Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump amqp-client from 5.7.0 to 5.7.1 in /core #1501

Merged
merged 2 commits into from
May 28, 2019

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps amqp-client from 5.7.0 to 5.7.1.

Release notes

Sourced from amqp-client's releases.

5.7.1

Changes between 5.7.0 and 5.7.1

This is a patch release with a bug fix and an optional dependency bump to address a vulnerability. All users of the 5.x.x series are encouraged to upgrade to this version.

The optional dependency affected by the vulnerability is Jackson. The Java client uses this library as a pluggable mapping solution in the JSON RPC support. In the context of the Java client, you are affected by this vulnerability only if you added explicitly Jackson to your dependencies. You must then upgrade Jackson to 2.9.9.

Handle exception in NIO loop to avoid abrupt termination

GitHub issue: #611

Bump Jackson to 2.9.9

GitHub issue: #612

Commits
  • 7c0682e [maven-release-plugin] prepare release v5.7.1
  • b73f870 Set release version to 5.7.1
  • 74b4a36 Bump Jackson to 2.9.9
  • c2a1b44 Increase TTL in dead lettering tests
  • 4cb5861 Handle exception in NIO loop to avoid abrupt termination
  • ed473ee Fix hanging test
  • 56ca902 Disable hanging test
  • fe26a09 Lower log level for tests
  • dfe8ede Use rabbitmqctl to command secondary node
  • 87a9fea Set release version to 5.7.1.RC1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency (including time of day and day of week)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.


Dependabot has been acquired by GitHub  🎉

@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label May 28, 2019
@rnorth rnorth merged commit 1b3a3bd into master May 28, 2019
@delete-merged-branch delete-merged-branch bot deleted the dependabot/gradle/core/com.rabbitmq-amqp-client-5.7.1 branch May 28, 2019 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant