diff --git a/.gitattributes b/.gitattributes
index 059293b..4c0b747 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,12 @@
*.sh text eol=lf
.github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true
+.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true
+.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true
.github/workflows/ci-build-next-java.yml linguist-generated=true
.github/workflows/broken_links_checker.yml linguist-generated=true
.github/workflows/dependencies_check.yml linguist-generated=true
+.settings/org.eclipse.jdt.core.prefs linguist-generated=true
dependencies.md linguist-generated=true
pk_generated_parent.pom linguist-generated=true
doc/changes/changelog.md linguist-generated=true
diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index c4ff3be..82ec1cd 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -15,16 +15,18 @@ jobs:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Configure broken links checker
run: |
mkdir -p ./target
echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \
'{"pattern": "^https?://(www|dev).mysql.com/"},' \
'{"pattern": "^https?://(www.)?opensource.org"}' \
+ '{"pattern": "^https?://(www.)?eclipse.org"}' \
+ '{"pattern": "^https?://projects.eclipse.org"}' \
']}' > ./target/broken_links_checker.json
- uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
- use-quiet-mode: 'yes'
- use-verbose-mode: 'yes'
+ use-quiet-mode: "yes"
+ use-verbose-mode: "yes"
config-file: ./target/broken_links_checker.json
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index e0c15cf..7cbab08 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -14,15 +14,15 @@ jobs:
cancel-in-progress: true
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 17
- cache: 'maven'
+ cache: "maven"
- name: Run tests and build with Maven
run: |
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
index b2ab231..4b6eadf 100644
--- a/.github/workflows/dependencies_check.yml
+++ b/.github/workflows/dependencies_check.yml
@@ -1,20 +1,35 @@
-name: Dependencies Check
+name: Report Security Issues for Repository
on:
+ workflow_dispatch:
schedule:
- cron: "0 2 * * *"
jobs:
- build:
+ report_security_issues:
runs-on: ubuntu-latest
+ permissions:
+ issues: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
- - name: Checking dependencies for vulnerabilities
- run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
\ No newline at end of file
+ cache: "maven"
+
+ - name: Generate ossindex report
+ run: |
+ mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
+ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
+ -Dossindex.reportFile=$(pwd)/ossindex-report.json \
+ -Dossindex.fail=false
+
+ - name: Report Security Issues
+ uses: exasol/python-toolbox/.github/actions/security-issues@main
+ with:
+ format: "maven"
+ command: "cat ossindex-report.json"
+ github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
index 4a980f8..ba96c12 100644
--- a/.github/workflows/release_droid_prepare_original_checksum.yml
+++ b/.github/workflows/release_droid_prepare_original_checksum.yml
@@ -7,16 +7,21 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
+ - name: Free Disk Space
+ if: ${{ false }}
+ run: |
+ sudo rm -rf /usr/local/lib/android
+ sudo rm -rf /usr/share/dotnet
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Enable testcontainer reuse
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
- name: Run tests and build with Maven
@@ -28,4 +33,4 @@ jobs:
with:
name: original_checksum
retention-days: 5
- path: original_checksum
\ No newline at end of file
+ path: original_checksum
diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
index 8add957..aed4444 100644
--- a/.github/workflows/release_droid_print_quick_checksum.yml
+++ b/.github/workflows/release_droid_print_quick_checksum.yml
@@ -8,17 +8,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Print checksum
run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end'
-
diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
index 7350faf..7ae8bbb 100644
--- a/.github/workflows/release_droid_upload_github_release_assets.yml
+++ b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
upload_url:
- description: 'Assets upload URL'
+ description: "Assets upload URL"
required: true
jobs:
@@ -12,15 +12,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Generate sha256sum files
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 8b5a9aa..bb40c3f 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -111,7 +111,7 @@ org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning
org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore
org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
-org.eclipse.jdt.core.compiler.processAnnotations=enabled
+org.eclipse.jdt.core.compiler.processAnnotations=disabled
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=11
org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false
diff --git a/dependencies.md b/dependencies.md
index c637390..712d01a 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -8,7 +8,7 @@
| [Scala Library][0] | [Apache-2.0][1] |
| [Exasol UDF API for Java][2] | [MIT License][3] |
| [error-reporting-java][4] | [MIT License][5] |
-| [Apache Avro][6] | [Apache License, Version 2.0][7] |
+| [Apache Avro][6] | [Apache-2.0][7] |
| [jackson-databind][8] | [The Apache Software License, Version 2.0][7] |
| [jackson-module-scala][9] | [The Apache Software License, Version 2.0][7] |
| [SLF4J Simple Binding][10] | [MIT License][11] |
@@ -16,46 +16,41 @@
## Test Dependencies
-| Dependency | License |
-| ----------------------------------------- | ----------------------------------------- |
-| [scalatest][14] | [the Apache License, ASL Version 2.0][15] |
-| [scalatestplus-mockito][16] | [Apache-2.0][15] |
-| [mockito-core][17] | [The MIT License][18] |
-| [EqualsVerifier | release normal jar][19] | [Apache License, Version 2.0][7] |
+| Dependency | License |
+| ------------------------------------------ | ----------------------------------------- |
+| [scalatest][14] | [the Apache License, ASL Version 2.0][15] |
+| [scalatestplus-mockito][16] | [Apache-2.0][15] |
+| [mockito-core][17] | [The MIT License][18] |
+| [EqualsVerifier \| release normal jar][19] | [Apache License, Version 2.0][7] |
## Plugin Dependencies
-| Dependency | License |
-| ------------------------------------------------------- | ---------------------------------------------- |
-| [SonarQube Scanner for Maven][20] | [GNU LGPL 3][21] |
-| [Apache Maven Compiler Plugin][22] | [Apache-2.0][7] |
-| [Apache Maven Enforcer Plugin][23] | [Apache-2.0][7] |
-| [Maven Flatten Plugin][24] | [Apache Software Licenese][7] |
-| [ScalaTest Maven Plugin][25] | [the Apache License, ASL Version 2.0][15] |
-| [Apache Maven Assembly Plugin][26] | [Apache License, Version 2.0][7] |
-| [OpenFastTrace Maven Plugin][27] | [GNU General Public License v3.0][28] |
-| [Project keeper maven plugin][29] | [The MIT License][30] |
-| [Scalastyle Maven Plugin][31] | [Apache 2.0][13] |
-| [spotless-maven-plugin][32] | [The Apache Software License, Version 2.0][7] |
-| [org.sonatype.ossindex.maven:ossindex-maven-plugin][33] | [ASL2][34] |
-| [scala-maven-plugin][35] | [Public domain (Unlicense)][36] |
-| [Maven Surefire Plugin][37] | [Apache-2.0][7] |
-| [Versions Maven Plugin][38] | [Apache License, Version 2.0][7] |
-| [duplicate-finder-maven-plugin Maven Mojo][39] | [Apache License 2.0][13] |
-| [Apache Maven Deploy Plugin][40] | [Apache-2.0][7] |
-| [Apache Maven GPG Plugin][41] | [Apache License, Version 2.0][7] |
-| [Apache Maven Source Plugin][42] | [Apache License, Version 2.0][7] |
-| [Apache Maven Javadoc Plugin][43] | [Apache-2.0][7] |
-| [Nexus Staging Maven Plugin][44] | [Eclipse Public License][45] |
-| [JaCoCo :: Maven Plugin][46] | [Eclipse Public License 2.0][47] |
-| [error-code-crawler-maven-plugin][48] | [MIT License][49] |
-| [Reproducible Build Maven Plugin][50] | [Apache 2.0][34] |
-| [scalafix-maven-plugin][51] | [BSD-3-Clause][52] |
-| [Maven Clean Plugin][53] | [The Apache Software License, Version 2.0][34] |
-| [Maven Resources Plugin][54] | [The Apache Software License, Version 2.0][34] |
-| [Maven JAR Plugin][55] | [The Apache Software License, Version 2.0][34] |
-| [Maven Install Plugin][56] | [The Apache Software License, Version 2.0][34] |
-| [Maven Site Plugin 3][57] | [The Apache Software License, Version 2.0][34] |
+| Dependency | License |
+| ------------------------------------------------------- | --------------------------------------------- |
+| [SonarQube Scanner for Maven][20] | [GNU LGPL 3][21] |
+| [Apache Maven Compiler Plugin][22] | [Apache-2.0][7] |
+| [Apache Maven Enforcer Plugin][23] | [Apache-2.0][7] |
+| [Maven Flatten Plugin][24] | [Apache Software Licenese][7] |
+| [ScalaTest Maven Plugin][25] | [the Apache License, ASL Version 2.0][15] |
+| [Apache Maven Assembly Plugin][26] | [Apache License, Version 2.0][7] |
+| [OpenFastTrace Maven Plugin][27] | [GNU General Public License v3.0][28] |
+| [Project keeper maven plugin][29] | [The MIT License][30] |
+| [Scalastyle Maven Plugin][31] | [Apache 2.0][13] |
+| [spotless-maven-plugin][32] | [The Apache Software License, Version 2.0][7] |
+| [org.sonatype.ossindex.maven:ossindex-maven-plugin][33] | [ASL2][34] |
+| [scala-maven-plugin][35] | [Public domain (Unlicense)][36] |
+| [Maven Surefire Plugin][37] | [Apache-2.0][7] |
+| [Versions Maven Plugin][38] | [Apache License, Version 2.0][7] |
+| [duplicate-finder-maven-plugin Maven Mojo][39] | [Apache License 2.0][13] |
+| [Apache Maven Deploy Plugin][40] | [Apache-2.0][7] |
+| [Apache Maven GPG Plugin][41] | [Apache-2.0][7] |
+| [Apache Maven Source Plugin][42] | [Apache License, Version 2.0][7] |
+| [Apache Maven Javadoc Plugin][43] | [Apache-2.0][7] |
+| [Nexus Staging Maven Plugin][44] | [Eclipse Public License][45] |
+| [JaCoCo :: Maven Plugin][46] | [Eclipse Public License 2.0][47] |
+| [error-code-crawler-maven-plugin][48] | [MIT License][49] |
+| [Reproducible Build Maven Plugin][50] | [Apache 2.0][34] |
+| [scalafix-maven-plugin][51] | [BSD-3-Clause][52] |
[0]: https://www.scala-lang.org/
[1]: https://www.apache.org/licenses/LICENSE-2.0
@@ -96,7 +91,7 @@
[36]: http://unlicense.org/
[37]: https://maven.apache.org/surefire/maven-surefire-plugin/
[38]: https://www.mojohaus.org/versions/versions-maven-plugin/
-[39]: https://github.com/basepom/duplicate-finder-maven-plugin
+[39]: https://basepom.github.io/duplicate-finder-maven-plugin
[40]: https://maven.apache.org/plugins/maven-deploy-plugin/
[41]: https://maven.apache.org/plugins/maven-gpg-plugin/
[42]: https://maven.apache.org/plugins/maven-source-plugin/
@@ -110,8 +105,3 @@
[50]: http://zlika.github.io/reproducible-build-maven-plugin
[51]: https://github.com/evis/scalafix-maven-plugin
[52]: https://opensource.org/licenses/BSD-3-Clause
-[53]: http://maven.apache.org/plugins/maven-clean-plugin/
-[54]: http://maven.apache.org/plugins/maven-resources-plugin/
-[55]: http://maven.apache.org/plugins/maven-jar-plugin/
-[56]: http://maven.apache.org/plugins/maven-install-plugin/
-[57]: http://maven.apache.org/plugins/maven-site-plugin/
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 38ade3a..be007cb 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [1.1.2](changes_1.1.2.md)
* [1.1.1](changes_1.1.1.md)
* [1.1.0](changes_1.1.0.md)
* [1.0.0](changes_1.0.0.md)
diff --git a/doc/changes/changes_1.1.2.md b/doc/changes/changes_1.1.2.md
new file mode 100644
index 0000000..0a2d2ba
--- /dev/null
+++ b/doc/changes/changes_1.1.2.md
@@ -0,0 +1,31 @@
+# Import Export UDF Common Scala 1.1.2, released 2023-11-22
+
+Code name: Update avro to CVE-2023-39410
+
+## Summary
+
+Library `org.apache.avro` was updated to fix its CVE-2023-39410.
+
+## Features
+
+* #51: Fixed vulnerability in avro
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `org.apache.avro:avro:1.11.1` to `1.11.3`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.3` to `1.3.1`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.7` to `2.9.16`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.3.0` to `3.4.1`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.0.1` to `3.1.0`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.5.0` to `3.6.2`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0` to `3.2.2`
+* Updated `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1` to `2.0.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.4.1` to `1.5.0`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.15.0` to `2.16.1`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.9` to `0.8.11`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 036aaa2..359b218 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
import-export-udf-common-scala-generated-parent
- 1.1.1
+ 1.1.2
pom
UTF-8
@@ -48,7 +48,7 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.9.1.2184
+ 3.10.0.2594
org.apache.maven.plugins
@@ -57,12 +57,18 @@
${java.version}
${java.version}
+ true
+
+
+ -Xlint:all,-processing
+
+
org.apache.maven.plugins
maven-enforcer-plugin
- 3.3.0
+ 3.4.1
enforce-maven
@@ -72,7 +78,7 @@
- [3.8.7,3.9.0)
+ 3.6.3
@@ -82,7 +88,7 @@
org.codehaus.mojo
flatten-maven-plugin
- 1.4.1
+ 1.5.0
true
oss
@@ -121,7 +127,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.0.0
+ 3.2.2
@@ -132,7 +138,7 @@
org.codehaus.mojo
versions-maven-plugin
- 2.15.0
+ 2.16.1
display-updates
@@ -150,7 +156,7 @@
org.basepom.maven
duplicate-finder-maven-plugin
- 1.5.1
+ 2.0.1
default
@@ -168,7 +174,6 @@
true
true
false
- true
true
false
@@ -184,7 +189,7 @@
org.apache.maven.plugins
maven-gpg-plugin
- 3.0.1
+ 3.1.0
sign-artifacts
@@ -204,6 +209,9 @@
org.apache.maven.plugins
maven-source-plugin
+
3.2.1
@@ -217,7 +225,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.5.0
+ 3.6.2
attach-javadocs
@@ -232,6 +240,7 @@
true
true
true
+ true
@@ -258,7 +267,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.9
+ 0.8.11
prepare-agent
@@ -299,7 +308,7 @@
com.exasol
error-code-crawler-maven-plugin
- 1.2.3
+ 1.3.1
verify
diff --git a/pom.xml b/pom.xml
index c07a853..24d2315 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,14 +2,14 @@
4.0.0
import-export-udf-common-scala
- 1.1.1
+ 1.1.2
Import Export UDF Common Scala
Common import export libraries used in Exasol user defined functions
https://github.com/exasol/import-export-udf-common-scala/
import-export-udf-common-scala-generated-parent
com.exasol
- 1.1.1
+ 1.1.2
pk_generated_parent.pom
@@ -17,7 +17,7 @@
2.13.10
2.13
- 1.11.1
+ 1.11.3
2.15.0
3.9.5
2.0.7
@@ -275,7 +275,7 @@
com.exasol
project-keeper-maven-plugin
- 2.9.7
+ 2.9.16