From d187c65f1d946bf48d70b580430968304e6d6b14 Mon Sep 17 00:00:00 2001 From: mufasa1976 Date: Mon, 20 May 2024 23:28:53 +0200 Subject: [PATCH 01/27] Enable multipart/related on FileUpload (#315) * added ability to use content-type: multipart/related * added entry to src/changes/changes.xml; removed unnecessary paragraph at javadoc * fixing checkstyle failures * fixed findings of review * added MockRequestContextTest * added License Header --- .../core/AbstractRequestContext.java | 16 ++ .../core/FileItemInputIteratorImpl.java | 18 +- .../fileupload2/core/RequestContext.java | 7 + .../core/AbstractFileUploadTest.java | 49 +++++ .../core/MockRequestContextTest.java | 187 ++++++++++++++++++ .../JakartaServletRequestContext.java | 1 - .../JakartaServletRequestContext.java | 1 - .../javax/JavaxServletRequestContext.java | 1 - .../portlet/JavaxPortletRequestContext.java | 1 - pom.xml | 4 + src/changes/changes.xml | 1 + 11 files changed, 280 insertions(+), 6 deletions(-) create mode 100644 commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/MockRequestContextTest.java diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractRequestContext.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractRequestContext.java index f6e96fae07..175ef2d27d 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractRequestContext.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractRequestContext.java @@ -20,8 +20,14 @@ import java.util.Objects; import java.util.function.Function; import java.util.function.LongSupplier; +import java.util.regex.Pattern; public abstract class AbstractRequestContext implements RequestContext { + /** + * The Content-Type Pattern for multipart/related Requests. + */ + private static final Pattern MULTIPART_RELATED = + Pattern.compile("^\\s*multipart/related.*", Pattern.CASE_INSENSITIVE); /** * Supplies the content length default. @@ -79,4 +85,14 @@ public String toString() { return String.format("%s [ContentLength=%s, ContentType=%s]", getClass().getSimpleName(), getContentLength(), getContentType()); } + /** + * Is the Request of type multipart/related? + * + * @return the Request is of type multipart/related + * @since 2.0.0 + */ + @Override + public boolean isMultipartRelated() { + return MULTIPART_RELATED.matcher(getContentType()).matches(); + } } diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java index c01f2ae37e..ba8041d760 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java @@ -31,7 +31,6 @@ * The iterator returned by {@link AbstractFileUpload#getItemIterator(RequestContext)}. */ class FileItemInputIteratorImpl implements FileItemInputIterator { - /** * The file uploads processing utility. * @@ -96,6 +95,11 @@ class FileItemInputIteratorImpl implements FileItemInputIterator { */ private boolean eof; + /** + * Is the Request of type multipart/related. + */ + private final boolean multipartRelated; + /** * Constructs a new instance. * @@ -109,6 +113,7 @@ class FileItemInputIteratorImpl implements FileItemInputIterator { this.sizeMax = fileUploadBase.getSizeMax(); this.fileSizeMax = fileUploadBase.getFileSizeMax(); this.requestContext = Objects.requireNonNull(requestContext, "requestContext"); + this.multipartRelated = this.requestContext.isMultipartRelated(); this.skipPreamble = true; findNextItem(); } @@ -147,7 +152,16 @@ private boolean findNextItem() throws FileUploadException, IOException { continue; } final var headers = fileUpload.getParsedHeaders(multi.readHeaders()); - if (currentFieldName == null) { + if (multipartRelated) { + currentFieldName = ""; + currentItem = new FileItemInputImpl( + this, null, null, headers.getHeader(AbstractFileUpload.CONTENT_TYPE), + false, getContentLength(headers)); + currentItem.setHeaders(headers); + progressNotifier.noteItem(); + itemValid = true; + return true; + } else if (currentFieldName == null) { // We're parsing the outer multipart final var fieldName = fileUpload.getFieldName(headers); if (fieldName != null) { diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/RequestContext.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/RequestContext.java index 1edb7b951f..1684e8174b 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/RequestContext.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/RequestContext.java @@ -70,4 +70,11 @@ default Charset getCharset() throws UnsupportedCharsetException { */ InputStream getInputStream() throws IOException; + /** + * Is the Request of type multipart/related? + * + * @return the Request is of type multipart/related + * @since 2.0.0 + */ + boolean isMultipartRelated(); } diff --git a/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractFileUploadTest.java b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractFileUploadTest.java index ef80e45df4..a41ad7e40a 100644 --- a/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractFileUploadTest.java +++ b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractFileUploadTest.java @@ -393,4 +393,53 @@ public void testIE5MacBug() throws FileUploadException { assertTrue(field2.isFormField()); assertEquals("fieldValue2", field2.getString()); } + + /** + * Test for multipart/related without any content-disposition Header. + * This kind of Content-Type is commonly used by SOAP-Requests with Attachments (MTOM) + */ + @Test + public void testMultipleRelated() throws Exception { + final String soapEnvelope = + "\r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + " \r\n" + + ""; + + final String text = + "-----1234\r\n" + + "content-type: application/xop+xml; type=\"application/soap+xml\"\r\n" + + "\r\n" + + soapEnvelope + "\r\n" + + "-----1234\r\n" + + "Content-type: text/plain\r\n" + + "content-id: \r\n" + + "\r\n" + + "some text/plain content\r\n" + + "-----1234--\r\n"; + + final var bytes = text.getBytes(StandardCharsets.US_ASCII); + final var fileItems = parseUpload(upload, bytes, "multipart/related; boundary=---1234;" + + " type=\"application/xop+xml\"; start-info=\"application/soap+xml\""); + assertEquals(2, fileItems.size()); + + final var part1 = fileItems.get(0); + assertNull(part1.getFieldName()); + assertFalse(part1.isFormField()); + assertEquals(soapEnvelope, part1.getString()); + + final var part2 = fileItems.get(1); + assertNull(part2.getFieldName()); + assertFalse(part2.isFormField()); + assertEquals("some text/plain content", part2.getString()); + assertEquals("text/plain", part2.getContentType()); + assertNull(part2.getName()); + } } diff --git a/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/MockRequestContextTest.java b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/MockRequestContextTest.java new file mode 100644 index 0000000000..e8a34f82dc --- /dev/null +++ b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/MockRequestContextTest.java @@ -0,0 +1,187 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.fileupload2.core; + +import org.junit.jupiter.api.Test; + +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.nio.charset.UnsupportedCharsetException; +import java.util.function.Function; +import java.util.function.LongSupplier; + +import static org.junit.jupiter.api.Assertions.*; + +/** + * Tests for {@link AbstractRequestContext} + */ +public class MockRequestContextTest { + /** + * Test if the content-length Value is numeric. + */ + @Test + public void getContentLengthByParsing() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "US-ASCII", + "text/plain", + null); + assertEquals(1234L, request.getContentLength()); + } + + /** + * Test if the content-length Value is not numeric + * and the Default will be taken. + */ + @Test + public void getContentLengthDefaultBecauseOfInvalidNumber() { + final RequestContext request = new MockRequestContext( + x -> "not-a-number", + () -> 5678L, + "Request", + "US-ASCII", + "text/plain", + null); + assertEquals(5678L, request.getContentLength()); + } + + /** + * Test if the given character-encoding is a valid CharEncoding + */ + @Test + public void getCharset() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "US-ASCII", + "text/plain", + null); + assertEquals(StandardCharsets.US_ASCII, request.getCharset()); + } + + /** + * Test if the given character-encoding is an invalid CharEncoding + * and leads to {@link UnsupportedCharsetException} + */ + @Test + public void getInvalidCharset() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "invalid-charset", + "text/plain", + null); + assertThrows(UnsupportedCharsetException.class, request::getCharset); + } + + /** + * Test the toString() Output + */ + @Test + public void testToString() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "US-ASCII", + "text/plain", + null); + assertEquals("MockRequestContext [ContentLength=1234, ContentType=text/plain]", request.toString()); + } + + /** + * Test if the content-type is multipart/related + */ + @Test + public void testIsMultipartRelated() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "US-ASCII", + "multipart/related; boundary=---1234; type=\"application/xop+xml\"; start-info=\"application/soap+xml\"", + null); + assertTrue(request.isMultipartRelated()); + } + + /** + * Test if the content-type is not multipart/related + */ + @Test + public void testIsNotMultipartRelated() { + final RequestContext request = new MockRequestContext( + x -> "1234", + () -> 5678L, + "Request", + "US-ASCII", + "text/plain", + null); + assertFalse(request.isMultipartRelated()); + } + + private static final class MockRequestContext extends AbstractRequestContext { + private final String characterEncoding; + private final String contentType; + private final InputStream inputStream; + + private MockRequestContext(Function contentLengthString, + LongSupplier contentLengthDefault, + Object request, + String characterEncoding, + String contentType, + InputStream inputStream) { + super(contentLengthString, contentLengthDefault, request); + this.characterEncoding = characterEncoding; + this.contentType = contentType; + this.inputStream = inputStream; + } + + /** + * Gets the character encoding for the request. + * + * @return The character encoding for the request. + */ + @Override + public String getCharacterEncoding() { + return characterEncoding; + } + + /** + * Gets the content type of the request. + * + * @return The content type of the request. + */ + @Override + public String getContentType() { + return contentType; + } + + /** + * Gets the input stream for the request. + * + * @return The input stream for the request. + */ + @Override + public InputStream getInputStream() { + return inputStream; + } + } +} diff --git a/commons-fileupload2-jakarta-servlet5/src/main/java/org/apache/commons/fileupload2/jakarta/servlet5/JakartaServletRequestContext.java b/commons-fileupload2-jakarta-servlet5/src/main/java/org/apache/commons/fileupload2/jakarta/servlet5/JakartaServletRequestContext.java index 5b93c90669..086aedbe09 100644 --- a/commons-fileupload2-jakarta-servlet5/src/main/java/org/apache/commons/fileupload2/jakarta/servlet5/JakartaServletRequestContext.java +++ b/commons-fileupload2-jakarta-servlet5/src/main/java/org/apache/commons/fileupload2/jakarta/servlet5/JakartaServletRequestContext.java @@ -67,5 +67,4 @@ public String getContentType() { public InputStream getInputStream() throws IOException { return getRequest().getInputStream(); } - } diff --git a/commons-fileupload2-jakarta-servlet6/src/main/java/org/apache/commons/fileupload2/jakarta/servlet6/JakartaServletRequestContext.java b/commons-fileupload2-jakarta-servlet6/src/main/java/org/apache/commons/fileupload2/jakarta/servlet6/JakartaServletRequestContext.java index 2763700a27..2984141280 100644 --- a/commons-fileupload2-jakarta-servlet6/src/main/java/org/apache/commons/fileupload2/jakarta/servlet6/JakartaServletRequestContext.java +++ b/commons-fileupload2-jakarta-servlet6/src/main/java/org/apache/commons/fileupload2/jakarta/servlet6/JakartaServletRequestContext.java @@ -67,5 +67,4 @@ public String getContentType() { public InputStream getInputStream() throws IOException { return getRequest().getInputStream(); } - } diff --git a/commons-fileupload2-javax/src/main/java/org/apache/commons/fileupload2/javax/JavaxServletRequestContext.java b/commons-fileupload2-javax/src/main/java/org/apache/commons/fileupload2/javax/JavaxServletRequestContext.java index e933b70cdb..9cc2af3bfe 100644 --- a/commons-fileupload2-javax/src/main/java/org/apache/commons/fileupload2/javax/JavaxServletRequestContext.java +++ b/commons-fileupload2-javax/src/main/java/org/apache/commons/fileupload2/javax/JavaxServletRequestContext.java @@ -67,5 +67,4 @@ public String getContentType() { public InputStream getInputStream() throws IOException { return getRequest().getInputStream(); } - } diff --git a/commons-fileupload2-portlet/src/main/java/org/apache/commons/fileupload2/portlet/JavaxPortletRequestContext.java b/commons-fileupload2-portlet/src/main/java/org/apache/commons/fileupload2/portlet/JavaxPortletRequestContext.java index 460a55e65c..671b488c46 100644 --- a/commons-fileupload2-portlet/src/main/java/org/apache/commons/fileupload2/portlet/JavaxPortletRequestContext.java +++ b/commons-fileupload2-portlet/src/main/java/org/apache/commons/fileupload2/portlet/JavaxPortletRequestContext.java @@ -67,5 +67,4 @@ public String getContentType() { public InputStream getInputStream() throws IOException { return getRequest().getPortletInputStream(); } - } diff --git a/pom.xml b/pom.xml index fcbcea9683..df92078308 100644 --- a/pom.xml +++ b/pom.xml @@ -201,6 +201,10 @@ Martin Grigorov mgrigorov@apache.org + + mufasa1976 + mufasa1976@coolstuff.software + diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 0549af2f4f..b7f551b757 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -48,6 +48,7 @@ The type attribute can be add,update,fix,remove. [site] Fix instantiation of DiskFileItemFactory in migration guide #273. [site] Update code example: Use IOUtils instead of Streams utils class. + handle multipart/related Requests without content-disposition header Bump org.apache.commons:commons-parent from 66 to 69 #283, #294. Bump commons-io:commons-io from 2.16.0 to 2.16.1 #297. From 9fe54bfdb8450785a9b7a33fbb7643b594b55aec Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Mon, 20 May 2024 17:30:55 -0400 Subject: [PATCH 02/27] Fix changes.xml --- src/changes/changes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index b7f551b757..a35a1f03be 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -48,7 +48,7 @@ The type attribute can be add,update,fix,remove. [site] Fix instantiation of DiskFileItemFactory in migration guide #273. [site] Update code example: Use IOUtils instead of Streams utils class. - handle multipart/related Requests without content-disposition header + Handle