From 81d6708cb8bb597564e65064ac9088d4e6117565 Mon Sep 17 00:00:00 2001 From: KK Date: Wed, 18 Jan 2023 07:54:55 +0100 Subject: [PATCH 1/4] implemented #110 --- ...release_droid_release_on_maven_central.yml | 4 +- .project-keeper.yml | 4 +- dependencies.md | 26 +++++------ doc/changes/changelog.md | 1 + doc/changes/changes_3.4.2.md | 42 +++++++++++++++++ pk_generated_parent.pom | 28 +++++++---- pom.xml | 46 ++++++------------- 7 files changed, 95 insertions(+), 56 deletions(-) create mode 100644 doc/changes/changes_3.4.2.md diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml index 0dc6aab..b467607 100644 --- a/.github/workflows/release_droid_release_on_maven_central.yml +++ b/.github/workflows/release_droid_release_on_maven_central.yml @@ -23,8 +23,8 @@ jobs: gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Publish to Central Repository - run: mvn clean --batch-mode -Dgpg.skip=false -DskipTests deploy + run: mvn --batch-mode -Dgpg.skip=false -DskipTests clean deploy env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} \ No newline at end of file diff --git a/.project-keeper.yml b/.project-keeper.yml index aa3d4d5..051e131 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -8,5 +8,7 @@ linkReplacements: - https://www.mojohaus.org/flatten-maven-plugin/flatten-maven-plugin|https://www.mojohaus.org/flatten-maven-plugin - https://jdbc.postgresql.org/about/license.html|https://jdbc.postgresql.org/license/ - https://developers.google.com/protocol-buffers/protobuf-java/|https://developers.google.com/protocol-buffers + - LICENSE-exasol-jdbc.txt|https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm excludes: - - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'" + - "xE-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'" + - "[WARNING] W-PK-CORE-155: Could not detect latest available version of project-keeper. Server returned HTTP response code: 504 for URL: https://search.maven.org/solrsearch/select?q=g:com.exasol+AND+a:project-keeper-maven-plugin&wt=json. Please check network connection and response from 'https://search.maven.org/solrsearch/select?q=g:com.exasol+AND+a:project-keeper-maven-plugin&wt=json'" diff --git a/dependencies.md b/dependencies.md index 25d9442..27a6bce 100644 --- a/dependencies.md +++ b/dependencies.md @@ -37,8 +37,8 @@ | [SonarQube Scanner for Maven][27] | [GNU LGPL 3][28] | | [Apache Maven Compiler Plugin][29] | [Apache License, Version 2.0][26] | | [Apache Maven Enforcer Plugin][30] | [Apache License, Version 2.0][26] | -| [Maven Flatten Plugin][31] | [Apache Software Licenese][32] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][33] | [ASL2][32] | +| [Maven Flatten Plugin][31] | [Apache Software Licenese][26] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][32] | [ASL2][33] | | [Maven Surefire Plugin][34] | [Apache License, Version 2.0][26] | | [Versions Maven Plugin][35] | [Apache License, Version 2.0][26] | | [Apache Maven Deploy Plugin][36] | [Apache License, Version 2.0][26] | @@ -49,21 +49,21 @@ | [Maven Failsafe Plugin][42] | [Apache License, Version 2.0][26] | | [JaCoCo :: Maven Plugin][43] | [Eclipse Public License 2.0][44] | | [error-code-crawler-maven-plugin][45] | [MIT License][46] | -| [Reproducible Build Maven Plugin][47] | [Apache 2.0][32] | +| [Reproducible Build Maven Plugin][47] | [Apache 2.0][33] | | [OpenFastTrace Maven Plugin][48] | [GNU General Public License v3.0][49] | | [Project keeper maven plugin][50] | [The MIT License][51] | -| [Maven Clean Plugin][52] | [The Apache Software License, Version 2.0][32] | -| [Maven Resources Plugin][53] | [The Apache Software License, Version 2.0][32] | -| [Maven JAR Plugin][54] | [The Apache Software License, Version 2.0][32] | -| [Maven Install Plugin][55] | [The Apache Software License, Version 2.0][32] | -| [Maven Site Plugin 3][56] | [The Apache Software License, Version 2.0][32] | +| [Maven Clean Plugin][52] | [The Apache Software License, Version 2.0][33] | +| [Maven Resources Plugin][53] | [The Apache Software License, Version 2.0][33] | +| [Maven JAR Plugin][54] | [The Apache Software License, Version 2.0][33] | +| [Maven Install Plugin][55] | [The Apache Software License, Version 2.0][33] | +| [Maven Site Plugin 3][56] | [The Apache Software License, Version 2.0][33] | [0]: https://github.com/exasol/db-fundamentals-java/ [1]: https://github.com/exasol/db-fundamentals-java/blob/main/LICENSE [2]: https://github.com/exasol/error-reporting-java/ [3]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE [4]: http://www.exasol.com -[5]: https://docs.exasol.com/connect_exasol/drivers/jdbc.htm +[5]: https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm [6]: https://developers.google.com/protocol-buffers [7]: https://opensource.org/licenses/BSD-3-Clause [8]: https://jdbc.postgresql.org @@ -89,11 +89,11 @@ [28]: http://www.gnu.org/licenses/lgpl.txt [29]: https://maven.apache.org/plugins/maven-compiler-plugin/ [30]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[31]: https://www.mojohaus.org/flatten-maven-plugin -[32]: http://www.apache.org/licenses/LICENSE-2.0.txt -[33]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[31]: https://www.mojohaus.org/flatten-maven-plugin/ +[32]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[33]: http://www.apache.org/licenses/LICENSE-2.0.txt [34]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[35]: http://www.mojohaus.org/versions-maven-plugin/ +[35]: https://www.mojohaus.org/versions-maven-plugin/ [36]: https://maven.apache.org/plugins/maven-deploy-plugin/ [37]: https://maven.apache.org/plugins/maven-gpg-plugin/ [38]: https://maven.apache.org/plugins/maven-source-plugin/ diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 0497f54..464f3a7 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [3.4.2](changes_3.4.2.md) * [3.4.1](changes_3.4.1.md) * [3.4.0](changes_3.4.0.md) * [3.3.4](changes_3.3.4.md) diff --git a/doc/changes/changes_3.4.2.md b/doc/changes/changes_3.4.2.md new file mode 100644 index 0000000..178acb8 --- /dev/null +++ b/doc/changes/changes_3.4.2.md @@ -0,0 +1,42 @@ +# Test Database Builder for Java 3.4.2, released 2023-01-18 + +Code name: Fix vulnerabilities in dependencies on top of 3.4.1 + +## Summary + +Updated dependencies on top of version 3.4.1 to fix vulnerabilities. + +## Bugfixes + +* #110: Updated dependencies + +## Dependency Updates + +### Test Dependency Updates + +* Updated `com.exasol:exasol-jdbc:7.1.11` to `7.1.17` +* Updated `com.exasol:exasol-testcontainers:6.2.0` to `6.5.0` +* Updated `com.google.protobuf:protobuf-java:3.21.8` to `3.21.12` +* Updated `com.oracle.database.jdbc:ojdbc11:21.7.0.0` to `21.8.0.0` +* Updated `nl.jqno.equalsverifier:equalsverifier:3.10.1` to `3.12.3` +* Updated `org.junit-pioneer:junit-pioneer:1.7.1` to `1.9.1` +* Updated `org.junit.jupiter:junit-jupiter-api:5.9.1` to `5.9.2` +* Updated `org.junit.jupiter:junit-jupiter:5.9.1` to `5.9.2` +* Updated `org.mockito:mockito-junit-jupiter:4.8.1` to `5.0.0` +* Updated `org.postgresql:postgresql:42.5.0` to `42.5.1` +* Updated `org.testcontainers:junit-jupiter:1.17.5` to `1.17.6` +* Updated `org.testcontainers:mysql:1.17.5` to `1.17.6` +* Updated `org.testcontainers:oracle-xe:1.17.5` to `1.17.6` +* Updated `org.testcontainers:postgresql:1.17.5` to `1.17.6` + +### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:1.1.2` to `1.2.1` +* Updated `com.exasol:project-keeper-maven-plugin:2.8.0` to `2.9.1` +* Updated `io.github.zlika:reproducible-build-maven-plugin:0.15` to `0.16` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1` to `3.0.0` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5` to `3.0.0-M7` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.4.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5` to `3.0.0-M7` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.2.7` to `1.3.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.10.0` to `2.13.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 4d0aac8..7e87a1c 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol test-db-builder-java-generated-parent - 3.4.1 + 3.4.2 pom UTF-8 @@ -12,6 +12,16 @@ true + + + ossrh + https://oss.sonatype.org/content/repositories/snapshots + + + ossrh + https://oss.sonatype.org/service/local/staging/deploy/maven2/ + + MIT License @@ -72,7 +82,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.2.7 + 1.3.0 true oss @@ -111,7 +121,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M5 + 3.0.0-M7 @@ -122,7 +132,7 @@ org.codehaus.mojo versions-maven-plugin - 2.10.0 + 2.13.0 display-updates @@ -140,7 +150,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.0.0-M1 + 3.0.0 true @@ -181,7 +191,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.4.0 + 3.4.1 attach-javadocs @@ -220,7 +230,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.0.0-M5 + 3.0.0-M7 @@ -282,7 +292,7 @@ com.exasol error-code-crawler-maven-plugin - 1.1.2 + 1.2.1 verify @@ -295,7 +305,7 @@ io.github.zlika reproducible-build-maven-plugin - 0.15 + 0.16 strip-jar diff --git a/pom.xml b/pom.xml index cea7891..e58afbc 100644 --- a/pom.xml +++ b/pom.xml @@ -2,13 +2,13 @@ 4.0.0 test-db-builder-java - 3.4.1 + 3.4.2 Test Database Builder for Java pom.xml https://github.com/exasol/test-db-builder-java/ - 5.9.1 - 1.17.5 + 5.9.2 + 1.17.6 @@ -20,27 +20,11 @@ https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - maven.exasol.com - https://maven.exasol.com/artifactory/exasol-releases - - false - - - - maven.exasol.com-snapshots - https://maven.exasol.com/artifactory/exasol-snapshots - - true - - - com.exasol exasol-jdbc - 7.1.11 + 7.1.17 test @@ -53,25 +37,25 @@ com.google.protobuf protobuf-java - 3.21.8 + 3.21.12 test org.postgresql postgresql - 42.5.0 + 42.5.1 test com.oracle.database.jdbc ojdbc11 - 21.7.0.0 + 21.8.0.0 test org.junit-pioneer junit-pioneer - 1.7.1 + 1.9.1 test @@ -82,7 +66,7 @@ com.exasol exasol-testcontainers - 6.2.0 + 6.5.0 test @@ -106,7 +90,7 @@ org.testcontainers oracle-xe - 1.17.5 + 1.17.6 test @@ -136,13 +120,13 @@ org.mockito mockito-junit-jupiter - 4.8.1 + 5.0.0 test nl.jqno.equalsverifier equalsverifier - 3.10.1 + 3.12.3 test @@ -172,7 +156,7 @@ com.exasol project-keeper-maven-plugin - 2.8.0 + 2.9.1 @@ -186,7 +170,7 @@ test-db-builder-java-generated-parent com.exasol - 3.4.1 + 3.4.2 pk_generated_parent.pom - \ No newline at end of file + From 491182b4b07a3b67d1df611d3315389d9324056e Mon Sep 17 00:00:00 2001 From: KK Date: Wed, 18 Jan 2023 08:03:24 +0100 Subject: [PATCH 2/4] updated changes file --- doc/changes/changes_3.4.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_3.4.2.md b/doc/changes/changes_3.4.2.md index 178acb8..dbaeed1 100644 --- a/doc/changes/changes_3.4.2.md +++ b/doc/changes/changes_3.4.2.md @@ -4,7 +4,7 @@ Code name: Fix vulnerabilities in dependencies on top of 3.4.1 ## Summary -Updated dependencies on top of version 3.4.1 to fix vulnerabilities. +Updated dependencies on top of version 3.4.1 to fix vulnerability CVE-2022-41946 in test dependency to `org.postgresql:postgresql:jar:42.5.0`. ## Bugfixes From 957b2bdbc811c50acb106362cb3b62eb50c98305 Mon Sep 17 00:00:00 2001 From: KK Date: Wed, 18 Jan 2023 08:19:39 +0100 Subject: [PATCH 3/4] Updated config of broken links checker and excluded PK warning --- .github/workflows/broken_links_checker.yml | 7 +++++-- .project-keeper.yml | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 29071df..c0558d2 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -19,9 +19,12 @@ jobs: - name: Configure broken links checker run: | mkdir -p ./target - echo '{ "aliveStatusCodes": [429, 200], "ignorePatterns": [{"pattern": "^https?://(www.)?opensource.org"}] }' > ./target/broken_links_checker.json + echo '{ "aliveStatusCodes": [429, 200], "ignorePatterns": [' \ + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + ']}' > ./target/broken_links_checker.json - uses: gaurav-nelson/github-action-markdown-link-check@v1 with: use-quiet-mode: 'yes' use-verbose-mode: 'yes' - config-file: ./target/broken_links_checker.json \ No newline at end of file + config-file: ./target/broken_links_checker.json diff --git a/.project-keeper.yml b/.project-keeper.yml index 051e131..a0e6647 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -10,5 +10,5 @@ linkReplacements: - https://developers.google.com/protocol-buffers/protobuf-java/|https://developers.google.com/protocol-buffers - LICENSE-exasol-jdbc.txt|https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm excludes: - - "xE-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'" - "[WARNING] W-PK-CORE-155: Could not detect latest available version of project-keeper. Server returned HTTP response code: 504 for URL: https://search.maven.org/solrsearch/select?q=g:com.exasol+AND+a:project-keeper-maven-plugin&wt=json. Please check network connection and response from 'https://search.maven.org/solrsearch/select?q=g:com.exasol+AND+a:project-keeper-maven-plugin&wt=json'" + - "E-PK-CORE-18: Outdated content: '.github/workflows/broken_links_checker.yml'" From 2c05daaf437ca2626276c9c517276e2a7797ae6e Mon Sep 17 00:00:00 2001 From: KK Date: Wed, 18 Jan 2023 09:44:09 +0100 Subject: [PATCH 4/4] fixed review findings --- .gitattributes | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitattributes b/.gitattributes index 7177823..2e2cd64 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,9 +2,10 @@ pk_generated_parent.pom linguist-genera dependencies.md linguist-generated=true doc/changes/changelog.md linguist-generated=true .github/workflows/broken_links_checker.yml linguist-generated=true -.github/workflows/ci-build-next-java.yml linguist-generated=true -.github/workflows/ci-build.yml linguist-generated=true -.github/workflows/dependencies_check.yml linguist-generated=true -.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true -.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true +.github/workflows/ci-build-next-java.yml linguist-generated=true +.github/workflows/ci-build.yml linguist-generated=true +.github/workflows/dependencies_check.yml linguist-generated=true +.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true +.github/workflows/release_droid_release_on_maven_central.yml linguist-generated=true +.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true .github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true