License][39] | +| [Apache Maven Compiler Plugin][40] | [Apache-2.0][12] | +| [Apache Maven Enforcer Plugin][41] | [Apache-2.0][12] | +| [Maven Flatten Plugin][42] | [Apache Software Licenese][12] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][43] | [ASL2][44] | +| [Maven Surefire Plugin][45] | [Apache-2.0][12] | +| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | +| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | +| [Apache Maven Deploy Plugin][49] | [Apache-2.0][12] | +| [Apache Maven GPG Plugin][50] | [Apache-2.0][12] | +| [Apache Maven Source Plugin][51] | [Apache License, Version 2.0][12] | +| [Apache Maven Javadoc Plugin][52] | [Apache-2.0][12] | +| [Nexus Staging Maven Plugin][53] | [Eclipse Public License][54] | +| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | +| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | +| [error-code-crawler-maven-plugin][59] | [MIT License][60] | +| [Reproducible Build Maven Plugin][61] | [Apache 2.0][44] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -97,17 +97,17 @@ [31]: https://maven.apache.org/plugins/maven-install-plugin/ [32]: https://maven.apache.org/plugins/maven-resources-plugin/ [33]: https://maven.apache.org/plugins/maven-site-plugin/ -[34]: http://sonarsource.github.io/sonar-scanner-maven/ +[34]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-maven-plugin [35]: http://www.gnu.org/licenses/lgpl.txt [36]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[37]: http://maven.apache.org/plugins/maven-dependency-plugin/ -[38]: http://www.apache.org/licenses/LICENSE-2.0.txt -[39]: https://github.com/exasol/project-keeper/ -[40]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[41]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[42]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[43]: https://www.mojohaus.org/flatten-maven-plugin/ -[44]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[37]: https://maven.apache.org/plugins/maven-dependency-plugin/ +[38]: https://github.com/exasol/project-keeper/ +[39]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[40]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[41]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[42]: https://www.mojohaus.org/flatten-maven-plugin/ +[43]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[44]: http://www.apache.org/licenses/LICENSE-2.0.txt [45]: https://maven.apache.org/surefire/maven-surefire-plugin/ [46]: https://www.mojohaus.org/versions/versions-maven-plugin/ [47]: https://basepom.github.io/duplicate-finder-maven-plugin diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 616e9f0..c34054b 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.15](changes_0.6.15.md) * [0.6.14](changes_0.6.14.md) * [0.6.13](changes_0.6.13.md) * [0.6.12](changes_0.6.12.md) diff --git a/doc/changes/changes_0.6.15.md b/doc/changes/changes_0.6.15.md new file mode 100644 index 0000000..6123997 --- /dev/null +++ b/doc/changes/changes_0.6.15.md @@ -0,0 +1,40 @@ +# Udf Debugging Java 0.6.15, released 2025-02-12 + +Code name: Fix vulnerabilities CVE-2025-25193 and CVE-2025-24970 in test dependencies + +## Summary + +This release fixes the following vulnerabilities in test dependencies: + +* `io.netty:netty-common:jar:4.1.115.Final:test`: CVE-2025-25193 +* `io.netty:netty-handler:jar:4.1.115.Final:test`: CVE-2025-24970 + +## Security + +* #69: Fixed CVE-2025-25193 in `io.netty:netty-common:jar:4.1.115.Final:test` +* #70: Fixed CVE-2025-24970 in `io.netty:netty-handler:jar:4.1.115.Final:test` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `com.exasol:bucketfs-java:3.2.0` to `3.2.1` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.1.1` to `7.1.3` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.11.3` to `5.11.4` +* Updated `org.junit.jupiter:junit-jupiter-params:5.11.3` to `5.11.4` +* Updated `org.mockito:mockito-junit-jupiter:5.14.2` to `5.15.2` +* Updated `org.testcontainers:junit-jupiter:1.20.3` to `1.20.4` + +### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:4.4.0` to `4.5.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.2` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.5.1` to `3.5.2` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.10.1` to `3.11.1` +* Updated `org.apache.maven.plugins:maven-site-plugin:3.9.1` to `3.21.0` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.5.1` to `3.5.2` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.17.1` to `2.18.0` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121` to `5.0.0.4389` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 32c5a9f..b7e005e 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.14 + 0.6.15 pom UTF-8 @@ -65,12 +65,12 @@ org.apache.maven.plugins maven-site-plugin - 3.9.1 + 3.21.0 org.sonarsource.scanner.maven sonar-maven-plugin - 4.0.0.4121 + 5.0.0.4389 org.apache.maven.plugins @@ -170,7 +170,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.1 + 3.5.2 @@ -181,7 +181,7 @@ org.codehaus.mojo versions-maven-plugin - 2.17.1 + 2.18.0 display-updates @@ -235,7 +235,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.1.2 + 3.1.3 true @@ -279,7 +279,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.10.1 + 3.11.1 attach-javadocs @@ -322,7 +322,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.1 + 3.5.2 -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} diff --git a/pom.xml b/pom.xml index 40a8ca8..7c43be6 100644 --- a/pom.xml +++ b/pom.xml @@ -2,12 +2,12 @@ 4.0.0 udf-debugging-java - 0.6.14 + 0.6.15 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ - 5.11.3 + 5.11.4 0.8.12 @@ -42,12 +42,12 @@ com.exasol bucketfs-java - 3.2.0 + 3.2.1 com.exasol exasol-test-setup-abstraction-java - 2.1.6 + 2.1.7 From b23448a06ab76280d1a017e1f2c1794e962a194c Mon Sep 17 00:00:00 2001 From: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:02:55 +0200 Subject: [PATCH 6/7] #74: Upgrade dependencies (#76) --- .gitattributes | 1 + .github/workflows/broken_links_checker.yml | 51 ++++++----- .github/workflows/ci-build.yml | 21 +++-- .github/workflows/dependencies_check.yml | 6 +- .project-keeper.yml | 18 +++- .settings/org.eclipse.jdt.core.prefs | 4 +- SECURITY.md | 25 ++++++ dependencies.md | 89 ++++++++++--------- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.16.md | 48 ++++++++++ pk_generated_parent.pom | 61 +++++++++---- pom.xml | 22 ++--- .../exasol/udfdebugging/PushDownTesting.java | 3 + .../modules/coverage/CoverageModule.java | 3 +- .../modules/coverage/CoverageModuleTest.java | 20 +++-- src/test/resources/logging.properties | 2 +- 16 files changed, 257 insertions(+), 118 deletions(-) create mode 100644 SECURITY.md create mode 100644 doc/changes/changes_0.6.16.md diff --git a/.gitattributes b/.gitattributes index be0dddc..fd991dc 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ +SECURITY.md linguist-generated=true dependencies.md linguist-generated=true doc/changes/changelog.md linguist-generated=true pk_generated_parent.pom linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 90488ca..09e4bac 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -1,35 +1,44 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/broken_links_checker.yml +# This file was generated by Project Keeper. name: Broken Links Checker - on: schedule: - - cron: "0 5 * * 0" - + - { + cron: 0 5 * * 0 + } + workflow_dispatch: null jobs: linkChecker: runs-on: ubuntu-latest - permissions: + permissions: { contents: read + } defaults: - run: - shell: "bash" - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}-${{ github.ref }}', cancel-in-progress: true + } steps: - - uses: actions/checkout@v4 - - name: Configure broken links checker + - { + id: checkout, + uses: actions/checkout@v4 + } + - id: configure-broken-links-checker + name: Configure broken links checker run: | mkdir -p ./target echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ - '{"pattern": "^https?://(www|dev).mysql.com/"},' \ - '{"pattern": "^https?://(www.)?opensource.org"}' \ - '{"pattern": "^https?://(www.)?eclipse.org"}' \ - '{"pattern": "^https?://projects.eclipse.org"}' \ - ']}' > ./target/broken_links_checker.json - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: "yes" - use-verbose-mode: "yes" + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json + - id: run-broken-links-checker + uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: { + use-quiet-mode: yes, + use-verbose-mode: yes, config-file: ./target/broken_links_checker.json + } diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 463b863..63f3e50 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -6,10 +6,17 @@ on: main ] - pull_request: null + pull_request: + types: [ + opened, + synchronize, + reopened, + ready_for_review + ] + jobs: matrix-build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 defaults: run: { shell: bash @@ -25,12 +32,11 @@ jobs: fail-fast: false matrix: exasol_db_version: [ - 8.32.0, - 7.1.30 + 8.34.0 ] env: { - DEFAULT_EXASOL_DB_VERSION: 8.32.0 + DEFAULT_EXASOL_DB_VERSION: 8.34.0 } steps: - name: Free Disk Space @@ -67,6 +73,11 @@ jobs: id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" } + - { + name: Fix VM Crash in UDFs, + id: fix-vm-crash, + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + } - name: Run tests and build with Maven id: build-pk-verify run: | diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 02c5aa0..0832e80 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -46,9 +46,9 @@ jobs: org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ -Dossindex.reportFile=$(pwd)/ossindex-report.json \ -Dossindex.fail=false - - name: Report Security Issues - id: security-issues - uses: exasol/python-toolbox/.github/actions/security-issues@main + - name: Create GitHub Issues + id: create-security-issues + uses: exasol/python-toolbox/.github/actions/security-issues@1.1.0 with: { format: maven, command: cat ossindex-report.json, diff --git a/.project-keeper.yml b/.project-keeper.yml index 850a718..bab3287 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -5,8 +5,18 @@ sources: - maven_central - integration_tests build: - # UDFs in Exasol 7.1 require Ubuntu 20.04 - runnerOs: ubuntu-20.04 + runnerOs: ubuntu-24.04 exasolDbVersions: - - "8.32.0" - - "7.1.30" + - "8.34.0" + # UDFs in Exasol 7.1 with Ubuntu 20.04 will be fixed in the next Docker-DB release + # - "7.1.30" + workflows: + - name: ci-build.yml + stepCustomizations: + - action: INSERT_AFTER + job: matrix-build + stepId: enable-testcontainer-reuse + content: + name: Fix VM Crash in UDFs + id: fix-vm-crash + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 6d0c568..7644ed3 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -241,7 +241,7 @@ org.eclipse.jdt.core.formatter.indent_empty_lines=false org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true -org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false +org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=true org.eclipse.jdt.core.formatter.indentation.size=4 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_enum_constant=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert @@ -447,7 +447,7 @@ org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constan org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.join_lines_in_comments=true -org.eclipse.jdt.core.formatter.join_wrapped_lines=true +org.eclipse.jdt.core.formatter.join_wrapped_lines=false org.eclipse.jdt.core.formatter.keep_annotation_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_anonymous_type_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_code_block_on_one_line=one_line_never diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f0edc21 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security + +If you believe you have found a new security vulnerability in this repository, please report it to us as follows. + +## Reporting Security Issues + +* Please do **not** report security vulnerabilities through public GitHub issues. + +* Please create a draft security advisory on the Github page: the reporting form is under `> Security > Advisories`. The URL is https://github.com/exasol/udf-debugging-java/security/advisories/new. + +* If you prefer to email, please send your report to `infosec@exasol.com`. + +## Guidelines + +* When reporting a vulnerability, please include as much information as possible, including the complete steps to reproduce the issue. + +* Avoid sending us executables. + +* Feel free to include any script you wrote and used but avoid sending us scripts that download and run binaries. + +* We will prioritise reports that show how the exploits work in realistic environments. + +* We prefer all communications to be in English. + +* We do not offer financial rewards. We are happy to acknowledge your research publicly when possible. diff --git a/dependencies.md b/dependencies.md index 8e4a0e0..3778478 100644 --- a/dependencies.md +++ b/dependencies.md @@ -11,7 +11,7 @@ | [BucketFS Java][7] | [MIT License][8] | | [exasol-test-setup-abstraction-java][9] | [MIT License][10] | | [Apache Commons Compress][11] | [Apache-2.0][12] | -| [SLF4J JDK14 Provider][13] | [MIT License][14] | +| [SLF4J JDK14 Provider][13] | [MIT][14] | ## Test Dependencies @@ -35,33 +35,34 @@ ## Plugin Dependencies -| Dependency | License | -| ------------------------------------------------------- | --------------------------------- | -| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | -| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | -| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | -| [Apache Maven Site Plugin][33] | [Apache-2.0][12] | -| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | -| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | -| [Apache Maven Dependency Plugin][37] | [Apache-2.0][12] | -| [Project Keeper Maven plugin][38] | [The MIT License][39] | -| [Apache Maven Compiler Plugin][40] | [Apache-2.0][12] | -| [Apache Maven Enforcer Plugin][41] | [Apache-2.0][12] | -| [Maven Flatten Plugin][42] | [Apache Software Licenese][12] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][43] | [ASL2][44] | -| [Maven Surefire Plugin][45] | [Apache-2.0][12] | -| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | -| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | -| [Apache Maven Deploy Plugin][49] | [Apache-2.0][12] | -| [Apache Maven GPG Plugin][50] | [Apache-2.0][12] | -| [Apache Maven Source Plugin][51] | [Apache