Update to 2.6.0 #137
Update to 2.6.0 #137
Conversation
DB JARs for v10.2.11 are the last ones actually currently available. Please see https://github.com/vorburger/MariaDB4j/issues/484 for the full background about why this is being done. Includes disabling building the DBs' JARs on Travis (for now). Anyone reading this is invited to contributed a PR for MariaDB4j#484 enabling later DB releases (for all platforms) to successfully build.
Bumps [maven-plugin-annotations](https://github.com/apache/maven-plugin-tools) from 3.6.0 to 3.6.2. - [Release notes](https://github.com/apache/maven-plugin-tools/releases) - [Commits](apache/maven-plugin-tools@maven-plugin-tools-3.6.0...maven-plugin-tools-3.6.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugin-tools:maven-plugin-annotations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [maven-plugin-plugin](https://github.com/apache/maven-plugin-tools) from 3.6.0 to 3.6.2. - [Release notes](https://github.com/apache/maven-plugin-tools/releases) - [Commits](apache/maven-plugin-tools@maven-plugin-tools-3.6.0...maven-plugin-tools-3.6.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-plugin-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Libraries without a set automatic module name causes build warnings for all clients who build with Java >= 9. Also bump version of the Exec library, to use a version which has the automatic module name set.
Bumps `springboot.version` from 2.5.2 to 2.6.0. Updates `spring-boot-dependencies` from 2.5.2 to 2.6.0 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.5.2...v2.6.0) Updates `spring-boot-maven-plugin` from 2.5.2 to 2.6.0 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.5.2...v2.6.0) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-dependencies dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.22 to 8.0.27. - [Release notes](https://github.com/mysql/mysql-connector-j/releases) - [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES) - [Commits](mysql/mysql-connector-j@8.0.22...8.0.27) --- updated-dependencies: - dependency-name: mysql:mysql-connector-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [maven-compat](https://github.com/apache/maven) from 3.6.3 to 3.8.4. - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) --- updated-dependencies: - dependency-name: org.apache.maven:maven-compat dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps `maven.version` from 3.6.3 to 3.8.4. Updates `maven-plugin-api` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) Updates `maven-core` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) Updates `maven-model` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) Updates `maven-artifact` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) Updates `maven-settings` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) Updates `maven-settings-builder` from 3.6.3 to 3.8.4 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.6.3...maven-3.8.4) --- updated-dependencies: - dependency-name: org.apache.maven:maven-plugin-api dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.maven:maven-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.maven:maven-model dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.maven:maven-artifact dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.maven:maven-settings dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.maven:maven-settings-builder dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.31 to 1.7.32. - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/commits) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps commons-io from 2.10.0 to 2.11.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [assertj-core](https://github.com/assertj/assertj-core) from 3.17.2 to 3.21.0. - [Release notes](https://github.com/assertj/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.17.2...assertj-core-3.21.0) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases) - [Commits](apache/maven-project-info-reports-plugin@maven-project-info-reports-plugin-3.1.1...maven-project-info-reports-plugin-3.1.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-common-artifact-filters/releases) - [Commits](apache/maven-common-artifact-filters@maven-common-artifact-filters-3.1.0...maven-common-artifact-filters-3.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
This doesn't fix https://github.com/vorburger/MariaDB4j/issues/488, but still seems like a good idea to do, because the currently used Maven version (or that test dependency) seems to use IO 2.4.1 as well, so this does not appear to be required anymore now.
…from Maven plugin (but it's still transitively inherited)
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.8.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.8.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This reverts commit c7e4cae.
This reverts commit 926f2bb.
[maven-release-plugin] copy for tag mariaDB4j-2.6.0
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| } | ||
|
|
||
| public boolean isWindows() { | ||
| return WIN32.equals(getOS()); |
There was a problem hiding this comment.
YodaCondition: The non-constant portion of an equals check generally comes first.
| return WIN32.equals(getOS()); | |
| return Objects.equals(getOS(), WIN32); |
❗❗ 2 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/springframework/MariaDB4jSpringService.java | 94 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/springframework/MariaDB4jSpringService.java | 88 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
|
||
| public DBConfigurationBuilder setExecutable(Executable executable, String path) { | ||
| checkIfFrozen("setExecutable"); | ||
| executables.put(requireNonNull(executable, "executable"), () -> new File(requireNonNull(path, "path"))); |
There was a problem hiding this comment.
PATH_TRAVERSAL_IN: This API (java/io/File.(Ljava/lang/String;)V) reads a file whose location might be specified by user input
❗❗ 6 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 401 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 410 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 406 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 402 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 403 |
| mariaDB4j-core/src/main/java/ch/vorburger/mariadb4j/DBConfigurationBuilder.java | 404 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
🛠 Lift Auto-fixSome of the Lift findings in this PR can be automatically fixed. You can download and apply these changes in your local project directory of your branch to review the suggestions before committing.1 # Download the patch
curl https://lift.sonatype.com/api/patch/github.com/craftercms/MariaDB4j/137.diff -o lift-autofixes.diff
# Apply the patch with git
git apply lift-autofixes.diff
# Review the changes
git diffWant it all in a single command? Open a terminal in your project's directory and copy and paste the following command: curl https://lift.sonatype.com/api/patch/github.com/craftercms/MariaDB4j/137.diff | git applyOnce you're satisfied, commit and push your changes in your project. Footnotes |
phuongnq
force-pushed
the
feature/craftercms-5929
branch
2 times, most recently
from
d8e0c88
to
538bd3b
Compare
| getLibDir(), _getDataDir(), WIN64.equals(getOS()), _getArgs(), _getOSLibraryEnvironmentVarName(), | ||
| isSecurityDisabled(), isDeletingTemporaryBaseAndDataDirsOnShutdown(), this::getURL, | ||
| return new DBConfiguration.Impl(_getPort(), _getSocket(), _getBinariesClassPathLocation(), getBaseDir(), getLibDir(), _getDataDir(), | ||
| _getTmpDir(), WIN64.equals(getOS()), _getArgs(), _getOSLibraryEnvironmentVarName(), isSecurityDisabled(), |
There was a problem hiding this comment.
YodaCondition: The non-constant portion of an equals check generally comes first.
| _getTmpDir(), WIN64.equals(getOS()), _getArgs(), _getOSLibraryEnvironmentVarName(), isSecurityDisabled(), | |
| _getTmpDir(), Objects.equals(getOS(), WIN64), _getArgs(), _getOSLibraryEnvironmentVarName(), isSecurityDisabled(), |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
phuongnq
force-pushed
the
feature/craftercms-5929
branch
3 times, most recently
from
74bd340
to
f4c6b91
Compare
| @@ -202,7 +205,8 @@ synchronized protected void runMysqlSecureInstallationScript() throws ManagedPro | |||
| } | |||
|
|
|||
| boolean secured = false; | |||
| try (Connection conn = DriverManager.getConnection(configuration.getURL("mysql"), "root", "")) { | |||
| String jdbcUrl = "jdbc:mysql://localhost:" + configuration.getPort() + "/mysql"; | |||
| try (Connection conn = DriverManager.getConnection(jdbcUrl, "root", "")) { | |||
There was a problem hiding this comment.
HARD_CODE_PASSWORD: Hard coded password found
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -202,7 +205,8 @@ synchronized protected void runMysqlSecureInstallationScript() throws ManagedPro | |||
| } | |||
|
|
|||
| boolean secured = false; | |||
| try (Connection conn = DriverManager.getConnection(configuration.getURL("mysql"), "root", "")) { | |||
| String jdbcUrl = "jdbc:mysql://localhost:" + configuration.getPort() + "/mysql"; | |||
| try (Connection conn = DriverManager.getConnection(jdbcUrl, "root", "")) { | |||
There was a problem hiding this comment.
DMI_EMPTY_DB_PASSWORD: Empty database password in ch.vorburger.mariadb4j.DB.runMysqlSecureInstallationScript()
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
phuongnq
force-pushed
the
feature/craftercms-5929
branch
from
f4c6b91
to
27b54c8
Compare
craftercms/craftercms#5929