Releases: creek-service/creek-json-schema
Releases · creek-service/creek-json-schema
v0.4.1
What's Changed
Dependency Updates
- Bump com.diffplug.spotless:spotless-plugin-gradle from 6.16.0 to 6.17.0 by @dependabot in #142
- Bump gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin from 2.12.0 to 2.12.2 by @dependabot in #139
- Bump org.mockito:mockito-junit-jupiter from 5.1.1 to 5.2.0 by @dependabot in #141
- Bump org.jetbrains.kotlin.jvm from 1.7.22 to 1.8.10 by @dependabot in #122
- Bump kotlinVersion from 1.7.22 to 1.8.10 by @dependabot in #128
- Bump pl.allegro.tech.build.axion-release from 1.14.4 to 1.15.0 by @dependabot in #152
- Bump com.github.spotbugs.snom:spotbugs-gradle-plugin from 5.0.13 to 5.0.14 by @dependabot in #156
- Bump kotlinVersion from 1.8.10 to 1.8.20 by @dependabot in #155
- Bump org.jetbrains.kotlin.jvm from 1.8.10 to 1.8.20 by @dependabot in #157
- Bump com.gradle.publish:plugin-publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #158
- Bump info.picocli:picocli from 4.7.1 to 4.7.3 by @dependabot in #159
- Bump org.junit-pioneer:junit-pioneer from 2.0.0 to 2.0.1 by @dependabot in #160
- Bump com.diffplug.spotless:spotless-plugin-gradle from 6.17.0 to 6.18.0 by @dependabot in #162
- Bump org.mockito:mockito-junit-jupiter from 5.2.0 to 5.3.0 by @dependabot in #161
- Bump creekVersion from 0.4.1-SNAPSHOT to 0.4.1 by @dependabot in #163
- Bump org.mockito:mockito-junit-jupiter from 5.3.0 to 5.3.1 by @dependabot in #164
Less Exciting Things
- Update Gradle and use toolchains by @big-andy-coates in #147
Full Changelog: v0.4.0...v0.4.1
Contributors
big-andy-coates and dependabot
Assets 2
v0.4.0
What's Changed
Dependency Updates
- Bump io.github.gradle-nexus:publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #134
- Bump com.diffplug.spotless:spotless-plugin-gradle from 6.15.0 to 6.16.0 by @dependabot in #133
- Bump io.github.classgraph:classgraph from 4.8.154 to 4.8.155 by @dependabot in #135
- Bump log4jVersion from 2.19.0 to 2.20.0 by @dependabot in #132
- Bump io.github.classgraph:classgraph from 4.8.155 to 4.8.157 by @dependabot in #140
- Bump io.github.gradle-nexus:publish-plugin from 1.2.0 to 1.3.0 by @dependabot in #143
Full Changelog: v0.3.2...v0.4.0
Contributors
dependabot
Assets 2
v0.3.2
What's Changed
Dependency Updates
- Bump org.mockito:mockito-junit-jupiter from 5.1.0 to 5.1.1 by @dependabot in #118
- Update transitive dependencies with security vulnerabilities by @big-andy-coates in #121
- Bump org.junit-pioneer:junit-pioneer from 1.9.1 to 2.0.0 by @dependabot in #124
- Bump com.diffplug.spotless:spotless-plugin-gradle from 6.14.0 to 6.14.1 by @dependabot in #123
- Bump pl.allegro.tech.build.axion-release from 1.14.3 to 1.14.4 by @dependabot in #126
- Bump com.diffplug.spotless:spotless-plugin-gradle from 6.14.1 to 6.15.0 by @dependabot in #127
- Bump creekVersion from 0.3.2-SNAPSHOT to 0.3.2 by @dependabot in #129
Full Changelog: v0.3.1...v0.3.2
Contributors
big-andy-coates and dependabot
Assets 2
v0.3.1
What's Changed
Exciting New Features 🎉
- Install FindSecBugs by @big-andy-coates in #108
Dependency Updates
- Bump junitVersion from 5.9.1 to 5.9.2 by @dependabot in #99
- Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #100
- Bump org.jetbrains.kotlin.jvm from 1.7.22 to 1.8.0 by @dependabot in #88
- Bump schema-lib from 2.13.1 to 2.13.10 by @big-andy-coates in #102
- Bump mockito-junit-jupiter from 4.11.0 to 5.0.0 by @dependabot in #106
- Bump github/codeql-action from 2.1.38 to 2.2.0 by @dependabot in #103
- Bump spotless-plugin-gradle from 6.12.1 to 6.13.0 by @dependabot in #104
- Bump Kotlin libraries to
1.7.22by @big-andy-coates in #109 - Bump picocli from 4.7.0 to 4.7.1 by @dependabot in #111
- Bump spotless-plugin-gradle from 6.13.0 to 6.14.0 by @dependabot in #110
- Bump jacksonVersion from 2.14.1 to 2.14.2 by @dependabot in #112
- Bump creekVersion from 0.3.1-SNAPSHOT to 0.3.1 by @dependabot in #114
- Bump org.mockito:mockito-junit-jupiter from 5.0.0 to 5.1.0 by @dependabot in #115
- Bump com.github.spotbugs:spotbugs-annotations from 4.6.0 to 4.7.3 by @dependabot in #116
Known security vulnerabilities in dependencies
At the time of release the following known security vulnerabilities existing in dependencies of the released Creek jars:
Snake YAML's Deserialization of Untrusted Data
See CVE-2022-1471 & GHSA-mjmj-j48q-9wg2.
At the time of writing, this was marked with High / Critical priority. However, if you read up on the
vulnerability,
you'll see the vulnerability is that the deserializer allows instantiation or arbitrary types, and this
can lead to remote code execution if you're parsing YAML from an untrustworthy source, e.g. text submitted
from a form on a website.
This is not an issue for Creek, as all YAML being deserialized is from a trusted source, i.e. you, the
user, running Creek system tests written in YAML.
SnakeYaml isn't used directly by Creek. Creek makes use of it via Jackson. Fixing this (none) issue in Creek is not currently possible.
Jackson core's Uncontrolled Resource Consumption
See sonatype-2022-6438.
At the time of writing, this is marked with High priority. However, if you
read up on this vulnerability, this is also about parsing
data from untrustworthy source.
This is not an issue for Creek, as all data being deserialized is from a trusted source, i.e. you, the
user, running Creek system tests written in YAML.
There is already a fix in Jackson. Creek will update to 2.15.0
of Jackson when it is released.
Full Changelog: v0.3.0...v0.3.1
Contributors
big-andy-coates and dependabot
Assets 2
v0.3.0
What's Changed
Exciting New Features 🎉
- Security Scorecards integration by @big-andy-coates in #91
Dependency Updates
- Bump junit-pioneer from 1.7.1 to 1.7.2 by @dependabot in #79
- Bump org.jetbrains.kotlin.jvm from 1.7.20 to 1.7.21 by @dependabot in #78
- Bump kotlin-stdlib-jdk8 from 1.7.20 to 1.7.21 by @dependabot in #77
- Bump org.jetbrains.kotlin.jvm from 1.7.21 to 1.7.22 by @dependabot in #84
- Bump plugin-publish-plugin from 1.0.0 to 1.1.0 by @dependabot in #83
- Bump jacksonVersion from 2.14.0 to 2.14.1 by @dependabot in #82
- Bump pl.allegro.tech.build.axion-release from 1.14.2 to 1.14.3 by @dependabot in #81
- Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #86
- Bump classgraph from 4.8.149 to 4.8.153 by @dependabot in #89
- Bump junit-pioneer from 1.7.2 to 1.9.1 by @dependabot in #90
- Bump mockito-junit-jupiter from 4.8.1 to 4.11.0 by @dependabot in #87
- Bump spotless-plugin-gradle from 6.11.0 to 6.12.1 by @big-andy-coates in #92
- Bump kotlin-stdlib-jdk8 from 1.7.21 to 1.8.0 by @dependabot in #94
- Bump classgraph from 4.8.153 to 4.8.154 by @dependabot in #95
- Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by @dependabot in #93
- Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #96
- Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #97
Full Changelog: v0.2.0...v0.3.0
Contributors
big-andy-coates and dependabot
Assets 2
v0.2.0
What's Changed
Dependency Updates
- Bump com.diffplug.spotless from 6.5.1 to 6.5.2 by @dependabot in #15
- Bump classgraph from 4.8.143 to 4.8.146 by @dependabot in #24
- Bump com.diffplug.spotless from 6.5.2 to 6.6.1 by @dependabot in #26
- Bump jacksonVersion from 2.13.2 to 2.13.3 by @dependabot in #21
- Bump kotlin-stdlib-jdk8 from 1.5.31 to 1.6.21 by @dependabot in #22
- Bump org.jetbrains.kotlin.jvm from 1.5.31 to 1.6.21 by @dependabot in #23
- Bump org.javamodularity.moduleplugin from 1.8.10 to 1.8.11 by @dependabot in #28
- Bump pl.allegro.tech.build.axion-release from 1.13.6 to 1.13.9 by @dependabot in #30
- Bump mockito-junit-jupiter from 4.5.1 to 4.6.0 by @dependabot in #31
- Bump classgraph from 4.8.146 to 4.8.147 by @dependabot in #32
- Bump junit-pioneer from 1.7.0 to 1.7.1 by @dependabot in #33
- Bump com.diffplug.spotless from 6.6.1 to 6.7.0 by @dependabot in #34
- Bump pl.allegro.tech.build.axion-release from 1.13.9 to 1.13.14 by @dependabot in #36
- Bump mockito-junit-jupiter from 4.6.0 to 4.6.1 by @dependabot in #35
- Bump com.diffplug.spotless from 6.7.0 to 6.7.2 by @dependabot in #38
- Bump kotlin-stdlib-jdk8 from 1.6.21 to 1.7.0 by @dependabot in #40
- Bump com.github.spotbugs from 5.0.6 to 5.0.9 by @dependabot in #41
- Bump com.diffplug.spotless from 6.7.2 to 6.8.0 by @dependabot in #43
- Bump log4jVersion from 2.17.2 to 2.18.0 by @dependabot in #42
- Bump kotlin-stdlib-jdk8 from 1.7.0 to 1.7.10 by @dependabot in #46
- Bump classgraph from 4.8.147 to 4.8.149 by @dependabot in #45
- Bump pl.allegro.tech.build.axion-release from 1.13.14 to 1.14.0 by @dependabot in #49
- Bump junitVersion from 5.8.2 to 5.9.0 by @dependabot in #48
- Bump org.javamodularity.moduleplugin from 1.8.11 to 1.8.12 by @dependabot in #50
- Bump com.diffplug.spotless from 6.8.0 to 6.9.1 by @dependabot in #51
- Bump mockito-junit-jupiter from 4.6.1 to 4.7.0 by @dependabot in #52
- Bump org.jetbrains.kotlin.jvm from 1.6.21 to 1.7.10 by @dependabot in #44
- Bump com.diffplug.spotless from 6.9.1 to 6.10.0 by @dependabot in #53
- Bump com.github.spotbugs from 5.0.9 to 5.0.10 by @dependabot in #54
- Bump com.github.spotbugs from 5.0.10 to 5.0.11 by @dependabot in #56
- Bump jacksonVersion from 2.13.3 to 2.13.4 by @dependabot in #55
- Bump mockito-junit-jupiter from 4.7.0 to 4.8.0 by @dependabot in #58
- Bump com.github.spotbugs from 5.0.11 to 5.0.12 by @dependabot in #57
- Bump pl.allegro.tech.build.axion-release from 1.14.0 to 1.14.1 by @dependabot in #59
- Bump log4jVersion from 2.18.0 to 2.19.0 by @dependabot in #60
- Bump com.diffplug.spotless from 6.10.0 to 6.11.0 by @dependabot in #61
- Bump junitVersion from 5.9.0 to 5.9.1 by @dependabot in #62
- Bump pl.allegro.tech.build.axion-release from 1.14.1 to 1.14.2 by @dependabot in #65
- Bump org.jetbrains.kotlin.jvm from 1.7.10 to 1.7.20 by @dependabot in #63
- Bump kotlin-stdlib-jdk8 from 1.7.10 to 1.7.20 by @dependabot in #64
- Bump actions/checkout from 2 to 3 by @dependabot in #68
- Bump mockito-junit-jupiter from 4.8.0 to 4.8.1 by @dependabot in #70
- Bump com.github.spotbugs from 5.0.12 to 5.0.13 by @dependabot in #69
- Bump picocli from 4.6.3 to 4.7.0 by @dependabot in #73
Less Exciting Things
- Enable Snapshots and change domain by @big-andy-coates in #14
- Echo class and module path and standardize parameter name by @big-andy-coates in #16
- Add a basic schema generator by @big-andy-coates in #18
- Add debugging option for functional tests by @big-andy-coates in #19
- Add subtype scanning module filter and add common
TypeScanningtype. by @big-andy-coates in #20 - build occasionally by @big-andy-coates in #27
- Upgrade SLF4J by @big-andy-coates in #66
- Fix logging by @big-andy-coates in #67
- CodeQL by @big-andy-coates in #71
- Release prep: update to new release conventions by @big-andy-coates in #75
Full Changelog: v0.1.6...v0.2.0
Contributors
big-andy-coates and dependabot