Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge master 2024-06-10 #963

Merged
merged 63 commits into from
Jun 12, 2024
Merged

Conversation

lukaszlenart
Copy link
Member

Merge master branch into Struts 7 branch

dependabot bot and others added 30 commits April 8, 2024 01:20
Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M6 to 3.2.5.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.0.0-M6...surefire-3.2.5)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps `asm.version` from 9.6 to 9.7.

Updates `org.ow2.asm:asm` from 9.6 to 9.7

Updates `org.ow2.asm:asm-commons` from 9.6 to 9.7

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.ow2.asm:asm-commons
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.25.2...assertj-build-3.25.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Previously, it was impossible to set global options for the CSP interceptor. The only options was to have every action individually implement CspSettingsAware.

To fix this, we add an interceptor parameter of defaultCspSettingsClassName. Values from this class will be used in the CSP header instead of DefaultCspSettings. Users may define their own custom class which implements CspSettings, and that will be the default for all actions that do not implement the CspSettingsAware interface. It is now possible to create this custom class by simply extending DefaultCspSettings.

I have fixed a spelling error in DefaultCspSettings.java -- cratePolicyFormat renamed to createPolicyFormat.
…rtj-core-3.25.3

Bump org.assertj:assertj-core from 3.25.2 to 3.25.3
Bumps [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) from 2.16.1 to 2.16.2.
- [Release notes](https://github.com/mojohaus/versions/releases)
- [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md)
- [Commits](mojohaus/versions@2.16.1...2.16.2)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:versions-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@5d5d22a...1746f4a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…/upload-artifact-4.3.2

Bump actions/upload-artifact from 4.3.1 to 4.3.2
…o-versions-maven-plugin-2.16.2

Bump org.codehaus.mojo:versions-maven-plugin from 2.16.1 to 2.16.2
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](mojohaus/exec-maven-plugin@exec-maven-plugin-3.1.0...3.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@1746f4a...6546280)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…o-exec-maven-plugin-3.2.0

Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0
…/upload-artifact-4.3.3

Bump actions/upload-artifact from 4.3.2 to 4.3.3
….plugins-maven-failsafe-plugin-3.2.5

Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.0.0-M6 to 3.2.5
WW-5420 Upgrades commons-text to ver. 1.12.0
[WW-5419] Fixes support for loading Tiles definitions
WW-5400 Extend default configuration options for the CSP interceptor.
Bumps [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.3.0 to 3.3.1.
- [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.0...maven-source-plugin-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-source-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps `slf4j.version` from 2.0.12 to 2.0.13.

Updates `org.slf4j:slf4j-api` from 2.0.12 to 2.0.13

Updates `org.slf4j:slf4j-simple` from 2.0.12 to 2.0.13

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.slf4j:slf4j-simple
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.apache.maven.plugins:maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.0.0 to 3.5.0.
- [Commits](apache/maven-project-info-reports-plugin@maven-project-info-reports-plugin-3.0.0...maven-project-info-reports-plugin-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@0864cf1...dc50aa9)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
….plugins-maven-source-plugin-3.3.1

Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1
lukaszlenart and others added 20 commits June 2, 2024 13:53
This option doesn't play with Silence Consensus
Bumps [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.6.0 to 3.7.1.
- [Release notes](https://github.com/apache/maven-assembly-plugin/releases)
- [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.6.0...maven-assembly-plugin-3.7.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-assembly-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps org.freemarker:freemarker from 2.3.32 to 2.3.33.

---
updated-dependencies:
- dependency-name: org.freemarker:freemarker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
….plugins-maven-assembly-plugin-3.7.1

Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1
…reemarker-2.3.33

WW-5426 Bump org.freemarker:freemarker from 2.3.32 to 2.3.33
[WW-5424] Fixes ClassCastException when using short var name in s:set tag
Co-authored-by: Kusal Kithul-Godage <git@kusal.io>
Bumps org.apache.commons:commons-compress from 1.26.0 to 1.26.2.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-compress
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 8.4.2 to 9.2.0.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v8.4.2...v9.2.0)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
…ns-commons-compress-1.26.2

Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.2
…ency-check-maven-9.2.0

Bump org.owasp:dependency-check-maven from 8.4.2 to 9.2.0
WW-5250 Addresses TODO in test and stops using Mock Objects
Copy link

@lukaszlenart lukaszlenart merged commit d1d02c1 into release/struts-7-0-x Jun 12, 2024
7 checks passed
@lukaszlenart lukaszlenart deleted the merge/master-2024-06-10 branch June 12, 2024 05:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants