diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index d7a38b4..39612b7 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -13,6 +13,8 @@ on:
jobs:
linkChecker:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
defaults:
run:
shell: "bash"
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index 8886e10..e8302fe 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -15,7 +15,6 @@ jobs:
shell: "bash"
permissions:
contents: read
- checks: write # Allow scacap/action-surefire-report
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
@@ -35,9 +34,3 @@ jobs:
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
-Djava.version=17 \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
- - name: Publish Test Report for Java 17
- uses: scacap/action-surefire-report@v1
- if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- fail_if_no_tests: false
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 8cea999..4c4b328 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -17,7 +17,6 @@ jobs:
}
permissions: {
contents: read,
- checks: write,
issues: read
}
concurrency: {
diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
index 9f536ee..1bf502f 100644
--- a/.github/workflows/dependencies_update.yml
+++ b/.github/workflows/dependencies_update.yml
@@ -61,14 +61,6 @@ jobs:
env: {
CREATED_ISSUES: '${{ inputs.vulnerability_issues }}'
}
- - name: Project Keeper Fix
- id: project-keeper-fix
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- - name: Project Keeper Fix for updated Project Keeper version
- id: project-keeper-fix-2
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Generate Pull Request comment
id: pr-comment
run: |
@@ -81,7 +73,11 @@ jobs:
echo 'It updates dependencies.' >> "$GITHUB_OUTPUT"
fi
echo >> "$GITHUB_OUTPUT"
- echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT"
+ echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT"
+ echo '## Run PK fix manually' >> "$GITHUB_OUTPUT"
+ echo 'Due to restrictions workflow `dependencies_update.yml` can't update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT"
+ echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT"
+ echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT"
echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT"
echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT"
echo 'EOF' >> "$GITHUB_OUTPUT"
diff --git a/dependencies.md b/dependencies.md
index 3e5700b..a5a0a35 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -37,7 +37,7 @@
| Dependency | License |
| ------------------------------------------------------- | --------------------------------- |
| [SonarQube Scanner for Maven][26] | [GNU LGPL 3][27] |
-| [Apache Maven Toolchains Plugin][28] | [Apache License, Version 2.0][12] |
+| [Apache Maven Toolchains Plugin][28] | [Apache-2.0][12] |
| [Apache Maven Compiler Plugin][29] | [Apache-2.0][12] |
| [Apache Maven Enforcer Plugin][30] | [Apache-2.0][12] |
| [Maven Flatten Plugin][31] | [Apache Software Licenese][12] |
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 7cb6d49..964a3f0 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [8.0.4](changes_8.0.4.md)
* [8.0.3](changes_8.0.3.md)
* [8.0.2](changes_8.0.2.md)
* [8.0.1](changes_8.0.1.md)
diff --git a/doc/changes/changes_8.0.4.md b/doc/changes/changes_8.0.4.md
new file mode 100644
index 0000000..4feda5b
--- /dev/null
+++ b/doc/changes/changes_8.0.4.md
@@ -0,0 +1,38 @@
+# Virtual Schema for Document Data in Files 8.0.4, released 2024-06-03
+
+Code name: Security update - fix for CVE-2024-36114
+
+## Summary
+
+Fixed CVE-2024-36114 https://github.com/advisories/GHSA-973x-65j7-xcf4.
+Updated dependencies.
+
+## Security
+
+* #161: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:parquet-io-java:2.0.8` to `2.0.9`
+* Updated `com.exasol:virtual-schema-common-document:10.1.1` to `10.1.2`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:udf-debugging-java:0.6.12` to `0.6.13`
+* Updated `com.exasol:virtual-schema-common-document:10.1.1` to `10.1.2`
+* Updated `org.apache.commons:commons-text:1.11.0` to `1.12.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.12.0`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3`
+* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.3.2`
+* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.2`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.4`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.7.0`
+* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121`
+* Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 766a6c3..d0aceba 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
virtual-schema-common-document-files-generated-parent
- 8.0.3
+ 8.0.4
pom
UTF-8
@@ -50,12 +50,12 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.11.0.3922
+ 4.0.0.4121
org.apache.maven.plugins
maven-toolchains-plugin
- 3.1.0
+ 3.2.0
@@ -88,7 +88,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.4.1
+ 3.5.0
enforce-maven
@@ -215,7 +215,7 @@
org.apache.maven.plugins
maven-deploy-plugin
- 3.1.1
+ 3.1.2
true
@@ -223,7 +223,7 @@
org.apache.maven.plugins
maven-gpg-plugin
- 3.2.2
+ 3.2.4
sign-artifacts
@@ -244,8 +244,8 @@
org.apache.maven.plugins
maven-source-plugin
+ Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (attach-sources) on project project-keeper-shared-model-classes: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them.
+ Using goal "jar-no-fork" didn't help. See https://stackoverflow.com/questions/76305897/maven-build-fails-after-upgrading-to-maven-source-plugin-from-3-2-1-to-3-3-0 -->
3.2.1
@@ -259,7 +259,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.6.3
+ 3.7.0
attach-javadocs
@@ -281,7 +281,7 @@
org.sonatype.plugins
nexus-staging-maven-plugin
- 1.6.13
+ 1.7.0
true
ossrh
@@ -343,7 +343,7 @@
com.exasol
error-code-crawler-maven-plugin
- 2.0.2
+ 2.0.3
verify
diff --git a/pom.xml b/pom.xml
index 1047590..569ab77 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,12 +2,12 @@
4.0.0
virtual-schema-common-document-files
- 8.0.3
+ 8.0.4
Virtual Schema for document data in files
Adapter for document data access from files.
https://github.com/exasol/virtual-schema-common-document-files/
- 10.1.1
+ 10.1.2
@@ -18,7 +18,7 @@
com.exasol
parquet-io-java
- 2.0.8
+ 2.0.9
@@ -47,7 +47,7 @@
org.mockito
mockito-junit-jupiter
- 5.11.0
+ 5.12.0
test
@@ -80,7 +80,7 @@
com.exasol
udf-debugging-java
- 0.6.12
+ 0.6.13
test
@@ -93,7 +93,7 @@
org.apache.commons
commons-text
- 1.11.0
+ 1.12.0
test
@@ -123,7 +123,7 @@
com.exasol
project-keeper-maven-plugin
- 4.3.0
+ 4.3.2
@@ -163,7 +163,7 @@
virtual-schema-common-document-files-generated-parent
com.exasol
- 8.0.3
+ 8.0.4
pk_generated_parent.pom