License, Version 2.0][12] | -| [Apache Maven Javadoc Plugin][52] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][53] | [Eclipse Public License][54] | -| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | -| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | -| [error-code-crawler-maven-plugin][59] | [MIT License][60] | -| [Reproducible Build Maven Plugin][61] | [Apache 2.0][44] | +| Dependency | License | +| ------------------------------------------------------- | ------------------------------------------- | +| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | +| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | +| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | +| [Apache Maven Site Plugin][33] | [Apache-2.0][12] | +| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | +| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | +| [Apache Maven Dependency Plugin][37] | [Apache-2.0][12] | +| [Project Keeper Maven plugin][38] | [The MIT License][39] | +| [Apache Maven Compiler Plugin][40] | [Apache-2.0][12] | +| [Apache Maven Enforcer Plugin][41] | [Apache-2.0][12] | +| [Maven Flatten Plugin][42] | [Apache Software Licenese][12] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][43] | [ASL2][44] | +| [Maven Surefire Plugin][45] | [Apache-2.0][12] | +| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | +| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | +| [Apache Maven Artifact Plugin][49] | [Apache-2.0][12] | +| [Apache Maven Deploy Plugin][50] | [Apache-2.0][12] | +| [Apache Maven GPG Plugin][51] | [Apache-2.0][12] | +| [Apache Maven Source Plugin][52] | [Apache License, Version 2.0][12] | +| [Apache Maven Javadoc Plugin][53] | [Apache-2.0][12] | +| [Nexus Staging Maven Plugin][54] | [Eclipse Public License][55] | +| [Maven Failsafe Plugin][56] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][57] | [EPL-2.0][6] | +| [Quality Summarizer Maven Plugin][58] | [MIT License][59] | +| [error-code-crawler-maven-plugin][60] | [MIT License][61] | +| [Git Commit Id Maven Plugin][62] | [GNU Lesser General Public License 3.0][63] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -77,7 +78,7 @@ [11]: https://commons.apache.org/proper/commons-compress/ [12]: https://www.apache.org/licenses/LICENSE-2.0.txt [13]: http://www.slf4j.org -[14]: http://www.opensource.org/licenses/mit-license.php +[14]: https://opensource.org/license/mit [15]: https://junit.org/junit5/ [16]: https://www.eclipse.org/legal/epl-v20.html [17]: https://github.com/mockito/mockito @@ -97,7 +98,7 @@ [31]: https://maven.apache.org/plugins/maven-install-plugin/ [32]: https://maven.apache.org/plugins/maven-resources-plugin/ [33]: https://maven.apache.org/plugins/maven-site-plugin/ -[34]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-maven-plugin +[34]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-scanner-maven/sonar-maven-plugin [35]: http://www.gnu.org/licenses/lgpl.txt [36]: https://maven.apache.org/plugins/maven-toolchains-plugin/ [37]: https://maven.apache.org/plugins/maven-dependency-plugin/ @@ -112,16 +113,18 @@ [46]: https://www.mojohaus.org/versions/versions-maven-plugin/ [47]: https://basepom.github.io/duplicate-finder-maven-plugin [48]: http://www.apache.org/licenses/LICENSE-2.0.html -[49]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[50]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[51]: https://maven.apache.org/plugins/maven-source-plugin/ -[52]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[53]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[54]: http://www.eclipse.org/legal/epl-v10.html -[55]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[56]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[57]: https://github.com/exasol/quality-summarizer-maven-plugin/ -[58]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE -[59]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[60]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[61]: http://zlika.github.io/reproducible-build-maven-plugin +[49]: https://maven.apache.org/plugins/maven-artifact-plugin/ +[50]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[51]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[52]: https://maven.apache.org/plugins/maven-source-plugin/ +[53]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[54]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[55]: http://www.eclipse.org/legal/epl-v10.html +[56]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[57]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[58]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[59]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[60]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[61]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[62]: https://github.com/git-commit-id/git-commit-id-maven-plugin +[63]: http://www.gnu.org/licenses/lgpl-3.0.txt diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index c34054b..39e84a8 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.16](changes_0.6.16.md) * [0.6.15](changes_0.6.15.md) * [0.6.14](changes_0.6.14.md) * [0.6.13](changes_0.6.13.md) diff --git a/doc/changes/changes_0.6.16.md b/doc/changes/changes_0.6.16.md new file mode 100644 index 0000000..f085995 --- /dev/null +++ b/doc/changes/changes_0.6.16.md @@ -0,0 +1,48 @@ +# Udf Debugging Java 0.6.16, released 2025-06-02 + +Code name: Security updates on top of 0.6.15 + +## Summary + +This release is a security update. We updated the dependencies of the project to fix transitive security issues. + +We also added an exception for the OSSIndex for CVE-2024-55551, which is a false positive in Exasol's JDBC driver. +This issue has been fixed quite a while back now, but the OSSIndex unfortunately does not contain the fix version of 24.2.1 (2024-12-10) set. + +## Security + +* #74: Fix CVE-2024-55551 in com.exasol:exasol-jdbc:jar:24.2.1 + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `org.jacoco:org.jacoco.core:0.8.12` to `0.8.13` +* Updated `org.slf4j:slf4j-jdk14:2.0.16` to `2.0.17` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.1.3` to `7.1.5` +* Updated `com.exasol:test-db-builder-java:3.6.0` to `3.6.1` +* Updated `org.jacoco:org.jacoco.agent:0.8.12` to `0.8.13` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.11.4` to `5.13.0` +* Updated `org.junit.jupiter:junit-jupiter-params:5.11.4` to `5.13.0` +* Updated `org.mockito:mockito-junit-jupiter:5.15.2` to `5.18.0` +* Updated `org.testcontainers:junit-jupiter:1.20.4` to `1.21.1` + +### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:4.5.0` to `5.1.0` +* Added `io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1` +* Removed `io.github.zlika:reproducible-build-maven-plugin:0.17` +* Added `org.apache.maven.plugins:maven-artifact-plugin:3.6.0` +* Updated `org.apache.maven.plugins:maven-clean-plugin:3.4.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.13.0` to `3.14.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.3` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.5.2` to `3.5.3` +* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.3` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.11.1` to `3.11.2` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.5.2` to `3.5.3` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.6.0` to `1.7.0` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.12` to `0.8.13` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389` to `5.1.0.4751` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index b7e005e..26ca8c2 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,11 +3,12 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.15 + 0.6.16 pom UTF-8 UTF-8 + ${git.commit.time} 11 exasol https://sonarcloud.io @@ -50,12 +51,12 @@ org.apache.maven.plugins maven-clean-plugin - 3.4.0 + 3.4.1 org.apache.maven.plugins maven-install-plugin - 3.1.3 + 3.1.4 org.apache.maven.plugins @@ -70,7 +71,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 5.0.0.4389 + 5.1.0.4751 org.apache.maven.plugins @@ -94,7 +95,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.14.0 ${java.version} ${java.version} @@ -118,7 +119,7 @@ - 3.6.3 + 3.8.7 17 @@ -131,7 +132,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.6.0 + 1.7.0 true oss @@ -170,7 +171,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.2 + 3.5.3 @@ -185,7 +186,7 @@ display-updates - package + verify display-plugin-updates display-dependency-updates @@ -202,6 +203,7 @@ true true true + false false true true @@ -232,10 +234,24 @@ false + + org.apache.maven.plugins + maven-artifact-plugin + 3.6.0 + + + check-build-plan + verify + + check-buildplan + + + + org.apache.maven.plugins maven-deploy-plugin - 3.1.3 + 3.1.4 true @@ -279,7 +295,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.1 + 3.11.2 attach-javadocs @@ -322,7 +338,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.2 + 3.5.3 -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} @@ -342,7 +358,7 @@ org.jacoco jacoco-maven-plugin - 0.8.12 + 0.8.13 prepare-agent @@ -407,18 +423,25 @@ - io.github.zlika - reproducible-build-maven-plugin - 0.17 + io.github.git-commit-id + git-commit-id-maven-plugin + 9.0.1 - strip-jar - package + get-the-git-infos - strip-jar + revision + initialize + + true + UTC + + git.commit.time + + diff --git a/pom.xml b/pom.xml index 07c4024..b55779c 100644 --- a/pom.xml +++ b/pom.xml @@ -2,13 +2,13 @@ 4.0.0 udf-debugging-java - 0.6.15 + 0.6.16 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ - 5.11.4 - 0.8.12 + 5.13.0 + 0.8.13 @@ -75,7 +75,7 @@ org.mockito mockito-junit-jupiter - 5.15.2 + 5.18.0 test @@ -88,19 +88,19 @@ com.exasol exasol-testcontainers - 7.1.3 + 7.1.5 test org.testcontainers junit-jupiter - 1.20.4 + 1.21.1 test com.exasol test-db-builder-java - 3.6.0 + 3.6.1 test @@ -113,7 +113,7 @@ org.slf4j slf4j-jdk14 - 2.0.16 + 2.0.17 @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 4.5.0 + 5.1.0 @@ -168,6 +168,8 @@ CVE-2017-10355 + + CVE-2024-55551 @@ -176,7 +178,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.15 + 0.6.16 pk_generated_parent.pom diff --git a/src/main/java/com/exasol/udfdebugging/PushDownTesting.java b/src/main/java/com/exasol/udfdebugging/PushDownTesting.java index 2ac6488..f09f147 100644 --- a/src/main/java/com/exasol/udfdebugging/PushDownTesting.java +++ b/src/main/java/com/exasol/udfdebugging/PushDownTesting.java @@ -9,6 +9,9 @@ * This class contains helper functions for testing virtual schema push down queries. */ public class PushDownTesting { + private PushDownTesting() { + // Not instanciable + } /** * Get the push-down SQL query generated by a Virtual Schema adapter call. diff --git a/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java b/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java index 2f3672c..055bd1a 100644 --- a/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java +++ b/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java @@ -1,7 +1,6 @@ package com.exasol.udfdebugging.modules.coverage; import java.io.FileNotFoundException; -import java.io.IOException; import java.net.InetSocketAddress; import java.nio.file.Path; import java.util.concurrent.TimeoutException; @@ -63,7 +62,7 @@ private void uploadAgentToBucketFs(final Bucket bucket) { } @Override - public void close() throws IOException { + public void close() { // nothing to close } } diff --git a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java index 40129a8..7d09754 100644 --- a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java +++ b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java @@ -18,11 +18,14 @@ class CoverageModuleTest { @Test + @SuppressWarnings("try") // auto-closeable resource coverageModule is never referenced in body of try statement void testUpload() throws BucketAccessException, TimeoutException, FileNotFoundException { final Bucket bucket = mock(Bucket.class); - new CoverageModule((port) -> new InetSocketAddress("1.2.3.4", port), bucket); - verify(bucket).uploadFile(Path.of("target", "jacoco-agent", "org.jacoco.agent-runtime.jar"), - "org.jacoco.agent-runtime.jar"); + try (CoverageModule coverageModule = new CoverageModule(port -> new InetSocketAddress("1.2.3.4", port), + bucket)) { + verify(bucket).uploadFile(Path.of("target", "jacoco-agent", "org.jacoco.agent-runtime.jar"), + "org.jacoco.agent-runtime.jar"); + } } @Test @@ -30,9 +33,10 @@ void testGetJvmOptions() { final Bucket bucket = mock(Bucket.class); when(bucket.getBucketFsName()).thenReturn("my_bucketfs"); when(bucket.getBucketName()).thenReturn("my_bucket"); - final CoverageModule coverageModule = new CoverageModule((port) -> new InetSocketAddress("1.2.3.4", port), - bucket); - assertThat(coverageModule.getJvmOptions().collect(Collectors.toList()), contains( - "-javaagent:/buckets/my_bucketfs/my_bucket/org.jacoco.agent-runtime.jar=output=tcpclient,address=1.2.3.4,port=3002")); + try (final CoverageModule coverageModule = new CoverageModule(port -> new InetSocketAddress("1.2.3.4", port), + bucket)) { + assertThat(coverageModule.getJvmOptions().collect(Collectors.toList()), contains( + "-javaagent:/buckets/my_bucketfs/my_bucket/org.jacoco.agent-runtime.jar=output=tcpclient,address=1.2.3.4,port=3002")); + } } -} \ No newline at end of file +} diff --git a/src/test/resources/logging.properties b/src/test/resources/logging.properties index 8c97abe..8d41bf2 100644 --- a/src/test/resources/logging.properties +++ b/src/test/resources/logging.properties @@ -2,5 +2,5 @@ handlers=java.util.logging.ConsoleHandler .level=INFO java.util.logging.ConsoleHandler.level=ALL java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter -java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %n +java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %6$s%n com.exasol.level=ALL From e04eb6b84ae18e17c837682aa4ea35a9efeb50a2 Mon Sep 17 00:00:00 2001 From: Pieterjan Spoelders Date: Thu, 31 Jul 2025 06:00:29 -0400 Subject: [PATCH 7/7] CVE-2025-48924 (#79) * CVE-2025-48924 * Apply suggestions from code review --- .github/workflows/ci-build.yml | 3 +- .github/workflows/dependencies_check.yml | 4 +- .github/workflows/dependencies_update.yml | 2 +- .github/workflows/release.yml | 29 ++++++++++++--- .vscode/settings.json | 5 ++- dependencies.md | 31 ++++++++-------- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.17.md | 44 ++++++++++++++++++++++ pk_generated_parent.pom | 45 ++++++++--------------- pom.xml | 12 +++--- 10 files changed, 114 insertions(+), 62 deletions(-) create mode 100644 doc/changes/changes_0.6.17.md diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 63f3e50..2dd25b6 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -227,5 +227,6 @@ jobs: } uses: ./.github/workflows/release.yml with: { - started-from-ci: true + started-from-ci: true, + maven-central-auto-publish: true } diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 0832e80..41c1253 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -18,7 +18,7 @@ jobs: issues: write } outputs: { - created-issues: '${{ steps.security-issues.outputs.created-issues }}' + created-issues: '${{ steps.create-security-issues.outputs.created-issues }}' } concurrency: { group: '${{ github.workflow }}-report_security_issues', @@ -60,7 +60,7 @@ jobs: echo "$CREATED_ISSUES" > test.jsonl cat test.jsonl env: { - CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}' + CREATED_ISSUES: '${{ steps.create-security-issues.outputs.created-issues }}' } start_dependency_udpate: needs: report_security_issues diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index c901506..007215d 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -172,5 +172,5 @@ jobs: message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}' } env: { - SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SECURITY_UPDATES_WEBHOOK }}' } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e4682a3..db9d10a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,6 +9,12 @@ on: required: true, default: false } + maven-central-auto-publish: { + description: 'Automatically publish to Maven Central. Deactivate to manually publish at https://central.sonatype.com/publishing/deployments', + required: true, + type: boolean, + default: true + } workflow_dispatch: inputs: skip-maven-central: { @@ -17,6 +23,12 @@ on: type: boolean, default: false } + maven-central-auto-publish: { + description: 'Automatically publish to Maven Central. Deactivate to manually publish at https://central.sonatype.com/publishing/deployments', + required: true, + type: boolean, + default: true + } skip-github-release: { description: Skip creating the GitHub release, required: true, @@ -56,7 +68,7 @@ jobs: 11 17 cache: maven - server-id: ossrh + server-id: maven-central-portal server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} @@ -120,11 +132,18 @@ jobs: if: ${{ true && (! inputs.skip-maven-central) }} run: | echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY" - mvn --batch-mode -Dgpg.skip=false -DskipTests deploy - echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + mvn --batch-mode -Dgpg.skip=false -DskipTests deploy \ + -Dcentral-publishing.deploymentName="Auto release of repo ${{ github.repository }} using PK release.yml" \ + -Dcentral-publishing.autoPublish=${{ inputs.maven-central-auto-publish }} + if [[ "${{ inputs.maven-central-auto-publish }}" == "true" ]]; then + echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + else + echo "Uploaded to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + echo "⚠️ Go to https://central.sonatype.com/publishing/deployments to publish the release ⚠️" >> "$GITHUB_STEP_SUMMARY" + fi env: { - MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}', - MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}', + MAVEN_USERNAME: '${{ secrets.MAVEN_CENTRAL_PORTAL_USERNAME }}', + MAVEN_PASSWORD: '${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN }}', MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}' } - name: Calculate Artifact Checksums diff --git a/.vscode/settings.json b/.vscode/settings.json index 30f0f3f..f673fd5 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -18,5 +18,6 @@ "sonarlint.connectedMode.project": { "connectionId": "exasol", "projectKey": "com.exasol:udf-debugging-java" - } -} + }, + "java.configuration.updateBuildConfiguration": "automatic" +} \ No newline at end of file diff --git a/dependencies.md b/dependencies.md index 3778478..b8962ce 100644 --- a/dependencies.md +++ b/dependencies.md @@ -57,12 +57,12 @@ | [Apache Maven GPG Plugin][51] | [Apache-2.0][12] | | [Apache Maven Source Plugin][52] | [Apache License, Version 2.0][12] | | [Apache Maven Javadoc Plugin][53] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][54] | [Eclipse Public License][55] | -| [Maven Failsafe Plugin][56] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][57] | [EPL-2.0][6] | -| [Quality Summarizer Maven Plugin][58] | [MIT License][59] | -| [error-code-crawler-maven-plugin][60] | [MIT License][61] | -| [Git Commit Id Maven Plugin][62] | [GNU Lesser General Public License 3.0][63] | +| [Central Publishing Maven Plugin][54] | [The Apache License, Version 