Skip to content

Commit

Permalink
Merge branch 'main' into kunli/kotlin-autodetect
Browse files Browse the repository at this point in the history
  • Loading branch information
timtebeek authored Sep 22, 2023
2 parents 7fb61c4 + 09942e1 commit 387c679
Show file tree
Hide file tree
Showing 7 changed files with 42 additions and 23 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: temurin
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
url: ${{steps.deployment.outputs.page_url}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: temurin
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-java@v3
Expand Down
12 changes: 6 additions & 6 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>5.5.0-SNAPSHOT</version>
<version>5.6.0-SNAPSHOT</version>
<name>rewrite-maven-plugin</name>

<packaging>maven-plugin</packaging>
Expand Down Expand Up @@ -80,8 +80,8 @@

<properties>
<!-- Pinned versions, as RELEASE would make it into the published pom.xml -->
<rewrite.version>8.2.0-SNAPSHOT</rewrite.version>
<rewrite.python.version>1.1.0-SNAPSHOT</rewrite.python.version>
<rewrite.version>8.6.0-SNAPSHOT</rewrite.version>
<rewrite.python.version>1.2.0-SNAPSHOT</rewrite.python.version>
<rewrite.kotlin.version>1.4.0-SNAPSHOT</rewrite.kotlin.version>

<!-- using 'ssh' url scheme by default, which assumes a human is performing git operations leveraging an ssh key -->
Expand All @@ -96,7 +96,7 @@
<!-- dependencies and plugins -->
<jackson-bom.version>2.15.2</jackson-bom.version>
<netty.version>4.1.94.Final</netty.version>
<rocksdbjni.version>8.3.2</rocksdbjni.version>
<rocksdbjni.version>8.5.3</rocksdbjni.version>
<rsocket.version>1.1.4</rsocket.version>
<itf-maven.version>0.12.0</itf-maven.version>
<maven-dependencies.version>3.9.4</maven-dependencies.version>
Expand Down Expand Up @@ -239,7 +239,7 @@
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-core</artifactId>
<version>1.11.3</version>
<version>1.11.4</version>
</dependency>
<dependency>
<groupId>io.rsocket</groupId>
Expand Down Expand Up @@ -464,7 +464,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.5.0</version>
<version>3.6.0</version>
<configuration>
<source>${java.version}</source>
</configuration>
Expand Down
21 changes: 12 additions & 9 deletions src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -122,20 +122,23 @@ protected Set<String> getPlainTextMasks() {
"**/META-INF/services/**",
"**/META-INF/spring.factories",
"**/META-INF/spring/**",
"**/.gitignore",
"**/.gitattributes",
"**/.java-version",
"**/.sdkmanrc",
"**/*.sh",
"**/*.bash",
"**/*.bat",
"**/*.ksh",
"**/*.txt",
"**/CODEOWNERS",
"**/*.config",
"**/Dockerfile",
"**/.gitattributes",
"**/.gitignore",
"**/.java-version",
"**/Jenkinsfile",
"**/*.jsp",
"**/*.ksh",
"**/*.md",
"**/*.qute.java",
"**/.sdkmanrc",
"**/*.sh",
"**/*.sql",
"**/Dockerfile",
"**/Jenkinsfile"
"**/*.txt"
));
} else {
Set<String> masks = toSet(rewritePlainTextMasks);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,9 @@ public class MavenLoggingMeterRegistry extends MeterRegistry {
public MavenLoggingMeterRegistry(Log log) {
super(Clock.SYSTEM);
this.log = log;
}

}

@Override
public void close() {
getMeters().stream()
.sorted((m1, m2) -> {
Expand Down
21 changes: 18 additions & 3 deletions suppressions.xml
Original file line number Diff line number Diff line change
@@ -1,27 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress until="2023-08-21Z">
<suppress until="2023-10-06Z">
<notes><![CDATA[
file name: jackson-databind-2.15.2.jar
This is not a really valid CVE and not really exploitable as Java code needs to be modified: https://github.com/FasterXML/jackson-databind/issues/3972
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
<suppress until="2023-08-21Z">
<suppress until="2023-10-06Z">
<notes><![CDATA[
file name: jackson-databind-2.15.2.jar
The CVE https://nvd.nist.gov/vuln/detail/CVE-2019-3826 does not actually pertain to the Micrometer Prometheus client, but Prometheus itself
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.micrometer\.prometheus/prometheus\-rsocket\-client@.*$</packageUrl>
<cve>CVE-2019-3826</cve>
</suppress>
<suppress until="2023-08-28Z">
<suppress until="2023-10-06Z">
<notes><![CDATA[
file name: guava-31.1-jre.jar
Reverted in https://github.com/openrewrite/rewrite-python/commit/f487df7dabb8588ae2edb17e31ff7b8ba3ffc133 because Guava 32 introduces gradle module metadata which causes downstream breakage in build plugins.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/[email protected]$</packageUrl>
<cve>CVE-2023-2976</cve>
</suppress>
<suppress until="2023-10-06Z">
<notes><![CDATA[
file name: guava-31.1-jre.jar
Reverted in https://github.com/openrewrite/rewrite-python/commit/f487df7dabb8588ae2edb17e31ff7b8ba3ffc133 because Guava 32 introduces gradle module metadata which causes downstream breakage in build plugins.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<cve>CVE-2020-8908</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<vulnerabilityName>CVE-2023-4759</vulnerabilityName>
</suppress>
</suppressions>

0 comments on commit 387c679

Please sign in to comment.