Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the all-modules group in /sda-sftp-inbox with 5 updates #1076

Merged
merged 1 commit into from
Oct 8, 2024
Merged

Bump the all-modules group in /sda-sftp-inbox with 5 updates #1076

merged 1 commit into from
Oct 8, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 7, 2024

Bumps the all-modules group in /sda-sftp-inbox with 5 updates:

Package From To
org.apache.sshd:sshd-sftp 2.13.2 2.14.0
com.amazonaws:aws-java-sdk-s3 1.12.772 1.12.773
org.junit.vintage:junit-vintage-engine 5.11.1 5.11.2
org.apache.maven.plugins:maven-surefire-plugin 3.5.0 3.5.1
org.apache.maven.plugins:maven-failsafe-plugin 3.5.0 3.5.1

Updates org.apache.sshd:sshd-sftp from 2.13.2 to 2.14.0

Release notes

Sourced from org.apache.sshd:sshd-sftp's releases.

SSHD 2.14.0

Full Changelog: apache/mina-sshd@sshd-2.13.2...sshd-2.14.0

Bug Fixes

  • GH-524 Performance improvements
  • GH-533 Fix multi-step authentication
  • GH-582 Fix filtering in NamedFactory
  • GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
  • GH-590 Better support for FIPS
  • GH-597 Pass on Charset in ClientSession.executeRemoteCommand()

New Features

  • New utility methods SftpClient.put(Path localFile, String remoteFileName) and SftpClient.put(InputStream in, String remoteFileName) facilitate SFTP file uploading.

GH-590 Better support for FIPS

Besides fixing a bug with bc-fips (the RandomGenerator class exists in normal Bouncy Castle, but not in the FIPS version, but Apache MINA sshd referenced it even if only bc-fips was present), support was improved for running in an environment restricted by FIPS.

There is a new system property org.apache.sshd.security.fipsEnabled. If set to true, a number of crypto-algorithms not approved by FIPS 140 are disabled:

  • key exchange methods sntrup761x25519-sha512, sntrup761x25519-sha512@​openssh.com, curve25519-sha256, curve25519-sha256@​libssh.org, curve448-sha512.
  • the chacha20-poly1305 cipher.
  • the bcrypt KDF used in encrypted private key files in OpenSSH format.
  • all ed25519 keys and signatures.

Additionally, the new "SunJCEWrapper" SecurityProviderRegistrar (see below) and the EdDSASecurityProviderRegistrar are disabled, and the BouncyCastleScurityProviderRegistrar looks only for the "BCFIPS" security provider, not for the normal "BC" provider.

If the system property is not set to true, FIPS mode can be enabled programmatically by calling SecurityUtils.setFipsMode() before any other call to Apache MINA sshd.

Potential compatibility issues

New security provider registrar

There is a new SecurityProviderRegistrar that is registered by default if there is a SunJCE security provider. It uses the AES and HmacSHA* implementations from SunJCE even if Bouncy Castle is also registered. SunJCE has native implementations, whereas Bouncy Castle may not.

The new registrar has the name "SunJCEWrapper" and can be configured like any other registrar. It can be disabled via the system property org.apache.sshd.security.provider.SunJCEWrapper.enabled=false. It is also

... (truncated)

Changelog

Sourced from org.apache.sshd:sshd-sftp's changelog.

Version 2.13.1 to 2.13.2

Version 2.13.1 to 2.14.0

Planned for next version

Bug Fixes

New Features

Potential compatibility issues

Major Code Re-factoring

Commits
  • 1cc0c0c [maven-release-plugin] prepare release sshd-2.14.0
  • 566445f Fix sshd-benchmark pom for release
  • 633f0a3 Remove unneeded managed dependency (#610)
  • 1fa773c Bump grpc.version from 1.65.1 to 1.66.0
  • 8fc559f Bump pmd.version from 7.4.0 to 7.5.0
  • 90872df Use a global SecureRandom instance
  • 2fff9b4 Remove logback-test.xml from sshd-common test jar (fix #595)
  • 01289ce RunBenchmarks: fix command line options
  • a1a2d8f Bump com.github.mwiede:jsch from 0.2.18 to 0.2.19
  • 684b204 Bump spring.version from 5.3.37 to 5.3.39
  • Additional commits viewable in compare view

Updates com.amazonaws:aws-java-sdk-s3 from 1.12.772 to 1.12.773

Commits
  • d66231a AWS SDK for Java 1.12.773
  • ca3968c Merge pull request #3150 from aws/hdavidh/update-changelog-account-id-endpoints
  • 9b53414 Update changelog for Account ID endpoints
  • 81f205c Update GitHub version number to 1.12.773-SNAPSHOT
  • See full diff in compare view

Updates org.junit.vintage:junit-vintage-engine from 5.11.1 to 5.11.2

Release notes

Sourced from org.junit.vintage:junit-vintage-engine's releases.

JUnit 5.11.2 = Platform 1.11.2 + Jupiter 5.11.2 + Vintage 5.11.2

See Release Notes.

Full Changelog: junit-team/junit5@r5.11.1...r5.11.2

Commits
  • 5b1a6d1 Release 5.11.2
  • b7816b6 Finalize 5.11.2 release notes
  • f8e22c7 Finalize 5.10.5 release notes
  • 8e63938 Remove reference to 5.10.4 in 5.11.2 release notes
  • 7e9d728 Document #4043 in 5.10.5 release notes
  • c11f224 Create initial 5.10.5 release notes from template
  • ab94140 Fix global read-write lock handling when not declared on top level
  • 9658fac Add initial 5.11.2 release notes from template
  • 5f52ced Fix link to milestone page
  • 558f480 Back to snapshots for further development
  • See full diff in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.1

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

Commits
  • a69b0f8 [maven-release-plugin] prepare release surefire-3.5.1
  • ccc54d0 [SUREFIRE-2273] Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#784)
  • ab77c35 [SUREFIRE-2272] Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.3.0 - JD...
  • 93317ff [SUREFIRE-2269] Allow fail during clean in surefire-its
  • d7f4dbb [SUREFIRE-2270] Use JUnit5 in surefire-shadefire
  • 7a98850 Drop comment from jira integration
  • b2aa8a6 [SUREFIRE-2267] Packages for commons-codec should be relocated in surefire-sh...
  • a928255 [SUREFIRE-1737] Fix disable in statelessTestsetReporter
  • 4584ebb [SUREFIRE-2226] Upgrade to Maven Verifier 2.0.0-M1
  • 5aa3515 [SUREFIRE-2266] Execute ITs in parallel
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.0 to 3.5.1

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

Commits
  • a69b0f8 [maven-release-plugin] prepare release surefire-3.5.1
  • ccc54d0 [SUREFIRE-2273] Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#784)
  • ab77c35 [SUREFIRE-2272] Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.3.0 - JD...
  • 93317ff [SUREFIRE-2269] Allow fail during clean in surefire-its
  • d7f4dbb [SUREFIRE-2270] Use JUnit5 in surefire-shadefire
  • 7a98850 Drop comment from jira integration
  • b2aa8a6 [SUREFIRE-2267] Packages for commons-codec should be relocated in surefire-sh...
  • a928255 [SUREFIRE-1737] Fix disable in statelessTestsetReporter
  • 4584ebb [SUREFIRE-2226] Upgrade to Maven Verifier 2.0.0-M1
  • 5aa3515 [SUREFIRE-2266] Execute ITs in parallel
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-modules group in /sda-sftp-inbox with 5 updates
e48d8d3 
Bumps the all-modules group in /sda-sftp-inbox with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [org.apache.sshd:sshd-sftp](https://github.com/apache/mina-sshd) | `2.13.2` | `2.14.0` |
| [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) | `1.12.772` | `1.12.773` |
| [org.junit.vintage:junit-vintage-engine](https://github.com/junit-team/junit5) | `5.11.1` | `5.11.2` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.0` | `3.5.1` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.0` | `3.5.1` |


Updates `org.apache.sshd:sshd-sftp` from 2.13.2 to 2.14.0
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/mina-sshd@sshd-2.13.2...sshd-2.14.0)

Updates `com.amazonaws:aws-java-sdk-s3` from 1.12.772 to 1.12.773
- [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md)
- [Commits](aws/aws-sdk-java@1.12.772...1.12.773)

Updates `org.junit.vintage:junit-vintage-engine` from 5.11.1 to 5.11.2
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.11.1...r5.11.2)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.0 to 3.5.1
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.0...surefire-3.5.1)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.0 to 3.5.1
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.0...surefire-3.5.1)

---
updated-dependencies:
- dependency-name: org.apache.sshd:sshd-sftp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-modules
- dependency-name: com.amazonaws:aws-java-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-modules
- dependency-name: org.junit.vintage:junit-vintage-engine
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-modules
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-modules
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 7, 2024
@dependabot dependabot bot requested a review from a team October 7, 2024 19:08
@jbygdell jbygdell enabled auto-merge October 8, 2024 06:57
@jbygdell jbygdell added this pull request to the merge queue Oct 8, 2024
Merged via the queue into main with commit 45997a0 Oct 8, 2024
21 checks passed
@jbygdell jbygdell deleted the dependabot/maven/sda-sftp-inbox/all-modules-09e7d21116 branch October 8, 2024 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaperis aaperis aaperis approved these changes

@jbygdell jbygdell jbygdell approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jbygdell @aaperis