2.0][12] | +| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | +| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | +| [error-code-crawler-maven-plugin][59] | [MIT License][60] | +| [Git Commit Id Maven Plugin][61] | [GNU Lesser General Public License 3.0][62] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -118,13 +118,12 @@ [51]: https://maven.apache.org/plugins/maven-gpg-plugin/ [52]: https://maven.apache.org/plugins/maven-source-plugin/ [53]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[54]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[55]: http://www.eclipse.org/legal/epl-v10.html -[56]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[57]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[58]: https://github.com/exasol/quality-summarizer-maven-plugin/ -[59]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE -[60]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[61]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[62]: https://github.com/git-commit-id/git-commit-id-maven-plugin -[63]: http://www.gnu.org/licenses/lgpl-3.0.txt +[54]: https://central.sonatype.org +[55]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[56]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[57]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[58]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[59]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[60]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[61]: https://github.com/git-commit-id/git-commit-id-maven-plugin +[62]: http://www.gnu.org/licenses/lgpl-3.0.txt diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 39e84a8..0df245b 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.17](changes_0.6.17.md) * [0.6.16](changes_0.6.16.md) * [0.6.15](changes_0.6.15.md) * [0.6.14](changes_0.6.14.md) diff --git a/doc/changes/changes_0.6.17.md b/doc/changes/changes_0.6.17.md new file mode 100644 index 0000000..5c18ce0 --- /dev/null +++ b/doc/changes/changes_0.6.17.md @@ -0,0 +1,44 @@ +# Udf Debugging Java 0.6.17, released 2025-07-31 + +Code name: Fix CVE-2025-48924 in `org.apache.commons:commons-lang3:jar:3.16.0:compile` + +## Summary + +This release fixes the following vulnerabilities: + +### CVE-2025-48924 (CWE-674) in dependency `org.apache.commons:commons-lang3:jar:3.16.0:compile` + +Uncontrolled Recursion vulnerability in Apache Commons Lang. + +This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. + +The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a +StackOverflowError could cause an application to stop. + +Users are recommended to upgrade to version 3.18.0, which fixes the issue. + +CVE: CVE-2025-48924 +CWE: CWE-674 + +#### References + +- https://ossindex.sonatype.org/vulnerability/CVE-2025-48924?component-type=maven&component-name=org.apache.commons%2Fcommons-lang3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 +- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924 +- https://github.com/advisories/GHSA-j288-q9x7-2f5v + +## Security + +* #77: Fixed vulnerability CVE-2025-48924 in dependency `org.apache.commons:commons-lang3:jar:3.16.0:compile` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `org.apache.commons:commons-compress:1.27.1` to `1.28.0` + +### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.3` to `2.0.4` +* Updated `com.exasol:project-keeper-maven-plugin:5.1.0` to `5.2.3` +* Added `org.sonatype.central:central-publishing-maven-plugin:0.7.0` +* Removed `org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 26ca8c2..b55af02 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.16 + 0.6.17 pom UTF-8 @@ -14,17 +14,11 @@ https://sonarcloud.io true + false + false + validated + Manual deployment of repo udf-debugging-java - - - ossrh - https://oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - MIT License @@ -315,25 +309,18 @@ - org.sonatype.plugins - nexus-staging-maven-plugin - 1.7.0 + org.sonatype.central + central-publishing-maven-plugin + 0.7.0 + true - true - ossrh - https://oss.sonatype.org/ - 15 - 30 + maven-central-portal + + ${central-publishing.autoPublish} + ${central-publishing.waitUntil} + ${central-publishing.deploymentName} + ${central-publishing.skipPublishing} - - - default-deploy - deploy - - deploy - - - org.apache.maven.plugins @@ -412,7 +399,7 @@ com.exasol error-code-crawler-maven-plugin - 2.0.3 + 2.0.4 verify diff --git a/pom.xml b/pom.xml index b55779c..eb5ed0d 100644 --- a/pom.xml +++ b/pom.xml @@ -1,8 +1,8 @@ - + 4.0.0 udf-debugging-java - 0.6.16 + 0.6.17 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ @@ -57,7 +57,7 @@ org.apache.commons commons-compress - 1.27.1 + 1.28.0 @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 5.1.0 + 5.2.3 @@ -168,7 +168,7 @@ CVE-2017-10355 - + CVE-2024-55551 @@ -178,7 +178,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.16 + 0.6.17 pk_generated_parent.pom