Skip to content

Commit

Permalink
Dependency updates (#53)
Browse files Browse the repository at this point in the history 
* Dependency Updates
  • Loading branch information
@jakobbraun
jakobbraun committed Jun 27, 2022
1 parent 18fafbe commit 3a4ac56
Show file tree
Hide file tree
Showing 13 changed files with 217 additions and 291 deletions.
9 changes: 6 additions & 3 deletions .github/workflows/broken_links_checker.yml
View file
Expand Up @@ -2,7 +2,7 @@ name: Broken Links Checker

on:
schedule:
- cron: "0 5 * * *"
- cron: "0 5 * * 0"
push:
branches:
- main
Expand All @@ -11,12 +11,15 @@ on:
jobs:
linkChecker:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Configure broken links checker
run: |
mkdir -p ./target
echo '{ "aliveStatusCodes": [429, 200] }' > ./target/broken_links_checker.json
echo '{ "aliveStatusCodes": [429, 200], "ignorePatterns": [{"pattern": "^https?://(www.)?opensource.org"}] }' > ./target/broken_links_checker.json
- uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
use-quiet-mode: 'yes'
Expand Down
15 changes: 6 additions & 9 deletions .github/workflows/ci-build-next-java.yml
View file
Expand Up @@ -9,23 +9,20 @@ on:
jobs:
java-17-compatibility:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- name: Checkout the repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
cache: 'maven'
- name: Run tests and build with Maven
run: |
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
Expand Down
14 changes: 4 additions & 10 deletions .github/workflows/dependencies_check.yml
View file
Expand Up @@ -9,18 +9,12 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
cache: 'maven'
- name: Checking dependencies for vulnerabilities
run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
16 changes: 6 additions & 10 deletions .github/workflows/release_droid_prepare_original_checksum.yml
View file
Expand Up @@ -8,27 +8,23 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
cache: 'maven'
- name: Enable testcontainer reuse
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
- name: Run tests and build with Maven
run: mvn --batch-mode clean verify --file pom.xml
- name: Prepare checksum
run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum
- name: Upload checksum to the artifactory
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: original_checksum
retention-days: 5
Expand Down
12 changes: 3 additions & 9 deletions .github/workflows/release_droid_print_quick_checksum.yml
View file
Expand Up @@ -8,21 +8,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
cache: 'maven'
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Print checksum
Expand Down
12 changes: 3 additions & 9 deletions .github/workflows/release_droid_upload_github_release_assets.yml
View file
Expand Up @@ -12,21 +12,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v2
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
cache: 'maven'
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Generate sha256sum files
Expand Down
136 changes: 71 additions & 65 deletions dependencies.md
View file
Expand Up @@ -5,95 +5,101 @@

| Dependency | License |
| ------------------------------- | ----------------- |
| [Virtual Schema Common JDBC][0] | [MIT][1] |
| [error-reporting-java][2] | [MIT][1] |
| [Virtual Schema Common JDBC][0] | [MIT License][1] |
| [error-reporting-java][2] | [MIT][3] |
| [PostgreSQL JDBC Driver][4] | [BSD-2-Clause][5] |

## Test Dependencies

| Dependency | License |
| ----------------------------------------------- | ---------------------------------------------- |
| [Virtual Schema Common JDBC][0] | [MIT][1] |
| [Virtual Schema Common JDBC][0] | [MIT License][1] |
| [Hamcrest][8] | [BSD License 3][9] |
| [JUnit Jupiter (Aggregator)][10] | [Eclipse Public License v2.0][11] |
| [mockito-junit-jupiter][12] | [The MIT License][13] |
| [Test containers for Exasol on Docker][14] | [MIT][1] |
| [Test containers for Exasol on Docker][14] | [MIT][3] |
| [Testcontainers :: JUnit Jupiter Extension][16] | [MIT][17] |
| [Testcontainers :: JDBC :: PostgreSQL][16] | [MIT][17] |
| [Test Database Builder for Java][20] | [MIT][1] |
| [Matcher for SQL Result Sets][22] | [MIT][1] |
| [udf-debugging-java][24] | [MIT][1] |
| [Test Database Builder for Java][20] | [MIT License][21] |
| [Matcher for SQL Result Sets][22] | [MIT][3] |
| [udf-debugging-java][24] | [MIT][3] |
| [Markdown Generator][26] | [The Apache Software License, Version 2.0][27] |
| [Autogenerated resource verifier][28] | [MIT][1] |
| [virtual-schema-shared-integration-tests][30] | [MIT][1] |
| [Autogenerated resource verifier][28] | [MIT][3] |
| [virtual-schema-shared-integration-tests][30] | [MIT][3] |

## Plugin Dependencies

| Dependency | License |
| ------------------------------------------------------- | --------------------------------- |
| [Apache Maven Enforcer Plugin][32] | [Apache License, Version 2.0][33] |
| [Maven Flatten Plugin][34] | [Apache Software Licenese][27] |
| [org.sonatype.ossindex.maven:ossindex-maven-plugin][36] | [ASL2][27] |
| [Reproducible Build Maven Plugin][38] | [Apache 2.0][27] |
| [Maven Surefire Plugin][40] | [Apache License, Version 2.0][33] |
| [Versions Maven Plugin][42] | [Apache License, Version 2.0][33] |
| [Apache Maven Compiler Plugin][44] | [Apache License, Version 2.0][33] |
| [Apache Maven Assembly Plugin][46] | [Apache License, Version 2.0][33] |
| [Apache Maven JAR Plugin][48] | [Apache License, Version 2.0][33] |
| [Artifact reference checker and unifier][50] | [MIT][1] |
| [Maven Failsafe Plugin][52] | [Apache License, Version 2.0][33] |
| [JaCoCo :: Maven Plugin][54] | [Eclipse Public License 2.0][55] |
| [Project keeper maven plugin][56] | [MIT][1] |
| [Apache Maven Dependency Plugin][58] | [Apache License, Version 2.0][33] |
| [Exec Maven Plugin][60] | [Apache License 2][27] |
| [error-code-crawler-maven-plugin][62] | [MIT][1] |
| [Apache Maven Clean Plugin][64] | [Apache License, Version 2.0][33] |
| [Apache Maven Resources Plugin][66] | [Apache License, Version 2.0][33] |
| [Apache Maven Install Plugin][68] | [Apache License, Version 2.0][27] |
| [Apache Maven Deploy Plugin][70] | [Apache License, Version 2.0][27] |
| [Apache Maven Site Plugin][72] | [Apache License, Version 2.0][33] |
| Dependency | License |
| ------------------------------------------------------- | ---------------------------------------------- |
| [SonarQube Scanner for Maven][32] | [GNU LGPL 3][33] |
| [Apache Maven Compiler Plugin][34] | [Apache License, Version 2.0][35] |
| [Apache Maven Enforcer Plugin][36] | [Apache License, Version 2.0][35] |
| [Maven Flatten Plugin][38] | [Apache Software Licenese][27] |
| [org.sonatype.ossindex.maven:ossindex-maven-plugin][40] | [ASL2][27] |
| [Reproducible Build Maven Plugin][42] | [Apache 2.0][27] |
| [Maven Surefire Plugin][44] | [Apache License, Version 2.0][35] |
| [Versions Maven Plugin][46] | [Apache License, Version 2.0][35] |
| [Apache Maven Assembly Plugin][48] | [Apache License, Version 2.0][35] |
| [Apache Maven JAR Plugin][50] | [Apache License, Version 2.0][35] |
| [Artifact reference checker and unifier][52] | [MIT][3] |
| [Project keeper maven plugin][54] | [The MIT License][55] |
| [Maven Dependency Plugin][56] | [The Apache Software License, Version 2.0][27] |
| [Exec Maven Plugin][58] | [Apache License 2][27] |
| [Maven Failsafe Plugin][60] | [Apache License, Version 2.0][35] |
| [JaCoCo :: Maven Plugin][62] | [Eclipse Public License 2.0][63] |
| [error-code-crawler-maven-plugin][64] | [MIT][3] |
| [Maven Clean Plugin][66] | [The Apache Software License, Version 2.0][27] |
| [Maven Resources Plugin][68] | [The Apache Software License, Version 2.0][27] |
| [Maven Install Plugin][70] | [The Apache Software License, Version 2.0][27] |
| [Maven Deploy Plugin][72] | [The Apache Software License, Version 2.0][27] |
| [Maven Site Plugin 3][74] | [The Apache Software License, Version 2.0][27] |

[2]: https://github.com/exasol/error-reporting-java
[4]: https://jdbc.postgresql.org
[27]: http://www.apache.org/licenses/LICENSE-2.0.txt
[40]: https://maven.apache.org/surefire/maven-surefire-plugin/
[44]: https://maven.apache.org/surefire/maven-surefire-plugin/
[5]: https://jdbc.postgresql.org/about/license.html
[1]: https://opensource.org/licenses/MIT
[66]: http://maven.apache.org/plugins/maven-clean-plugin/
[3]: https://opensource.org/licenses/MIT
[12]: https://github.com/mockito/mockito
[52]: https://maven.apache.org/surefire/maven-failsafe-plugin/
[20]: https://github.com/exasol/test-db-builder-java
[30]: https://github.com/exasol/virtual-schema-shared-integration-tests
[60]: http://www.mojohaus.org/exec-maven-plugin
[42]: http://www.mojohaus.org/versions-maven-plugin/
[38]: https://www.mojohaus.org/flatten-maven-plugin/
[58]: http://www.mojohaus.org/exec-maven-plugin
[46]: http://www.mojohaus.org/versions-maven-plugin/
[54]: https://github.com/exasol/project-keeper/
[9]: http://opensource.org/licenses/BSD-3-Clause
[44]: https://maven.apache.org/plugins/maven-compiler-plugin/
[17]: http://opensource.org/licenses/MIT
[66]: https://maven.apache.org/plugins/maven-resources-plugin/
[0]: https://github.com/exasol/virtual-schema-common-jdbc
[34]: https://maven.apache.org/plugins/maven-compiler-plugin/
[21]: https://github.com/exasol/test-db-builder-java/blob/main/LICENSE
[26]: https://github.com/Steppschuh/Java-Markdown-Generator
[64]: https://maven.apache.org/plugins/maven-clean-plugin/
[55]: https://www.eclipse.org/legal/epl-2.0/
[14]: https://github.com/exasol/exasol-testcontainers
[54]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
[63]: https://www.eclipse.org/legal/epl-2.0/
[33]: http://www.gnu.org/licenses/lgpl.txt
[62]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
[13]: https://github.com/mockito/mockito/blob/main/LICENSE
[22]: https://github.com/exasol/hamcrest-resultset-matcher
[38]: http://zlika.github.io/reproducible-build-maven-plugin
[58]: https://maven.apache.org/plugins/maven-dependency-plugin/
[72]: https://maven.apache.org/plugins/maven-site-plugin/
[33]: https://www.apache.org/licenses/LICENSE-2.0.txt
[42]: http://zlika.github.io/reproducible-build-maven-plugin
[32]: http://sonarsource.github.io/sonar-scanner-maven/
[28]: https://github.com/exasol/autogenerated-resource-verifier-java
[32]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
[56]: https://github.com/exasol/project-keeper-maven-plugin/project-keeper-maven-plugin-generated-parent/project-keeper-maven-plugin
[11]: https://www.eclipse.org/legal/epl-v20.html
[68]: http://maven.apache.org/plugins/maven-install-plugin/
[24]: https://github.com/exasol/udf-debugging-java/
[10]: https://junit.org/junit5/
[36]: https://sonatype.github.io/ossindex-maven/maven-plugin/
[16]: https://testcontainers.org
[34]: https://www.mojohaus.org/flatten-maven-plugin/flatten-maven-plugin
[24]: https://github.com/exasol/udf-debugging-java
[0]: https://github.com/exasol/virtual-schema-common-jdbc/
[8]: http://hamcrest.org/JavaHamcrest/
[70]: http://maven.apache.org/plugins/maven-deploy-plugin/
[50]: https://github.com/exasol/artifact-reference-checker-maven-plugin
[62]: https://github.com/exasol/error-code-crawler-maven-plugin
[48]: https://maven.apache.org/plugins/maven-jar-plugin/
[46]: https://maven.apache.org/plugins/maven-assembly-plugin/
[68]: http://maven.apache.org/plugins/maven-resources-plugin/
[52]: https://github.com/exasol/artifact-reference-checker-maven-plugin
[50]: https://maven.apache.org/plugins/maven-jar-plugin/
[4]: https://jdbc.postgresql.org
[20]: https://github.com/exasol/test-db-builder-java/
[60]: https://maven.apache.org/surefire/maven-failsafe-plugin/
[30]: https://github.com/exasol/virtual-schema-shared-integration-tests
[56]: http://maven.apache.org/plugins/maven-dependency-plugin/
[17]: http://opensource.org/licenses/MIT
[14]: https://github.com/exasol/exasol-testcontainers
[55]: https://github.com/exasol/project-keeper/blob/main/LICENSE
[35]: https://www.apache.org/licenses/LICENSE-2.0.txt
[36]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
[11]: https://www.eclipse.org/legal/epl-v20.html
[1]: https://github.com/exasol/virtual-schema-common-jdbc/blob/main/LICENSE
[70]: http://maven.apache.org/plugins/maven-install-plugin/
[40]: https://sonatype.github.io/ossindex-maven/maven-plugin/
[16]: https://testcontainers.org
[72]: http://maven.apache.org/plugins/maven-deploy-plugin/
[74]: http://maven.apache.org/plugins/maven-site-plugin/
[64]: https://github.com/exasol/error-code-crawler-maven-plugin
[48]: https://maven.apache.org/plugins/maven-assembly-plugin/
1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file
@@ -1,5 +1,6 @@
# Changes

* [2.0.3](changes_2.0.3.md)
* [2.0.2](changes_2.0.2.md)
* [2.0.1](changes_2.0.1.md)
* [2.0.0](changes_2.0.0.md)
Expand Down
47 changes: 47 additions & 0 deletions doc/changes/changes_2.0.3.md
View file
@@ -0,0 +1,47 @@
# Virtual Schema for PostgreSQL 2.0.3, released 2022-06-27

Code name: Dependency Updates

## Summary

In this release we updated dependencies and by that fixed the following security vulnerabilities:

* CVE-2022-24823
* sonatype-2020-0026
* CVE-2016-5003
* CVE-2016-5002
* CVE-2021-22569
* CVE-2016-5004

## Dependency Updates

### Compile Dependency Updates

* Updated `com.exasol:virtual-schema-common-jdbc:9.0.4` to `9.0.5`
* Updated `org.postgresql:postgresql:42.3.3` to `42.4.0`

### Test Dependency Updates

* Updated `com.exasol:exasol-testcontainers:6.1.1` to `6.1.2`
* Updated `com.exasol:test-db-builder-java:3.3.1` to `3.3.3`
* Updated `com.exasol:udf-debugging-java:0.6.0` to `0.6.4`
* Updated `com.exasol:virtual-schema-common-jdbc:9.0.4` to `9.0.5`
* Updated `org.mockito:mockito-junit-jupiter:4.3.1` to `4.6.1`
* Updated `org.testcontainers:junit-jupiter:1.16.3` to `1.17.2`
* Updated `org.testcontainers:postgresql:1.16.3` to `1.17.2`

### Plugin Dependency Updates

* Updated `com.exasol:artifact-reference-checker-maven-plugin:0.4.1` to `0.4.0`
* Updated `com.exasol:error-code-crawler-maven-plugin:1.0.0` to `1.1.1`
* Updated `com.exasol:project-keeper-maven-plugin:2.0.0` to `2.4.6`
* Updated `org.apache.maven.plugins:maven-clean-plugin:3.1.0` to `2.5`
* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.0` to `3.10.1`
* Updated `org.apache.maven.plugins:maven-dependency-plugin:3.2.0` to `2.8`
* Updated `org.apache.maven.plugins:maven-deploy-plugin:2.8.2` to `2.7`
* Updated `org.apache.maven.plugins:maven-install-plugin:2.5.2` to `2.4`
* Updated `org.apache.maven.plugins:maven-resources-plugin:3.2.0` to `2.6`
* Updated `org.apache.maven.plugins:maven-site-plugin:3.11.0` to `3.3`
* Updated `org.codehaus.mojo:versions-maven-plugin:2.9.0` to `2.10.0`
* Updated `org.jacoco:jacoco-maven-plugin:0.8.7` to `0.8.8`
* Added `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184`

0 comments on commit 3a4ac56

Please sign in to comment.