DAT-15456 Possible vulnerability in extensions repository's workflows #514
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 30 commits
July 28, 2023 07:22
…o 4.23.1-SNAPSHOT for compatibility with Hibernate 6.1.7.Final chore(pom.xml): update liquibase.version from 0-SNAPSHOT to 4.23.0 for improved stability and bug fixes chore(pom.xml): update maven-release-plugin version from 3.0.1 to 3.0.1 for compatibility with the latest Maven release plugin feat(pom.xml): add maven-jar-plugin configuration to include manifest entries for Liquibase version and project information feat(pom.xml): add nexus-staging-maven-plugin configuration for deployment to Sonatype Nexus repository feat(pom.xml): add maven-shade-plugin configuration for creating an uber-jar with shaded dependencies feat(pom.xml): add versions-maven-plugin configuration to generate backup POMs during version updates feat(pom.xml): add maven-release-plugin configuration to include a custom SCM comment prefix during releases feat(pom.xml): add distributionManagement configuration for deployment to Sonatype Nexus repository feat(pom.xml): add coverage profile with jacoco-maven-plugin configuration for code coverage reporting in CI environment feat(pom.xml): add release profile with maven-source-plugin, maven-javadoc-plugin, and copy-rename-maven-plugin configurations for generating sources, javadocs, and renaming the POM during release
…ncies The copy-rename-maven-plugin is added as a dependency with version 1.0.1 to enable renaming and copying files during the build process.
The maven-source-plugin was removed as it was not being used in the project. This helps to reduce unnecessary dependencies and improve build time.
…3 for improved functionality and bug fixes
… during compile phase
…tibility with Java 8 chore(pom.xml): update Hibernate version to 6.1.7.Final chore(pom.xml): update Spring version to 6.0.11
…ve compatibility issues
…tibility and bug fixes feat(pom.xml): add dependencies for JUnit Jupiter (junit-jupiter-api, junit-jupiter-engine, junit-jupiter-params) for improved testing capabilities feat(pom.xml): update junit version from 4.13.2 to 5.9.3 for compatibility and new features feat(pom.xml): update mockito-core version from 4.11.0 to 4.8.0 for compatibility and bug fixes feat(pom.xml): add mockito-junit-jupiter dependency for integration of Mockito with JUnit Jupiter
…atibility issues with existing tests
- Remove the <release>17</release> and <optimize>true</optimize> configuration options - Add <compilerArgs> with <arg>-Xlint:all</arg> to enable all compiler warnings - Add <showWarnings>true</showWarnings> to display compiler warnings - Add <showDeprecation>true</showDeprecation> to display deprecation warnings
…in version feat(pom.xml): update junit dependency version to 4.13.2 for testing
…usion of groovy-testng to resolve test failures
…cies The liquibase-test-harness dependency has been updated from version 1.0.5 to version 1.0.9. This update is necessary to ensure compatibility with the latest changes in the test harness. The spock-core dependency has been updated from version 2.0-groovy-3.0 to version 2.4-M1-groovy-3.0. This update includes bug fixes and improvements in the Spock testing framework. These updates will enhance the testing capabilities of the project and ensure compatibility with the latest versions of the dependencies.
The following changes were made to the pom.xml file: - Added dependencies for Mockito testing framework (mockito-core and mockito-junit-jupiter) - Added dependencies for JUnit Jupiter testing framework (junit-jupiter-api, junit-jupiter-engine, and junit-jupiter-params) - Updated versions of Jupiter dependencies to 5.9.3 - Updated version of Mockito Core to 4.11.0 - Updated version of Mockito JUnit Jupiter to 4.8.0
…lve compatibility issues with other dependencies
…lve compatibility issues with other dependencies
… latest features and bug fixes chore(pom.xml): remove JUnit 4.13.2 dependency as it is no longer needed
…simplify build process
… test execution feat(pom.xml): add Maven Surefire plugin with configuration to redirect test output to file and use plain report format
…ved test framework functionality
The `maven-surefire-plugin` configuration in the `pom.xml` file has been updated to include the execution of unit tests during the `test` phase. This change allows the unit tests to be executed automatically when running the Maven `test` goal. The following changes were made: - Uncommented the `<skipTests>` element to enable the execution of unit tests. - Added an `<executions>` section to configure the execution of unit tests during the `test` phase. - Added a `<dependencies>` section to include the `surefire-junit-platform` dependency for running JUnit 5 tests. These changes ensure that unit tests are executed as part of the build process, providing better test coverage and ensuring the reliability of the codebase.
…olve compatibility issues with other dependencies
… coverage analysis chore(pom.xml): configure jacoco-maven-plugin to include jacoco.exec file in target directory for code coverage analysis
- Add liquibase-core dependency to manage database migrations - Add groovy-all dependency for testing purposes - Add spock-core dependency for testing purposes - Add liquibase-test-harness dependency for testing purposes - Add snakeyaml dependency for testing purposes - Remove duplicate liquibase-core and snakeyaml dependencies - Add assertj-core dependency for testing purposes - Add spock-reports dependency for testing purposes
The following dependencies were removed from the pom.xml file: - org.spockframework:spock-core:2.4-M1-groovy-3.0 (test scope) - com.athaydes:spock-reports:2.3.2-groovy-3.0 (test scope) These dependencies were removed because they were no longer needed in the project.
The JUnit and Mockito dependencies were removed from the pom.xml file as they were not being used in the project. This helps to reduce unnecessary dependencies and improve the overall cleanliness of the project.
… and mockito-junit-jupiter to declutter the pom.xml file
…ests during build feat(pom.xml): add system property variables for Spock framework test reports output directory feat(pom.xml): include integration tests in the test execution phase
…essary dependencies
added 17 commits
July 28, 2023 11:42
…o 4.23.1-SNAPSHOT chore(pom.xml): update liquibase.version from 0-SNAPSHOT to 4.23.0
…tibility with Java 8 feat(pom.xml): add maven enforcer plugin to enforce Java version 1.8 during compile phase
…all compiler warnings and deprecations The maven-compiler-plugin configuration in the pom.xml file has been updated to enable all compiler warnings and deprecations. This will help identify potential issues and deprecated code in the project during the compilation process. The `<compilerArgs>` section has been added with the `<arg>-Xlint:all</arg>` argument to enable all compiler warnings. Additionally, the `<showWarnings>` and `<showDeprecation>` properties have been set to true to display the warnings and deprecations during the compilation process.
…er performance and maintainability feat(pom.xml): set source and target versions to 1.8 for compatibility with Java 8 refactor(pom.xml): remove unnecessary compilerArgs, showWarnings, and showDeprecation configurations
…er-plugin The source configuration in the maven-compiler-plugin is redundant as it is already specified in the project's configuration. Removing it to improve clarity and avoid duplication.
…additional compiler warnings and deprecations The maven-compiler-plugin configuration in the pom.xml file has been updated to include the following changes: - Added the compiler argument "-Xlint:all" to enable all compiler warnings - Set the showWarnings property to true to display compiler warnings - Set the showDeprecation property to true to display deprecation warnings These changes are made to improve code quality and catch potential issues during the compilation process.
….8 for compatibility chore(pom.xml): add Maven resource filtering for src/main/resources directory chore(pom.xml): add Maven plugin management for jacoco-maven-plugin version 0.8.10 chore(pom.xml): remove maven-enforcer-plugin configuration for Java version enforcement chore(pom.xml): add maven-failsafe-plugin version 3.1.2 for integration testing chore(pom.xml): add maven-jar-plugin version 3.3.0 for manifest entries configuration chore(pom.xml): add nexus-staging-maven-plugin version 1.6.13 for deployment to Sonatype Nexus chore(pom.xml): add maven-shade-plugin version 3.5.0 for creating an uber-jar chore(pom.xml): add versions-maven-plugin version 2.16.0 for managing project versions chore(pom.xml): add maven-source-plugin version 3.3.0 for attaching sources to the build chore(pom.xml): add build-helper-maven-plugin version 3.4.0 for adding additional build sources chore(pom.xml): add maven-javadoc-plugin version 3.5.0 for generating Javadoc chore(pom.xml): add jacoco-maven-plugin configuration for code coverage reporting chore(pom.xml): add sonar-maven-plugin version 3.9.1.2184 for SonarQube integration chore(pom.xml): remove liquibase-sdk-maven-plugin configuration chore(pom.xml): add distributionManagement configuration for deployment repositories chore(pom.xml): add coverage profile for code coverage reporting in CI environment chore(pom.xml): add release profile for deployment to Sonatype in CI environment chore(pom.xml): add maven-javadoc-plugin configuration for generating Javadoc in release profile chore(pom.xml): add copy-rename-maven-plugin for copying and renaming the pom.xml file in release profile
…y configuration chore(pom.xml): remove unused Maven resources plugin configuration chore(pom.xml): remove unused Maven failsafe plugin configuration chore(pom.xml): remove unused Maven build-helper plugin configuration chore(pom.xml): remove unused Maven jar plugin configuration chore(pom.xml): remove unused Maven shade plugin configuration chore(pom.xml): remove unused Maven versions plugin configuration chore(pom.xml): remove unused Maven enforcer plugin configuration chore(pom.xml): remove unused Maven source plugin configuration chore(pom.xml): remove unused Maven jacoco plugin configuration chore(pom.xml): remove unused Maven sonar plugin configuration chore(pom.xml): remove unused Maven profiles and distribution management configuration feat(pom.xml): add Liquibase SDK Maven plugin to enable Liquibase integration
The groupId for the hibernate dependencies was incorrect. It was changed from "org.hibernate.orm" to "org.hibernate" to match the correct groupId. This ensures that the correct hibernate dependencies are being used in the project.
…nal for compatibility reasons chore(pom.xml): update spring.version from 6.0.11 to 6.0.11 for compatibility reasons chore(pom.xml): update liquibase.version from 4.23.0 to 4.23.0 for compatibility reasons
…lity and bug fixes chore(pom.xml): update spring version to 6.0.11 for compatibility and bug fixes chore(pom.xml): update liquibase version to 4.23.0 for compatibility and bug fixes chore(pom.xml): update maven compiler source and target to 1.8 for compatibility with Java 8 chore(pom.xml): update hibernate groupIds to org.hibernate.orm for consistency feat(pom.xml): add maven-enforcer-plugin to enforce Java version 1.8 during compile phase
…ate tests on Java 8/11 chore(pom.xml): update Maven compiler plugin configuration to use Java 17 and optimize compilation
…ose output during test execution
The 'run-its' profile in the pom.xml file is no longer needed and has been removed to simplify the build configuration.
…compatibility with other dependencies chore(pom.xml): remove unnecessary line break in the configuration section
jandroav
changed the title
|
Label error: This PR is being prevented from merging because you have not added one of the labels: breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest. You'll need to add it before this PR can be merged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.