2e53f9a1b8
Bump google-api-client from 1.30.10 to 1.34.0 in /plugins/repository-gcs ( #3161 )
...
* Bump google-api-client from 1.30.10 to 1.34.0 in /plugins/repository-gcs
Bumps [google-api-client](https://github.com/googleapis/google-api-java-client ) from 1.30.10 to 1.34.0.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases )
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.30.10...v1.34.0 )
---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
* Add missing classes to third party audit
Signed-off-by: Andrew Ross <andrross@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Ross <andrross@amazon.com>
2022-05-04 17:18:30 -05:00
1b2f154a92
Bump gax-httpjson from 0.62.0 to 0.101.0 in /plugins/repository-gcs ( #3058 )
...
* Bump gax-httpjson from 0.62.0 to 0.101.0 in /plugins/repository-gcs
Bumps [gax-httpjson](https://github.com/googleapis/gax-java ) from 0.62.0 to 0.101.0.
- [Release notes](https://github.com/googleapis/gax-java/releases )
- [Changelog](https://github.com/googleapis/gax-java/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/gax-java/commits )
---
updated-dependencies:
- dependency-name: com.google.api:gax-httpjson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
* Added ignoreMissingClasses configuration for gax classes
Signed-off-by: Kartik Ganesh <gkart@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kartik Ganesh <gkart@amazon.com>
2022-05-03 10:09:55 -07:00
ca102ea209
Bump grpc-context from 1.29.0 to 1.45.1 in /plugins/repository-gcs ( #2944 )
...
* Bump grpc-context from 1.29.0 to 1.45.1 in /plugins/repository-gcs
Bumps [grpc-context](https://github.com/grpc/grpc-java ) from 1.29.0 to 1.45.1.
- [Release notes](https://github.com/grpc/grpc-java/releases )
- [Commits](https://github.com/grpc/grpc-java/compare/v1.29.0...v1.45.1 )
---
updated-dependencies:
- dependency-name: io.grpc:grpc-context
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-18 12:25:14 -07:00
7dd171d48a
Bump protobuf-java-util from 3.19.3 to 3.20.0 in /plugins/repository-gcs ( #2834 )
...
* Bump protobuf-java-util from 3.19.3 to 3.20.0 in /plugins/repository-gcs
Bumps [protobuf-java-util](https://github.com/protocolbuffers/protobuf ) from 3.19.3 to 3.20.0.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py )
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.19.3...v3.20.0 )
---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java-util
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-11 11:50:03 -04:00
b5d5616d44
Update commons-logging to 1.2 ( #2806 )
...
* Upgrade to Apache Commons Logging 1.2
Signed-off-by: Yoann Rodière <yoann@hibernate.org>
* Clarify that Apache HTTP/commons-* dependencies are not just for tests
Signed-off-by: Yoann Rodière <yoann@hibernate.org>
2022-04-08 16:43:51 -04:00
f9ca90eb88
Bump proto-google-common-protos from 1.16.0 to 2.8.0 in /plugins/repository-gcs ( #2738 )
...
* Bump proto-google-common-protos in /plugins/repository-gcs
Bumps [proto-google-common-protos](https://github.com/googleapis/java-iam ) from 1.16.0 to 2.8.0.
- [Release notes](https://github.com/googleapis/java-iam/releases )
- [Changelog](https://github.com/googleapis/java-iam/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/java-iam/commits )
---
updated-dependencies:
- dependency-name: com.google.api.grpc:proto-google-common-protos
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-04 09:25:16 -07:00
0216ab2435
Bump google-oauth-client from 1.31.0 to 1.33.1 in /plugins/repository-gcs ( #2616 )
...
* Bump google-oauth-client in /plugins/repository-gcs
Bumps [google-oauth-client](https://github.com/googleapis/google-oauth-java-client ) from 1.31.0 to 1.33.1.
- [Release notes](https://github.com/googleapis/google-oauth-java-client/releases )
- [Changelog](https://github.com/googleapis/google-oauth-java-client/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/google-oauth-java-client/compare/v1.31.0...v1.33.1 )
---
updated-dependencies:
- dependency-name: com.google.oauth-client:google-oauth-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-03-28 12:44:43 -05:00
bb748e0a1b
Bump gson from 2.8.9 to 2.9.0 in /plugins/repository-gcs ( #2550 )
...
* Bump gson from 2.8.9 to 2.9.0 in /plugins/repository-gcs
Bumps [gson](https://github.com/google/gson ) from 2.8.9 to 2.9.0.
- [Release notes](https://github.com/google/gson/releases )
- [Changelog](https://github.com/google/gson/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/gson/compare/gson-parent-2.8.9...gson-parent-2.9.0 )
---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-03-21 18:27:24 -07:00
42aa7ab68a
Bump google-cloud-core from 1.93.3 to 2.5.10 in /plugins/repository-gcs ( #2536 )
...
Bumps [google-cloud-core](https://github.com/googleapis/java-core ) from 1.93.3 to 2.5.10.
- [Release notes](https://github.com/googleapis/java-core/releases )
- [Changelog](https://github.com/googleapis/java-core/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/java-core/compare/v1.93.3...v2.5.10 )
---
updated-dependencies:
- dependency-name: com.google.cloud:google-cloud-core
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Vacha Shah <vachshah@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vacha Shah <vachshah@amazon.com>
2022-03-21 18:46:53 -05:00
8b8d04173c
Update protobuf-java to 3.19.3 ( #1945 )
...
* Update protobuf-java to 3.19.3
Signed-off-by: Tianli Feng <ftl94@live.com>
* Exclude some API usage violations in the package com.google.protobuf for thirdPartyAudit task to pass
Signed-off-by: Tianli Feng <ftl94@live.com>
2022-01-20 11:05:28 -08:00
65804d25a6
Update to log4j 2.17.1 ( #1820 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2021-12-28 17:06:42 -05:00
ca27c8fd4f
Update to log4j 2.17.0 ( #1771 )
2021-12-18 09:36:59 -08:00
6db435412b
Upgrade to log4j 2.16.0 ( #1721 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2021-12-14 07:34:45 -05:00
309649ce8a
Upgrade to logj4 2.15.0 ( #1698 )
...
Signed-off-by: Andrew Ross <andrross@amazon.com>
2021-12-10 13:03:41 -08:00
e0e6995c4a
Updating Log4j to 2.11.2 ( #1696 )
...
Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
2021-12-10 08:03:45 -08:00
bcfb57c06a
Upgrade dependency ( #1571 )
...
* Upgrading guava, commons-io and apache-ant dependencies
Signed-off-by: Vacha <vachshah@amazon.com>
* Adding failureaccess since guava needs it
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-18 13:38:49 -05:00
c6dd484ce3
Upgrading gson to 2.8.9 ( #1541 )
...
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-15 14:10:29 -05:00
50abf6d066
[CVE] Upgrade dependencies to mitigate CVEs ( #657 )
...
This PR upgrade the following dependencies to fix CVEs.
- commons-codec:1.12 (->1.13) apache/commons-codec@48b6157
- ant:1.10.8 (->1.10.9) https://ant.apache.org/security.html
- jackson-databind:2.10.4 (->2.11.0) FasterXML/jackson-databind#2589
- jackson-dataformat-cbor:2.10.4 (->2.11.0) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
- apache-httpclient:4.5.10 (->4.5.13) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956
- checkstyle:8.20 (->8.29) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10782
- junit:4.12 (->4.13.1) https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
- netty:4.1.49.Final (->4.1.59) https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
Signed-off-by: Rabi Panda <adnapibar@gmail.com>
2021-05-18 11:37:24 -07:00
6550e099b3
[CVE-2020-7692] Upgrade google-oauth clients for goolge cloud plugins ( #662 )
...
For discovery-gce and repository-gcs plugins update the google-oauth-client library to version 1.31.0. See CVE details at https://nvd.nist.gov/vuln/detail/CVE-2020-7692
Signed-off-by: Rabi Panda <adnapibar@gmail.com>
2021-05-13 12:19:57 -07:00
83ec8dd4e2
Upgrade GCS SDK to 1.113.1 ( #62848 ) ( #62864 )
...
Just staying on top of upgrades to the SDK and its dependencies.
2020-09-24 15:43:21 +02:00
d9d11f6d16
Remove Unused Apache Http Dependency from GCS Repo Plugin ( #54331 ) ( #54342 )
...
We are not using the Apache HTTP client backed http transport
with the GCS repo. Same as with the app engine type transport
we can save ourselves the dependency on the http client here
and ignore the missing classes.
2020-03-27 15:10:19 +01:00
70b378cd1b
Upgrade GCS Dependency to 1.106.0 ( #54092 ) ( #54112 )
...
* Upgrade GCS Dependency to 1.106.0 (#54092 )
Upgrading GCS Dep + related dependencies as it seems some more retry bugs were fixed between .104 and .106
2020-03-25 19:05:01 +01:00
204c366a4e
Upgrade GCS SDK to 1.104.0 ( #52839 ) ( #53152 )
...
Upgrading the GCS SDK to the most recent version.
Adjusting (i.e. improving) the REST mock accordingly.
