Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manage the apache-mime4j dependency #30812

Merged
merged 1 commit into from
Feb 3, 2023
Merged

Conversation

sberyozkin
Copy link
Member

No description provided.

@quarkus-bot quarkus-bot bot added the area/dependencies Pull requests that update a dependency file label Feb 2, 2023
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is it supposed to solve? We probably want to add it to the Dependabot configuration.

@quarkus-bot

This comment has been minimized.

@sberyozkin
Copy link
Member Author

Hi @gsmet Minor impact CVE related to the way it handles temp files. In fact this code is not really used in Quarkus, but this dependency can not be excluded at the same time, so very theoretically, some custom code might want to use that code; since the current version of this dependency is 0.8.8 as far as I recall, managing 0.8.9 should be reasonable, to avoid false positives being reported.
Let me update the dependabot rules

@quarkus-bot quarkus-bot bot added the area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure label Feb 2, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Feb 3, 2023

✔️ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

@gsmet gsmet merged commit 5205645 into quarkusio:main Feb 3, 2023
@quarkus-bot quarkus-bot bot added this to the 3.0 - main milestone Feb 3, 2023
@sberyozkin sberyozkin deleted the mime4j_0.8.9 branch February 3, 2023 10:38
@gsmet gsmet modified the milestones: 3.0 - main, 2.16.2.Final Feb 7, 2023
benkard added a commit to benkard/mulkcms2 that referenced this pull request Apr 2, 2023
This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | build | minor | `2.32.0` -> `2.33.0` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | patch | `2.16.1.Final` -> `2.16.2.Final` |
| [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | patch | `2.16.1.Final` -> `2.16.2.Final` |

---

### Release Notes

<details>
<summary>diffplug/spotless</summary>

### [`v2.33.0`](https://github.com/diffplug/spotless/blob/HEAD/CHANGES.md#&#8203;2330---2023-01-26)

##### Added

-   `ProcessRunner` has added some convenience methods so it can be used for maven testing. ([#&#8203;1496](diffplug/spotless#1496))
-   `ProcessRunner` allows to limit captured output to a certain number of bytes. ([#&#8203;1511](diffplug/spotless#1511))
-   `ProcessRunner` is now capable of handling long-running tasks where waiting for exit is delegated to the caller. ([#&#8203;1511](diffplug/spotless#1511))
-   Allow to specify node executable for node-based formatters using `nodeExecutable` parameter ([#&#8203;1500](diffplug/spotless#1500))

##### Fixed

-   The default list of type annotations used by `formatAnnotations` has had 8 more annotations from the Checker Framework added [#&#8203;1494](diffplug/spotless#1494)

##### Changes

-   **POTENTIALLY BREAKING** Bump minimum JRE from 8 to 11, next release likely to bump bytecode to Java 11 ([#&#8203;1514](diffplug/spotless#1514) part 1 of [#&#8203;1337](diffplug/spotless#1337))
-   Rename `YamlJacksonStep` into `JacksonYamlStep` while normalizing Jackson usage ([#&#8203;1492](diffplug/spotless#1492))
-   Convert `gson` integration to use a compile-only source set ([#&#8203;1510](diffplug/spotless#1510)).
-   \*\* POTENTIALLY BREAKING\*\* Removed support for KtLint 0.3x and 0.45.2 ([#&#8203;1475](diffplug/spotless#1475))
    -   `KtLint` does not maintain a stable API - before this MR, we supported every breaking change in the API since 2019.
    -   From now on, we will support no more than 2 breaking changes at a time.
-   NpmFormatterStepStateBase delays `npm install` call until the formatter is first used. This enables better integration
    with `gradle-node-plugin`. ([#&#8203;1522](diffplug/spotless#1522))
-   Bump default `ktlint` version to latest `0.48.1` -> `0.48.2` ([#&#8203;1529](diffplug/spotless#1529))
-   Bump default `scalafmt` version to latest `3.6.1` -> `3.7.1` ([#&#8203;1529](diffplug/spotless#1529))

</details>

<details>
<summary>quarkusio/quarkus</summary>

### [`v2.16.2.Final`](https://github.com/quarkusio/quarkus/releases/tag/2.16.2.Final)

[Compare Source](quarkusio/quarkus@2.16.1.Final...2.16.2.Final)