multipart/related Requests without content-disposition header. Bump org.apache.commons:commons-parent from 66 to 69 #283, #294. Bump commons-io:commons-io from 2.16.0 to 2.16.1 #297. From 70e442b6615e6dbdb2c5331f01858c26cc046db2 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Thu, 23 May 2024 09:20:28 -0400 Subject: [PATCH 03/27] Javadoc --- .../org/apache/commons/fileupload2/core/DiskFileItem.java | 2 +- .../commons/fileupload2/core/DiskFileItemFactory.java | 2 +- .../org/apache/commons/fileupload2/core/FileItem.java | 8 ++++---- .../commons/fileupload2/core/FileItemHeadersProvider.java | 2 +- .../apache/commons/fileupload2/core/MultipartInput.java | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java index 77d70d54f9..74bd562796 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java @@ -500,7 +500,7 @@ public boolean isInMemory() { * Sets the default charset for use when no explicit charset parameter is provided by the sender. * * @param charset the default charset - * @return this + * @return {@code this} instance. */ public DiskFileItem setCharsetDefault(final Charset charset) { charsetDefault = charset; diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItemFactory.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItemFactory.java index 166a0fa8c3..2bc6392c01 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItemFactory.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItemFactory.java @@ -108,7 +108,7 @@ public DiskFileItemFactory get() { * Sets the tracker, which is responsible for deleting temporary files. * * @param fileCleaningTracker Callback to track files created, or null (default) to disable tracking. - * @return this + * @return {@code this} instance. */ public Builder setFileCleaningTracker(final FileCleaningTracker fileCleaningTracker) { this.fileCleaningTracker = fileCleaningTracker; diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItem.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItem.java index 18f8c79d54..cbc1957a3b 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItem.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItem.java @@ -48,7 +48,7 @@ public interface FileItem> extends FileItemHeadersProvider * Deletes the underlying storage for a file item, including deleting any associated temporary disk file. Use this method to ensure that this is done at an * earlier time, to preserve resources. * - * @return this + * @return {@code this} instance. * @throws IOException if an error occurs. */ F delete() throws IOException; @@ -148,7 +148,7 @@ public interface FileItem> extends FileItemHeadersProvider * Sets the field name used to reference this file item. * * @param name The name of the form field. - * @return this + * @return {@code this} instance. */ F setFieldName(String name); @@ -156,7 +156,7 @@ public interface FileItem> extends FileItemHeadersProvider * Sets whether or not a {@code FileItem} instance represents a simple form field. * * @param state {@code true} if the instance represents a simple form field; {@code false} if it represents an uploaded file. - * @return this + * @return {@code this} instance. */ F setFormField(boolean state); @@ -173,7 +173,7 @@ public interface FileItem> extends FileItemHeadersProvider * * @param file The {@code File} into which the uploaded item should be stored. * @throws IOException if an error occurs. - * @return this + * @return {@code this} instance. */ F write(Path file) throws IOException; diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemHeadersProvider.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemHeadersProvider.java index 55d2f5552b..39f135e297 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemHeadersProvider.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemHeadersProvider.java @@ -37,7 +37,7 @@ public interface FileItemHeadersProvider> { * the raw headers found within the item header block. * * @param headers the instance that holds onto the headers for this instance. - * @return this + * @return {@code this} instance. */ T setHeaders(FileItemHeaders headers); diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java index 957c8b1a55..e9fe42914c 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java @@ -135,7 +135,7 @@ public MultipartInput get() throws IOException { * Sets the boundary. * * @param boundary the boundary. - * @return this + * @return {@code this} instance. */ public Builder setBoundary(final byte[] boundary) { this.boundary = boundary; @@ -146,7 +146,7 @@ public Builder setBoundary(final byte[] boundary) { * Sets the progress notifier. * * @param progressNotifier progress notifier.. - * @return this + * @return {@code this} instance. */ public Builder setProgressNotifier(final ProgressNotifier progressNotifier) { this.progressNotifier = progressNotifier; From 4d20b4a3a790337eab1e3c33fe2f482e1c5f53aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 14:53:20 -0400 Subject: [PATCH 04/27] Bump github/codeql-action from 3.25.5 to 3.25.6 (#317) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b7cec7526559c32f1616476ff32d17ba4c59b2d6...9fdb3e49720b44c48891d036bb502feb25684276) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index db83678ea4..beb022d3b8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index db88898fce..0aaeb8d36f 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -64,6 +64,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 with: sarif_file: results.sarif From 2d10733a1a2355abd6dfc9b2b86affc816cdcebf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 14:53:46 -0400 Subject: [PATCH 05/27] Bump codecov/codecov-action from 4.4.0 to 4.4.1 (#316) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.0 to 4.4.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/6d798873df2b1b8e5846dba6fb86631229fbcb17...125fc84a9a348dbcf27191600683ec096ec9021c) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1ca82e4864..6ef3a12561 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -47,6 +47,6 @@ jobs: run: mvn --show-version --batch-mode --no-transfer-progress clean test jacoco:report - name: Upload coverage to Codecov - uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 with: files: ./target/site/jacoco/jacoco.xml From c3ad4d3cb2053d3249f9b44eebce98aac2c752ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 15:00:06 -0400 Subject: [PATCH 06/27] Bump github/codeql-action from 3.25.6 to 3.25.7 (#318) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...f079b8493333aace61c81488f8bd40919487bd9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index beb022d3b8..92c16dbd3b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 + uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 0aaeb8d36f..6468b77f86 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -64,6 +64,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # 3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 with: sarif_file: results.sarif From 000eb6f7e41822aa314eacd39e02bc6057e7d7b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 15:18:39 -0400 Subject: [PATCH 07/27] Bump github/codeql-action from 3.25.7 to 3.25.8 (#320) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f079b8493333aace61c81488f8bd40919487bd9f...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 92c16dbd3b..e4409531c8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 6468b77f86..ae7a6eacd8 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -64,6 +64,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # 3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 with: sarif_file: results.sarif From 4bc239f0158367236dffdfd3deb0d84705ad998d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 15:38:16 -0400 Subject: [PATCH 08/27] Bump codecov/codecov-action from 4.4.1 to 4.5.0 (#325) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/125fc84a9a348dbcf27191600683ec096ec9021c...e28ff129e5465c2c0dcc6f003fc735cb6ae0c673) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 6ef3a12561..f0a9da8ee1 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -47,6 +47,6 @@ jobs: run: mvn --show-version --batch-mode --no-transfer-progress clean test jacoco:report - name: Upload coverage to Codecov - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: files: ./target/site/jacoco/jacoco.xml From 287061cc1c68e198db416fee6bc14e04941812f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 15:38:25 -0400 Subject: [PATCH 09/27] Bump actions/checkout from 4.1.6 to 4.1.7 (#324) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/coverage.yml | 2 +- .github/workflows/maven.yml | 2 +- .github/workflows/scorecards-analysis.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e4409531c8..efccae5e26 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index f0a9da8ee1..7e55b15025 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -29,7 +29,7 @@ jobs: java: [ 11 ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 9acd49c151..5294d68dd8 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -38,7 +38,7 @@ jobs: # experimental: true steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index ae7a6eacd8..157a234b1b 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false From 7abbb8780356c6efe15e45d49669d02baa47a122 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 15:38:37 -0400 Subject: [PATCH 10/27] Bump github/codeql-action from 3.25.8 to 3.25.10 (#323) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2e230e8fe0ad3a14a340ad0815ddb96d599d2aff...23acc5c183826b7a8a97bce3cecc52db901f8251) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index efccae5e26..f51141df31 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 + uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 157a234b1b..7efca3176b 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -64,6 +64,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # 3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 with: sarif_file: results.sarif From 5c82e3449e51ab24a41d1df4e6ca1f26c686169a Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 22 Jun 2024 17:31:01 -0400 Subject: [PATCH 11/27] Fix PMD UnnecessaryFullyQualifiedName --- .../java/org/apache/commons/fileupload2/core/DiskFileItem.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java index 74bd562796..bb82efb47c 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/DiskFileItem.java @@ -386,7 +386,7 @@ public InputStream getInputStream() throws IOException { */ @Override public String getName() { - return DiskFileItem.checkFileName(fileName); + return checkFileName(fileName); } /** From 36e12f991faab9933cb43556105a9f19717b80c7 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 23 Jun 2024 08:29:49 -0400 Subject: [PATCH 12/27] Add missing Javadoc for generics --- .../commons/fileupload2/core/MultipartInput.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java index e9fe42914c..e90b8d6071 100644 --- a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java +++ b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java @@ -258,14 +258,16 @@ public void close(final boolean closeUnderlying) throws IOException { input.close(); } else { for (;;) { - var av = available(); - if (av == 0) { - av = makeAvailable(); - if (av == 0) { + var avail = available(); + if (avail == 0) { + avail = makeAvailable(); + if (avail == 0) { break; } } - skip(av); + if (skip(avail) != avail) { + // TODO What to do? + } } } closed = true; From 4c9de33ab64394585609b86d6405900457d53263 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 23 Jun 2024 08:30:10 -0400 Subject: [PATCH 13/27] Add missing Javadoc for generics --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index df92078308..4e6a8f02c3 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ org.apache.commons commons-parent - 69 + 71 commons-fileupload2 From ae93d99bc24113150c07e2850ece2892971cc008 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 23 Jun 2024 08:36:16 -0400 Subject: [PATCH 14/27] Revert "Add missing Javadoc for generics" This reverts commit 4c9de33ab64394585609b86d6405900457d53263. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4e6a8f02c3..df92078308 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ org.apache.commons commons-parent - 71 + 69 commons-fileupload2 From 370556314d805e30b21593d0f495416f21ef7dbb Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 23 Jun 2024 09:01:44 -0400 Subject: [PATCH 15/27] Bump org.apache.commons:commons-parent from 69 to 71 Redo PMD configuration --- pom.xml | 17 ++++-- src/changes/changes.xml | 2 +- src/checkstyle/fileupload_basic.xml | 25 -------- src/conf/pmd-ruleset.xml | 91 +++++++++++++++++++++++++++++ 4 files changed, 105 insertions(+), 30 deletions(-) delete mode 100644 src/checkstyle/fileupload_basic.xml create mode 100644 src/conf/pmd-ruleset.xml diff --git a/pom.xml b/pom.xml index df92078308..2c67979055 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ org.apache.commons commons-parent - 69 + 71 commons-fileupload2 @@ -258,9 +258,8 @@ true true true - ${commons.javadoc11.java.link} https://jakarta.ee/specifications/platform/9.1/apidocs/ - 3.6.3 + 3.7.0 2.0.0-M1 @@ -337,6 +336,16 @@ ${commons.parent.dir}/spotbugs-exclude-filter.xml + + org.apache.maven.plugins + maven-pmd-plugin + + ${maven.compiler.target} + + ${commons.parent.dir}/src/conf/pmd-ruleset.xml + + + org.apache.maven.plugins maven-javadoc-plugin @@ -395,7 +404,7 @@ ${maven.compiler.target} - ${commons.parent.dir}/src/checkstyle/fileupload_basic.xml + ${commons.parent.dir}/src/conf/pmd-ruleset.xml diff --git a/src/changes/changes.xml b/src/changes/changes.xml index a35a1f03be..60637c23c7 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -50,7 +50,7 @@ The type attribute can be add,update,fix,remove. Handle multipart/related Requests without content-disposition header. - Bump org.apache.commons:commons-parent from 66 to 69 #283, #294. + Bump org.apache.commons:commons-parent from 66 to 71 #283, #294. Bump commons-io:commons-io from 2.16.0 to 2.16.1 #297. diff --git a/src/checkstyle/fileupload_basic.xml b/src/checkstyle/fileupload_basic.xml deleted file mode 100644 index e4f2260190..0000000000 --- a/src/checkstyle/fileupload_basic.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - PMD Basic Ruleset minus the EmptyCatchBlock rule. - - - - - diff --git a/src/conf/pmd-ruleset.xml b/src/conf/pmd-ruleset.xml new file mode 100644 index 0000000000..89eb9b8d2b --- /dev/null +++ b/src/conf/pmd-ruleset.xml @@ -0,0 +1,91 @@ + + + + + This ruleset checks the code for discouraged programming constructs. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From aee62855c2d72f4190066dfbe4259ce32a464409 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 29 Jun 2024 08:03:06 -0400 Subject: [PATCH 16/27] Drop CodeQL - It now requires an API key and a login to view reports - Instead, use 'mvn clean install site -P jacoco' to view JaCoCo HTML reports --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ccb34ddb0e..cb1f6e1928 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,6 @@ Apache Commons FileUpload [![Coverage Status](https://codecov.io/gh/apache/commons-fileupload/branch/master/graph/badge.svg)](https://app.codecov.io/gh/apache/commons-fileupload) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/badge.svg?gav=true)](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/?gav=true) [![Javadocs](https://javadoc.io/badge/org.apache.commons/commons-fileupload2/2.0.0-M2.svg)](https://javadoc.io/doc/org.apache.commons/commons-fileupload2/2.0.0-M2) -[![CodeQL](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/apache/commons-fileupload/badge)](https://api.securityscorecards.dev/projects/github.com/apache/commons-fileupload) The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart From 5bb2b19ae05041e1f2937fe2ded61b471d65f25f Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 29 Jun 2024 08:11:34 -0400 Subject: [PATCH 17/27] Drop CodeQL - It now requires an API key and a login to view reports - Instead, use 'mvn clean install site -P jacoco' to view JaCoCo HTML reports --- .github/workflows/codeql-analysis.yml | 85 --------------------------- 1 file changed, 85 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index f51141df31..0000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,85 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: "CodeQL" - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '33 9 * * 4' - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'java' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support - - steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 From 9d00bf28d8af01c4b77a619d6ba354983f89e0d7 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 29 Jun 2024 10:50:59 -0400 Subject: [PATCH 18/27] Revert "Drop CodeQL" This reverts commit 5bb2b19ae05041e1f2937fe2ded61b471d65f25f. --- .github/workflows/codeql-analysis.yml | 85 +++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000000..f51141df31 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,85 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '33 9 * * 4' + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false + - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 From 2e7beeadb9978bd46f159db8d90497821fb4579f Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 29 Jun 2024 10:51:00 -0400 Subject: [PATCH 19/27] Revert "Drop CodeQL" This reverts commit aee62855c2d72f4190066dfbe4259ce32a464409. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cb1f6e1928..ccb34ddb0e 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ Apache Commons FileUpload [![Coverage Status](https://codecov.io/gh/apache/commons-fileupload/branch/master/graph/badge.svg)](https://app.codecov.io/gh/apache/commons-fileupload) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/badge.svg?gav=true)](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/?gav=true) [![Javadocs](https://javadoc.io/badge/org.apache.commons/commons-fileupload2/2.0.0-M2.svg)](https://javadoc.io/doc/org.apache.commons/commons-fileupload2/2.0.0-M2) +[![CodeQL](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/apache/commons-fileupload/badge)](https://api.securityscorecards.dev/projects/github.com/apache/commons-fileupload) The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart From 99b0f7623fefda7489712cc8195b915a31bc15c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Jun 2024 11:57:21 -0400 Subject: [PATCH 20/27] Bump github/codeql-action from 3.25.10 to 3.25.11 (#326) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/23acc5c183826b7a8a97bce3cecc52db901f8251...b611370bb5703a7efb587f9d136a52ea24c5c38c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 7efca3176b..b8c14b15b3 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -64,6 +64,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # 3.25.11 with: sarif_file: results.sarif From ba0599fb119c56150044b3ca405f444f9080d14d Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sat, 29 Jun 2024 14:25:01 -0400 Subject: [PATCH 21/27] Drop codecov.io - It now requires an API key and a login to view reports - Instead, use 'mvn clean install site -P jacoco' to view JaCoCo HTML reports --- .github/workflows/coverage.yml | 52 ---------------------------------- README.md | 1 - 2 files changed, 53 deletions(-) delete mode 100644 .github/workflows/coverage.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index 7e55b15025..0000000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,52 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Coverage - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - java: [ 11 ] - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - distribution: 'temurin' - java-version: ${{ matrix.java }} - - name: Build with Maven - run: mvn --show-version --batch-mode --no-transfer-progress clean test jacoco:report - - - name: Upload coverage to Codecov - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 - with: - files: ./target/site/jacoco/jacoco.xml diff --git a/README.md b/README.md index ccb34ddb0e..9d7aa5cc48 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ Apache Commons FileUpload =================== [![Java CI](https://github.com/apache/commons-fileupload/actions/workflows/maven.yml/badge.svg)](https://github.com/apache/commons-fileupload/actions/workflows/maven.yml) -[![Coverage Status](https://codecov.io/gh/apache/commons-fileupload/branch/master/graph/badge.svg)](https://app.codecov.io/gh/apache/commons-fileupload) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/badge.svg?gav=true)](https://maven-badges.herokuapp.com/maven-central/org.apache.commons/commons-fileupload2/?gav=true) [![Javadocs](https://javadoc.io/badge/org.apache.commons/commons-fileupload2/2.0.0-M2.svg)](https://javadoc.io/doc/org.apache.commons/commons-fileupload2/2.0.0-M2) [![CodeQL](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/apache/commons-fileupload/actions/workflows/codeql-analysis.yml) From 4839653ee2cb16e49e3187a329a5f3bad69eab08 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:48:49 -0400 Subject: [PATCH 22/27] Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#328) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index b8c14b15b3..9c3dcf97c1 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,7 +57,7 @@ jobs: publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # 4.3.4 with: name: SARIF file path: results.sarif From 020117009970528d56593cf71f8fc26c770b92c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:49:06 -0400 Subject: [PATCH 23/27] Bump github/codeql-action from 3.25.10 to 3.25.11 (#329) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.25.10...b611370bb5703a7efb587f9d136a52ea24c5c38c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f51141df31..190a896047 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # 3.25.11 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # 3.25.11 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # 3.25.10 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # 3.25.11 From 0ad66df97b8605145cf5ba929615cbe7f7391859 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:49:50 -0400 Subject: [PATCH 24/27] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 (#319) Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.6.3 to 3.7.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.6.3...maven-javadoc-plugin-3.7.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2c67979055..85f7d24477 100644 --- a/pom.xml +++ b/pom.xml @@ -362,7 +362,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.6.3 + 3.7.0 From 13f6a1ee454a1b8d74a80b5b22a782c905bc519b Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Fri, 5 Jul 2024 14:50:34 -0400 Subject: [PATCH 25/27] \Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 #319 --- src/changes/changes.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 60637c23c7..c9c6f9323f 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -52,6 +52,7 @@ The type attribute can be add,update,fix,remove. Bump org.apache.commons:commons-parent from 66 to 71 #283, #294. Bump commons-io:commons-io from 2.16.0 to 2.16.1 #297. + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 #319. From 5bc00036bc3f73f946e607b519c332684075aaad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jul 2024 15:00:31 -0400 Subject: [PATCH 26/27] Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 (#327) Bumps [org.codehaus.mojo:taglist-maven-plugin](https://github.com/mojohaus/taglist-maven-plugin) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/mojohaus/taglist-maven-plugin/releases) - [Commits](https://github.com/mojohaus/taglist-maven-plugin/compare/taglist-maven-plugin-3.0.0...3.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:taglist-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85f7d24477..81acabc4fe 100644 --- a/pom.xml +++ b/pom.xml @@ -411,7 +411,7 @@ org.codehaus.mojo taglist-maven-plugin - 3.0.0 + 3.1.0 From 9f02e47576820c44309fbd94be682c1187dd1b9a Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Fri, 5 Jul 2024 15:01:03 -0400 Subject: [PATCH 27/27] Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 #327 --- src/changes/changes.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index c9c6f9323f..0f517b9893 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -52,7 +52,8 @@ The type attribute can be add,update,fix,remove. Bump org.apache.commons:commons-parent from 66 to 71 #283, #294. Bump commons-io:commons-io from 2.16.0 to 2.16.1 #297. - Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 #319. + Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 #319. + Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 #327.