This should significantly boost performance by pulling in
https://github.com/googleapis/java-core/issues/86 in some cases.
2020-03-05 11:18:18 +01:00
e57756492a
Update http-core and http-client dependencies ( #46549 )
...
Relates to #45808
Closes #45577
2019-09-12 09:45:29 +02:00
21e74dd7d2
Upgrade GCS Repository Dependencies ( #43142 ) ( #43418 )
...
* Upgrade to latest GCS SDK and transitive dependencies (I chose the later version here on conflict)
* Remove now unnecessary hack for custom endpoints (the linked bugs were both resolved in the SDK)
2019-06-20 16:35:54 +02:00
371cb9a8ce
Remove Log4j 1.2 API as a dependency ( #42702 )
...
We had this as a dependency for legacy dependencies that still needed
the Log4j 1.2 API. This appears to no longer be necessary, so this
commit removes this artifact as a dependency.
To remove this dependency, we had to fix a few places where we were
accidentally relying on Log4j 1.2 instead of Log4j 2 (easy to do, since
both APIs were on the compile-time classpath).
Finally, we can remove our custom Netty logger factory. This was needed
when we were on Log4j 1.2 and handled logging in our own unique
way. When we migrated to Log4j 2 we could have dropped this
dependency. However, even then Netty would still pick up Log4j 1.2 since
it was on the classpath, thus the advantage to removing this as a
dependency now.
2019-05-30 16:08:07 -04:00
f34663282c
Update apache httpclient to version 4.5.8 ( #40875 )
...
This change updates our version of httpclient to version 4.5.8, which
contains the fix for HTTPCLIENT-1968, which is a bug where the client
started re-writing paths that contained encoded reserved characters
with their unreserved form.
2019-04-05 13:48:10 -06:00
b5ed039160
plugins/repository-gcs: Update google-cloud-storage/core to 1.59.0 ( #39748 )
...
* plugins/repository-gcs: Update google-cloud-storage /
google-cloud-core to 1.59.0
* plugins: Update sha1 for google-cloud-core & google-cloud-storage
2019-03-10 11:04:52 -04:00
54dbf9469c
Update httpclient for JDK 11 TLS engine ( #37994 )
...
The apache commons http client implementations recently released
versions that solve TLS compatibility issues with the new TLS engine
that supports TLSv1.3 with JDK 11. This change updates our code to
use these versions since JDK 11 is a supported JDK and we should
allow the use of TLSv1.3.
2019-01-30 14:24:29 -07:00
5df93218d5
SNAPSHOTS: Upgrade GCS Dependencies to 1.55.0 ( #36634 )
...
* Closes #35459
* Closes #35229
2018-12-14 13:24:29 +01:00
c5e5a97a34
Update Google Cloud Storage Library for Java ( #32940 )
...
This commit updated the google-cloud-storage library from version 1.28.0
to version 1.40.0.
2018-08-24 10:55:23 +02:00
3db1fe7afe
Remove version from license file name for GCS SDK ( #31221 )
...
Most of our license file names strip the version off the artifact name
when deducing the license filename. However, the version on the GCS SDK
(google-api-services-storage) does not match the usual format and
instead starts with a vee. This means that the license filename for this
license ended up carrying the version and we should not do that. This
commit adjusts the regex the deduces the license filename to account for
this case, and adjusts the google-api-services-storage license files
accordingly.
2018-06-08 21:19:16 -04:00
801973fa9f
Repository GCS plugin new client library ( #30168 )
...
This does away with the deprecated `com.google.api-client:google-api-client:1.23`
and replaces it with `com.google.cloud:google-cloud-storage:1.28.0`.
It also changes security permissions for the repository-gcs plugin.
2018-05-15 18:22:58 +03:00
50a2459adf
Update Google SDK to version 1.23 ( #27381 )
...
This commit updates the google-api-client library to version 1.23.0.
Related to #26636
2017-11-15 15:30:27 +01:00
118a14fbe3
Build: upgrade httpcore version to 4.4.5
...
Closes #19127
2016-07-19 15:11:40 +02:00
63c5b31449
update shas for httpclient and httpcore
2016-05-20 14:10:55 +02:00
35d3bdab84
Add Google Cloud Storage repository plugin
...
Closes #12880
2016-05-19 13:26:23 +02:00
dependabot[bot]
Yoann Rodière
Tianli Feng
Andriy Redko
Andrew Ross
Sarat Vemulapalli
Vacha
Rabi Panda
Armin Braun
Luca Cavanna
Jason Tedor
Jay Modi
David Emanuel Buchmann
Tanguy Leroux
Albert Zaharovits
javanna