##### Complete changelog

-   [#&#8203;30976](quarkusio/quarkus#30976) - Metrics - check if index contains class before attempting to use it
-   [#&#8203;30965](quarkusio/quarkus#30965) - JandexBeanInfoAdapter.getMetricAnnotationsThroughStereotype is not null safe
-   [#&#8203;30959](quarkusio/quarkus#30959) - Return text from /q/metrics when the Accept header contains html
-   [#&#8203;30953](quarkusio/quarkus#30953) - Fix OIDC capability string
-   [#&#8203;30947](quarkusio/quarkus#30947) - Ignore interface/class without default constructs fields in SB config
-   [#&#8203;30940](quarkusio/quarkus#30940) - Use SchemaType.ARRAY instead of "ARRAY" for native support
-   [#&#8203;30919](quarkusio/quarkus#30919) - Compilation to native fails, when quarkus-smallrye-openapi is included
-   [#&#8203;30916](quarkusio/quarkus#30916) - Add AppCDS documentation
-   [#&#8203;30896](quarkusio/quarkus#30896) - Quarkus spring-boot-properties extension unable to handle complex configuration.
-   [#&#8203;30878](quarkusio/quarkus#30878) - Bump postgresql from 42.5.2 to 42.5.3
-   [#&#8203;30866](quarkusio/quarkus#30866) - Only run the quickstart compilation for main
-   [#&#8203;30851](quarkusio/quarkus#30851) - Fixed return type typo in smallrye graphQL guide
-   [#&#8203;30844](quarkusio/quarkus#30844) - Fixed greeting in getting started guide
-   [#&#8203;30839](quarkusio/quarkus#30839) - Fix handling of Accept header in graphQL
-   [#&#8203;30833](quarkusio/quarkus#30833) - Update docs to show BuildProducer use as method parameter instead of field
-   [#&#8203;30828](quarkusio/quarkus#30828) - Make OIDC session cookie same site lax by default
-   [#&#8203;30826](quarkusio/quarkus#30826) - Caffeine - Automatically register metrics cache impls if Micrometer is around
-   [#&#8203;30825](quarkusio/quarkus#30825) - Fix comment about Caffeine optimization
-   [#&#8203;30823](quarkusio/quarkus#30823) - Change accept header to valid plain text in micrometer documentation
-   [#&#8203;30821](quarkusio/quarkus#30821) - Packaging type -Dquarkus.package.create-appcds=true isn't documented
-   [#&#8203;30815](quarkusio/quarkus#30815) - Update SmallRye Config to 2.13.2
-   [#&#8203;30812](quarkusio/quarkus#30812) - Manage the apache-mime4j dependency
-   [#&#8203;30806](quarkusio/quarkus#30806) - */* in Accept header is ignored if not listed as the first item
-   [#&#8203;30805](quarkusio/quarkus#30805) - MailTemplateInstance with attachments
-   [#&#8203;30803](quarkusio/quarkus#30803) - Support file and byte array attachments in `MailTemplateInstance`
-   [#&#8203;30797](quarkusio/quarkus#30797) - OIDC login not work
-   [#&#8203;30783](quarkusio/quarkus#30783) - <artifactId> uses 'quarkus.platform.artifact-id' property
-   [#&#8203;30778](quarkusio/quarkus#30778) - Avoid creating 3 Liquibase MongoDB instances for startup operations
-   [#&#8203;30776](quarkusio/quarkus#30776) - Ensure that AwsProxyRequestContext can be used with [@&#8203;Context](https://github.com/Context) in RESTEasy Reactive
-   [#&#8203;30767](quarkusio/quarkus#30767) - Remove duplicate notification of SseBroadcaster's onErrorListeners
-   [#&#8203;30765](quarkusio/quarkus#30765) - Bump postgresql from 42.5.1 to 42.5.2
-   [#&#8203;30755](quarkusio/quarkus#30755) - Update ForwardedParser to validate the port
-   [#&#8203;30744](quarkusio/quarkus#30744) - \[Quarkus Native] ClassNotFoundException: com.github.benmanes.caffeine.cache.SSSW
-   [#&#8203;30536](quarkusio/quarkus#30536) - munitnyucontextmanager non helpful error reporting
-   [#&#8203;29753](quarkusio/quarkus#29753) - Introduce ConnectionFactoryWrapperBuildItem
-   [#&#8203;29605](quarkusio/quarkus#29605) - Update docs to reflect that injection should not
-   [#&#8203;27774](quarkusio/quarkus#27774) - PLANNER-1709 Avoid deprecated penalize/reward overloads
-   [#&#8203;23442](quarkusio/quarkus#23442) - problem using quarkus-resteasy-reactive-kotlin-serialization with AwsProxyRequestContext

</details>

<details>
<summary>quarkusio/quarkus-platform</summary>

### [`v2.16.2.Final`](quarkusio/quarkus-platform@2.16.1.Final...2.16.2.Final)

[Compare Source](quarkusio/quarkus-platform@2.16.1.Final...2.16.2.Final)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
@gsmet gsmet modified the milestones: 2.16.2.Final, 2.13.8.Final May 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/dependencies Pull requests that update a dependency file area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants