diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..059293b
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,9 @@
+*.sh text eol=lf
+
+.github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true
+.github/workflows/ci-build-next-java.yml linguist-generated=true
+.github/workflows/broken_links_checker.yml linguist-generated=true
+.github/workflows/dependencies_check.yml linguist-generated=true
+dependencies.md linguist-generated=true
+pk_generated_parent.pom linguist-generated=true
+doc/changes/changelog.md linguist-generated=true
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index cb641d7..6a1006c 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -26,8 +26,7 @@ jobs:
- name: Run tests and build with Maven
run: |
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
- -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
- -Pscala2.13
+ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
- name: Publish Test Report
uses: scacap/action-surefire-report@v1
if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 6285643..a69cc23 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -8,14 +8,9 @@ on:
jobs:
build:
- name: Building with Scala ${{ matrix.scala-version }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
- matrix:
- include:
- - { scala-version: 'scala2.12' }
- - { scala-version: 'scala2.13' }
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
@@ -39,27 +34,24 @@ jobs:
- name: Run scalafix linting
run: |
mvn --batch-mode clean compile test scalafix:scalafix \
- -P${{ matrix.scala-version }} \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false
- name: Run tests and build with Maven
run: |
- mvn --batch-mode verify \
- -P${{ matrix.scala-version }} \
+ mvn --batch-mode clean verify \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false
- name: Publish Test Report
uses: scacap/action-surefire-report@v1
- if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' && startsWith(matrix.scala-version, 'scala2.13') }}
+ if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Sonar analysis
- if: ${{ env.SONAR_TOKEN != null && startsWith(matrix.scala-version, 'scala2.13') }}
+ if: ${{ env.SONAR_TOKEN != null }}
run: |
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
- -P${{ matrix.scala-version }} \
-Dsonar.organization=exasol \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login=$SONAR_TOKEN
diff --git a/.github/workflows/createReleasePom.sh b/.github/workflows/createReleasePom.sh
index 84c1b46..f55c43f 100755
--- a/.github/workflows/createReleasePom.sh
+++ b/.github/workflows/createReleasePom.sh
@@ -1,5 +1,9 @@
#!/usr/bin/env bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
if ! command -v xmlstarlet &> /dev/null
then
echo "xmlstarlet tool is not available, please install it to continue."
diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
index bf7f60d..4a980f8 100644
--- a/.github/workflows/release_droid_prepare_original_checksum.yml
+++ b/.github/workflows/release_droid_prepare_original_checksum.yml
@@ -5,14 +5,7 @@ on:
jobs:
build:
- name: Build for Scala version ${{ matrix.scala-version }}
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- include:
- - { scala-version: 'scala2.12' }
- - { scala-version: 'scala2.13' }
steps:
- name: Checkout the repository
uses: actions/checkout@v3
@@ -24,10 +17,10 @@ jobs:
distribution: 'temurin'
java-version: 11
cache: 'maven'
- - name: Run tests and build with Maven for ${{ matrix.scala-version }}
- run: |
- mvn --batch-mode clean verify --file pom.xml \
- -P${{ matrix.scala-version }}
+ - name: Enable testcontainer reuse
+ run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
+ - name: Run tests and build with Maven
+ run: mvn --batch-mode clean verify --file pom.xml
- name: Prepare checksum
run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum
- name: Upload checksum to the artifactory
@@ -35,4 +28,4 @@ jobs:
with:
name: original_checksum
retention-days: 5
- path: original_checksum
+ path: original_checksum
\ No newline at end of file
diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
index d2ae266..8add957 100644
--- a/.github/workflows/release_droid_print_quick_checksum.yml
+++ b/.github/workflows/release_droid_print_quick_checksum.yml
@@ -5,14 +5,7 @@ on:
jobs:
build:
- name: Build for Scala version ${{ matrix.scala-version }}
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- include:
- - { scala-version: 'scala2.12' }
- - { scala-version: 'scala2.13' }
steps:
- name: Checkout the repository
uses: actions/checkout@v3
@@ -24,10 +17,8 @@ jobs:
distribution: 'temurin'
java-version: 11
cache: 'maven'
- - name: Build with Maven skipping tests for ${{ matrix.scala-version }}
- run: |
- mvn --batch-mode clean verify \
- -P${{ matrix.scala-version }} \
- -DskipTests
+ - name: Build with Maven skipping tests
+ run: mvn --batch-mode clean verify -DskipTests
- name: Print checksum
run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end'
+
diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml
index da8b1f6..600b10a 100644
--- a/.github/workflows/release_droid_release_on_maven_central.yml
+++ b/.github/workflows/release_droid_release_on_maven_central.yml
@@ -5,14 +5,7 @@ on:
jobs:
publish:
- name: Publish for Scala version ${{ matrix.scala-version }}
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- include:
- - { scala-version: 'scala2.12' }
- - { scala-version: 'scala2.13' }
steps:
- name: Checkout the repository
uses: actions/checkout@v3
@@ -33,15 +26,11 @@ jobs:
run: sudo apt install -y --no-install-recommends xmlstarlet
- name: Update release pom file
run: ./.github/workflows/createReleasePom.sh
- - name: Publish to Central Repository for ${{ matrix.scala-version }}
- run: |
- mvn --file release-pom.xml clean deploy \
- -P${{ matrix.scala-version }} \
- -Dgpg.skip=false \
- -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} \
- -DskipTests
+ - name: Publish to Central Repository
+ run: mvn --file release-pom.xml --batch-mode -Dgpg.skip=false -DskipTests clean deploy
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: Remove release pom file
run: rm -rf release-pom.xml
\ No newline at end of file
diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
index 599152e..7350faf 100644
--- a/.github/workflows/release_droid_upload_github_release_assets.yml
+++ b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -9,14 +9,7 @@ on:
jobs:
build:
- name: Build for Scala version ${{ matrix.scala-version }}
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- include:
- - { scala-version: 'scala2.12' }
- - { scala-version: 'scala2.13' }
steps:
- name: Checkout the repository
uses: actions/checkout@v3
@@ -28,13 +21,12 @@ jobs:
distribution: 'temurin'
java-version: 11
cache: 'maven'
- - name: Build with Maven skipping tests for ${{ matrix.scala-version }}
- run: |
- mvn --batch-mode clean verify \
- -P${{ matrix.scala-version }} \
- -DskipTests
+ - name: Build with Maven skipping tests
+ run: mvn --batch-mode clean verify -DskipTests
- name: Generate sha256sum files
- run: find target -maxdepth 1 -name *.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
+ run: |
+ cd target
+ find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
- name: Upload assets to the GitHub release draft
uses: shogo82148/actions-upload-release-asset@v1
with:
@@ -46,7 +38,6 @@ jobs:
upload_url: ${{ github.event.inputs.upload_url }}
asset_path: target/*.sha256
- name: Upload error-code-report
- if: ${{ matrix.scala-version == 'scala2.13' }}
uses: shogo82148/actions-upload-release-asset@v1
with:
upload_url: ${{ github.event.inputs.upload_url }}
diff --git a/.project-keeper.yml b/.project-keeper.yml
index 5e0914b..cc88516 100644
--- a/.project-keeper.yml
+++ b/.project-keeper.yml
@@ -11,9 +11,4 @@ linkReplacements:
- "http://nexus.sonatype.org/oss-repository-hosting.html/scalatest-maven-plugin|https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin"
excludes:
- "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build.yml'"
- - "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build-next-java.yml'"
- - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_prepare_original_checksum.yml'"
- - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_print_quick_checksum.yml'"
- - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_upload_github_release_assets.yml'"
- "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'"
- - regex: "(?s)E-PK-CORE-62: The project's README.md does not contain a valid badges block. Please add or replace the following badges:.*"
diff --git a/README.md b/README.md
index fda58fb..2f9dc29 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,7 @@
# Import Export UDF Common Scala
[](https://github.com/exasol/import-export-udf-common-scala/actions/workflows/ci-build.yml)
-
-Scala 2.13: [](https://search.maven.org/artifact/com.exasol/import-export-udf-common-scala_2.13)
-Scala 2.12: [](https://search.maven.org/artifact/com.exasol/import-export-udf-common-scala_2.12)
+[](https://search.maven.org/artifact/com.exasol/import-export-udf-common-scala)
[](https://sonarcloud.io/dashboard?id=com.exasol%3Aimport-export-udf-common-scala)
diff --git a/dependencies.md b/dependencies.md
index d6b869a..05c3007 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -7,7 +7,7 @@
| -------------------------------------- | --------------------------------------------- |
| [Scala Library][0] | [Apache-2.0][1] |
| [Java Interface for EXASOL Scripts][2] | [MIT License][3] |
-| [error-reporting-java][4] | [MIT][5] |
+| [error-reporting-java][4] | [MIT License][5] |
| [Apache Avro][6] | [Apache License, Version 2.0][7] |
| [jackson-databind][8] | [The Apache Software License, Version 2.0][9] |
| [jackson-module-scala][10] | [The Apache Software License, Version 2.0][7] |
@@ -32,36 +32,36 @@
| [Apache Maven Enforcer Plugin][24] | [Apache License, Version 2.0][7] |
| [Maven Flatten Plugin][25] | [Apache Software Licenese][9] |
| [org.sonatype.ossindex.maven:ossindex-maven-plugin][26] | [ASL2][9] |
-| [Reproducible Build Maven Plugin][27] | [Apache 2.0][9] |
-| [scala-maven-plugin][28] | [Public domain (Unlicense)][29] |
-| [Maven Surefire Plugin][30] | [Apache License, Version 2.0][7] |
-| [Versions Maven Plugin][31] | [Apache License, Version 2.0][7] |
-| [Apache Maven Deploy Plugin][32] | [Apache License, Version 2.0][7] |
-| [Apache Maven GPG Plugin][33] | [Apache License, Version 2.0][7] |
-| [Apache Maven Source Plugin][34] | [Apache License, Version 2.0][7] |
-| [Apache Maven Javadoc Plugin][35] | [Apache License, Version 2.0][7] |
-| [Nexus Staging Maven Plugin][36] | [Eclipse Public License][37] |
-| [JaCoCo :: Maven Plugin][38] | [Eclipse Public License 2.0][39] |
-| [error-code-crawler-maven-plugin][40] | [MIT][5] |
-| [ScalaTest Maven Plugin][41] | [the Apache License, ASL Version 2.0][16] |
-| [Apache Maven Assembly Plugin][42] | [Apache License, Version 2.0][7] |
-| [OpenFastTrace Maven Plugin][43] | [GNU General Public License v3.0][44] |
-| [Project keeper maven plugin][45] | [The MIT License][46] |
-| [Scalastyle Maven Plugin][47] | [Apache 2.0][14] |
-| [spotless-maven-plugin][48] | [The Apache Software License, Version 2.0][7] |
-| [scalafix-maven-plugin][49] | [BSD-3-Clause][50] |
-| [Maven Clean Plugin][51] | [The Apache Software License, Version 2.0][9] |
-| [Maven Resources Plugin][52] | [The Apache Software License, Version 2.0][9] |
-| [Maven JAR Plugin][53] | [The Apache Software License, Version 2.0][9] |
-| [Maven Install Plugin][54] | [The Apache Software License, Version 2.0][9] |
-| [Maven Site Plugin 3][55] | [The Apache Software License, Version 2.0][9] |
+| [scala-maven-plugin][27] | [Public domain (Unlicense)][28] |
+| [Maven Surefire Plugin][29] | [Apache License, Version 2.0][7] |
+| [Versions Maven Plugin][30] | [Apache License, Version 2.0][7] |
+| [Apache Maven Deploy Plugin][31] | [Apache License, Version 2.0][7] |
+| [Apache Maven GPG Plugin][32] | [Apache License, Version 2.0][7] |
+| [Apache Maven Source Plugin][33] | [Apache License, Version 2.0][7] |
+| [Apache Maven Javadoc Plugin][34] | [Apache License, Version 2.0][7] |
+| [Nexus Staging Maven Plugin][35] | [Eclipse Public License][36] |
+| [JaCoCo :: Maven Plugin][37] | [Eclipse Public License 2.0][38] |
+| [error-code-crawler-maven-plugin][39] | [MIT License][40] |
+| [Reproducible Build Maven Plugin][41] | [Apache 2.0][9] |
+| [ScalaTest Maven Plugin][42] | [the Apache License, ASL Version 2.0][16] |
+| [Apache Maven Assembly Plugin][43] | [Apache License, Version 2.0][7] |
+| [OpenFastTrace Maven Plugin][44] | [GNU General Public License v3.0][45] |
+| [Project keeper maven plugin][46] | [The MIT License][47] |
+| [Scalastyle Maven Plugin][48] | [Apache 2.0][14] |
+| [spotless-maven-plugin][49] | [The Apache Software License, Version 2.0][7] |
+| [scalafix-maven-plugin][50] | [BSD-3-Clause][51] |
+| [Maven Clean Plugin][52] | [The Apache Software License, Version 2.0][9] |
+| [Maven Resources Plugin][53] | [The Apache Software License, Version 2.0][9] |
+| [Maven JAR Plugin][54] | [The Apache Software License, Version 2.0][9] |
+| [Maven Install Plugin][55] | [The Apache Software License, Version 2.0][9] |
+| [Maven Site Plugin 3][56] | [The Apache Software License, Version 2.0][9] |
[0]: https://www.scala-lang.org/
[1]: https://www.apache.org/licenses/LICENSE-2.0
[2]: http://www.exasol.com
[3]: https://mit-license.org/
-[4]: https://github.com/exasol/error-reporting-java
-[5]: https://opensource.org/licenses/MIT
+[4]: https://github.com/exasol/error-reporting-java/
+[5]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE
[6]: https://avro.apache.org
[7]: https://www.apache.org/licenses/LICENSE-2.0.txt
[8]: http://github.com/FasterXML/jackson
@@ -83,32 +83,33 @@
[24]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
[25]: https://www.mojohaus.org/flatten-maven-plugin/
[26]: https://sonatype.github.io/ossindex-maven/maven-plugin/
-[27]: http://zlika.github.io/reproducible-build-maven-plugin
-[28]: http://github.com/davidB/scala-maven-plugin
-[29]: http://unlicense.org/
-[30]: https://maven.apache.org/surefire/maven-surefire-plugin/
-[31]: http://www.mojohaus.org/versions-maven-plugin/
-[32]: https://maven.apache.org/plugins/maven-deploy-plugin/
-[33]: https://maven.apache.org/plugins/maven-gpg-plugin/
-[34]: https://maven.apache.org/plugins/maven-source-plugin/
-[35]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[36]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
-[37]: http://www.eclipse.org/legal/epl-v10.html
-[38]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[39]: https://www.eclipse.org/legal/epl-2.0/
-[40]: https://github.com/exasol/error-code-crawler-maven-plugin
-[41]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
-[42]: https://maven.apache.org/plugins/maven-assembly-plugin/
-[43]: https://github.com/itsallcode/openfasttrace-maven-plugin
-[44]: https://www.gnu.org/licenses/gpl-3.0.html
-[45]: https://github.com/exasol/project-keeper/
-[46]: https://github.com/exasol/project-keeper/blob/main/LICENSE
-[47]: http://www.scalastyle.org
-[48]: https://github.com/diffplug/spotless
-[49]: https://github.com/evis/scalafix-maven-plugin
-[50]: https://opensource.org/licenses/BSD-3-Clause
-[51]: http://maven.apache.org/plugins/maven-clean-plugin/
-[52]: http://maven.apache.org/plugins/maven-resources-plugin/
-[53]: http://maven.apache.org/plugins/maven-jar-plugin/
-[54]: http://maven.apache.org/plugins/maven-install-plugin/
-[55]: http://maven.apache.org/plugins/maven-site-plugin/
+[27]: http://github.com/davidB/scala-maven-plugin
+[28]: http://unlicense.org/
+[29]: https://maven.apache.org/surefire/maven-surefire-plugin/
+[30]: http://www.mojohaus.org/versions-maven-plugin/
+[31]: https://maven.apache.org/plugins/maven-deploy-plugin/
+[32]: https://maven.apache.org/plugins/maven-gpg-plugin/
+[33]: https://maven.apache.org/plugins/maven-source-plugin/
+[34]: https://maven.apache.org/plugins/maven-javadoc-plugin/
+[35]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
+[36]: http://www.eclipse.org/legal/epl-v10.html
+[37]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[38]: https://www.eclipse.org/legal/epl-2.0/
+[39]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[40]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[41]: http://zlika.github.io/reproducible-build-maven-plugin
+[42]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
+[43]: https://maven.apache.org/plugins/maven-assembly-plugin/
+[44]: https://github.com/itsallcode/openfasttrace-maven-plugin
+[45]: https://www.gnu.org/licenses/gpl-3.0.html
+[46]: https://github.com/exasol/project-keeper/
+[47]: https://github.com/exasol/project-keeper/blob/main/LICENSE
+[48]: http://www.scalastyle.org
+[49]: https://github.com/diffplug/spotless
+[50]: https://github.com/evis/scalafix-maven-plugin
+[51]: https://opensource.org/licenses/BSD-3-Clause
+[52]: http://maven.apache.org/plugins/maven-clean-plugin/
+[53]: http://maven.apache.org/plugins/maven-resources-plugin/
+[54]: http://maven.apache.org/plugins/maven-jar-plugin/
+[55]: http://maven.apache.org/plugins/maven-install-plugin/
+[56]: http://maven.apache.org/plugins/maven-site-plugin/
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 810afae..8afdcb1 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,6 +1,6 @@
# Changes
-* [0.4.3](changes_0.4.3.md)
+* [1.0.0](changes_1.0.0.md)
* [0.4.2](changes_0.4.2.md)
* [0.4.1](changes_0.4.1.md)
* [0.4.0](changes_0.4.0.md)
diff --git a/doc/changes/changes_0.4.3.md b/doc/changes/changes_0.4.3.md
deleted file mode 100644
index 90859ac..0000000
--- a/doc/changes/changes_0.4.3.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Import Export UDF Common Scala 0.4.3, released 2022-??-??
-
-Code name:
-
-## Summary
-
-## Refactoring
-
-* #29: Changed to Jacoco coverage plugin and fixed Sonar coverage badge
-
-## Dependency Updates
-
-### Test Dependency Updates
-
-* Added `nl.jqno.equalsverifier:equalsverifier:3.10.1`
-
-### Plugin Dependency Updates
-
-* Removed `org.scoverage:scoverage-maven-plugin:1.4.11`
diff --git a/doc/changes/changes_1.0.0.md b/doc/changes/changes_1.0.0.md
new file mode 100644
index 0000000..b02b935
--- /dev/null
+++ b/doc/changes/changes_1.0.0.md
@@ -0,0 +1,38 @@
+# Import Export UDF Common Scala 1.0.0, released 2022-10-26
+
+Code name: Fix vulnerabilities in dependencies
+
+## Summary
+
+This is release is a breaking change as it removes support for Scala 2.12, it only supports Scala 2.13. It also updates the following dependencies to fix vulnerabilities:
+* com.fasterxml.jackson.core:jackson-databind:jar:2.12.7:compile:
+ * CVE-2022-42003 CWE-502: Deserialization of Untrusted Data (7.5)
+ * CVE-2022-42004 CWE-502: Deserialization of Untrusted Data (7.5)
+* org.scala-lang:scala-library:jar:2.13.8:compile:
+ * CVE-2022-36944 CWE-502: Deserialization of Untrusted Data (9.8)
+
+## Features
+
+* #40: Fixed vulnerabilities in dependencies
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:error-reporting-java:0.4.1` to `1.0.0`
+* Updated `com.fasterxml.jackson.core:jackson-databind:2.12.7` to `2.13.4.2`
+* Updated `com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.7` to `2.13.4`
+* Updated `org.scala-lang:scala-library:2.13.8` to `2.13.10`
+
+### Test Dependency Updates
+
+* Added `nl.jqno.equalsverifier:equalsverifier:3.10.1`
+* Updated `org.mockito:mockito-core:4.6.1` to `4.8.1`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.1.1` to `1.1.2`
+* Updated `com.exasol:project-keeper-maven-plugin:2.5.0` to `2.8.0`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.0.0` to `3.1.0`
+* Updated `org.itsallcode:openfasttrace-maven-plugin:1.4.0` to `1.5.0`
+* Removed `org.scoverage:scoverage-maven-plugin:1.4.11`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index f6e0138..a16770b 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
import-export-udf-common-scala-generated-parent
- 0.4.3
+ 1.0.0
pom
UTF-8
@@ -52,7 +52,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.0.0
+ 3.1.0
enforce-maven
@@ -108,20 +108,6 @@
-
- io.github.zlika
- reproducible-build-maven-plugin
- 0.15
-
-
- strip-jar
- package
-
- strip-jar
-
-
-
-
org.apache.maven.plugins
maven-surefire-plugin
@@ -275,7 +261,7 @@
com.exasol
error-code-crawler-maven-plugin
- 1.1.1
+ 1.1.2
verify
@@ -285,6 +271,20 @@
+
+ io.github.zlika
+ reproducible-build-maven-plugin
+ 0.15
+
+
+ strip-jar
+ package
+
+ strip-jar
+
+
+
+
diff --git a/pom.xml b/pom.xml
index 59f5e97..d85521b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,42 +3,23 @@
4.0.0
com.exasol
import-export-udf-common-scala
- 0.4.3
+ 1.0.0
Import Export UDF Common Scala
Common import export libraries used in Exasol user defined functions
https://github.com/exasol/import-export-udf-common-scala/
-
- import-export-udf-common-scala-generated-parent
- com.exasol
- 0.4.3
- pk_generated_parent.pom
-
+
+ 2.13.10
+ 2.13
- 6.1.7
- 0.4.1
1.11.1
-
- 2.12.7
+ 2.13.4
3.9.5
1.7.36
3.2.13
1.0.0-M2
- 4.6.1
- .
- src/main/**
-
-
- ossrh
- https://oss.sonatype.org/content/repositories/snapshots
-
-
- ossrh
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
maven.exasol.com
@@ -47,13 +28,6 @@
false
-
- maven.exasol.com-snapshots
- https://maven.exasol.com/artifactory/exasol-snapshots
-
- true
-
-
@@ -64,12 +38,12 @@
com.exasol
exasol-script-api
- ${exasol.api.version}
+ 6.1.7
com.exasol
error-reporting-java
- ${exasol.error-reporting.version}
+ 1.0.0
org.apache.avro
@@ -97,7 +71,7 @@
com.fasterxml.jackson.core
jackson-databind
- ${jackson.version}
+ 2.13.4.2
com.fasterxml.jackson.module
@@ -144,7 +118,7 @@
org.mockito
mockito-core
- ${mockito.version}
+ 4.8.1
test
@@ -223,7 +197,7 @@
org.scalameta
semanticdb-scalac_${scala.version}
- 4.4.35
+ 4.6.0
@@ -287,7 +261,7 @@
org.itsallcode
openfasttrace-maven-plugin
- 1.4.0
+ 1.5.0
trace-requirements
@@ -305,7 +279,7 @@
com.exasol
project-keeper-maven-plugin
- 2.5.0
+ 2.8.0
@@ -374,7 +348,7 @@
com.geirsson
metaconfig-pprint_${scala.compat.version}
- 0.10.0
+ 0.11.1
@@ -383,25 +357,10 @@
-
-
- scala2.13
-
- true
-
-
- 2.13.8
- 2.13
- false
-
-
-
- scala2.12
-
- 2.12.15
- 2.12
- true
-
-
-
-
+
+ import-export-udf-common-scala-generated-parent
+ com.exasol
+ 1.0.0
+ pk_generated_parent.pom
+
+
\ No newline at end of file
diff --git a/release_config.yml b/release_config.yml
index 44dac34..473c219 100644
--- a/release_config.yml
+++ b/release_config.yml
@@ -1,3 +1,4 @@
release-platforms:
- GitHub
- Maven
+language: Java
diff --git a/src/main/scala/com/exasol/common/json/JsonMapper.scala b/src/main/scala/com/exasol/common/json/JsonMapper.scala
index a80c9fe..1b756c2 100644
--- a/src/main/scala/com/exasol/common/json/JsonMapper.scala
+++ b/src/main/scala/com/exasol/common/json/JsonMapper.scala
@@ -1,6 +1,10 @@
package com.exasol.common.json
+import java.lang.reflect.ParameterizedType
+import java.lang.reflect.Type
+
import com.fasterxml.jackson.core.JsonParser
+import com.fasterxml.jackson.core.`type`.TypeReference
import com.fasterxml.jackson.databind.MapperFeature
import com.fasterxml.jackson.databind.SerializationFeature
import com.fasterxml.jackson.databind.json.{JsonMapper => BaseJsonMapper}
@@ -52,7 +56,7 @@ object JsonMapper {
* @return parsed value
*/
def fromJson[T: Manifest](jsonString: String): T =
- mapper.readValue[T](jsonString)
+ mapper.readValue(jsonString, getTypeReference[T])
/**
* Parses JSON string into a type.
@@ -64,4 +68,18 @@ object JsonMapper {
def parseJson[T: Manifest](jsonString: String): T =
fromJson(jsonString)
+ private[this] def getTypeReference[T: Manifest] = new TypeReference[T] {
+ override def getType = getTypeFromManifest(manifest[T])
+ }
+
+ private[this] def getTypeFromManifest(manifest: Manifest[_]): Type =
+ if (manifest.typeArguments.isEmpty) {
+ manifest.runtimeClass
+ } else {
+ new ParameterizedType {
+ def getRawType = manifest.runtimeClass
+ def getActualTypeArguments = manifest.typeArguments.map(getTypeFromManifest(_)).toArray
+ def getOwnerType = null
+ }
+ }
}
diff --git a/src/test/scala/com/exasol/common/file/FileCheckerTest.scala b/src/test/scala/com/exasol/common/file/FileCheckerTest.scala
index 475921b..ee33e77 100644
--- a/src/test/scala/com/exasol/common/file/FileCheckerTest.scala
+++ b/src/test/scala/com/exasol/common/file/FileCheckerTest.scala
@@ -26,12 +26,14 @@ class FileCheckerTest extends AnyFunSuite with Matchers with MockitoSugar {
}
test("bucketfs file checker throws when path does not start with expected prefix") {
+ val path = "/var/log/bucket1/file.txt"
val thrown = intercept[IllegalArgumentException] {
- new BucketFSFileChecker().isRegularFile("/var/log/bucket1/file.txt")
+ new BucketFSFileChecker().isRegularFile(path)
}
+ val expectedPath = new File(path).getCanonicalPath()
val message = thrown.getMessage()
assert(message.startsWith("E-IEUCS-12"))
- assert(message.contains("Provided path '/var/log/bucket1/file.txt' does not start with expected"))
+ assert(message.contains("Provided path '" + expectedPath + "' does not start with expected"))
assert(message.contains("Please make sure that file path start with '/buckets'."))
}