Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump io.smallrye.config:smallrye-config from 3.4.4 to 3.10.2 in /jans-keycloak-integration #10309

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump io.smallrye.config:smallrye-config from 3.4.4 to 3.10.2 in /jans-keycloak-integration #10309

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 2, 2024
edited
Loading

Bumps io.smallrye.config:smallrye-config from 3.4.4 to 3.10.2.

Release notes

Sourced from io.smallrye.config:smallrye-config's releases.

3.10.2

  • #1259 Release 3.10.2
  • #1258 Release 3.10.2
  • #1257 Revert "Remove the generation of a comma separated value name for Collections in the YamlConfigSource (#1203)"
  • #1255 Use module-friendly bundle methods
  • #1253 Use module-friendly logger methods

3.10.1

  • #1252 Release 3.10.1
  • #1251 Validate mapping annotation only in SmallRyeConfigBuilder
  • #1250 Reduce allocations when generating default names
  • #1248 fix #1246: honor ConfigProperties.UNCONFIGURED_PREFIX again
  • #1247 Remove ConfigValuePropertiesConfigSource from docs
  • #1245 Bump io.smallrye.common:smallrye-common-bom from 2.7.0 to 2.8.0

3.10.0

  • #1244 Release 3.10.0
  • #1243 Release 3.10.0
  • #1242 Bump version.curator from 5.7.0 to 5.7.1
  • #1240 Bump kotlin.version from 2.0.20 to 2.0.21
  • #1239 Add @​ConfigMapping beanStyleGetter to enable / disable bean style getter names matching with configuration names
  • #1237 Bump org.ow2.asm:asm from 9.7 to 9.7.1
  • #1236 Rename ConfigClassWithPrefix to ConfigClass and use it in SmallRyeConfigBuilder
  • #1235 Bump version.smallrye.testing from 2.3.0 to 2.3.1
  • #1234 Bump io.smallrye.common:smallrye-common-bom from 2.4.0 to 2.7.0
  • #1233 Split release into two workflows
  • #1231 Slight optimization when looking up System properties
  • #1229 Bump io.fabric8:docker-maven-plugin from 0.45.0 to 0.45.1
  • #1226 Move local classes to inner to reduce the number of classes in the main package
  • #1224 Remove constructor arguments from examples
  • #1223 Fix docs of interceptor service registration
  • #1222 Bump io.smallrye:smallrye-parent from 45 to 46
  • #1220 Support a fixed list of Map keys statically @​WithKeys
  • #1218 Bump org.yaml:snakeyaml from 2.2 to 2.3
  • #1217 Cache profile prefixes
  • #1216 Avoid expensive exception and log when getValues fails lookup for indexed properties and fallbacks to comma
  • #1215 Check if profile file resources are in the location ClassLoader
  • #1214 Internal cleanup of AbstractLocationConfigSourceLoader
  • #1213 Reduce allocations of iterateNames
  • #1212 Improve mappings documentation
  • #1211 Avoid using string concatenation to forge impl name
  • #1210 Bump kotlin.version from 2.0.0 to 2.0.20
  • #1209 ConfigValue name consistent with PropertiesConfigSource
  • #1204 Search for indexed property names before flattened comma separated value name when loading Collections for CDI injection
  • #1203 Remove the generation of a comma separated value name for Collections in the YamlConfigSource
  • #1202 Search for indexed property names before flattened comma separated value name when loading Collections
  • #1201 Drop support for full YAML content in parent property names
  • #1200 Bump io.fabric8:docker-maven-plugin from 0.44.0 to 0.45.0
  • #1198 Update sample ordinal in custom.md
  • #1195 Bump zipp from 3.15.0 to 3.19.1 in /documentation

... (truncated)

Commits
  • a5d4dd9 [maven-release-plugin] prepare release 3.10.2
  • 50f2ecb Release 3.10.2 (#1259)
  • b350b16 Ensure coverage module is updated on release
  • e95749c Remove DumperOptions
  • 1841dbe Revert "Remove the generation of a comma separated value name for Collections...
  • 871478a Add coverage module to release to the version is also updated.
  • ff3c4d3 Use module-friendly bundle methods (#1255)
  • 029c88e Use module-friendly logger methods (#1253)
  • a13acb4 Update coverage version
  • 4d2670a [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from uprightech as a code owner December 2, 2024 11:49
@dependabot dependabot bot added java Pull requests that update Java code kind-dependencies Pull requests that update a dependency file labels Dec 2, 2024
@dependabot dependabot bot mentioned this pull request Dec 2, 2024
Closed
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 2, 2024
edited
Loading

DryRun Security Summary

The pull request updates the smallrye-config dependency version from 3.4.4 to 3.10.2 in the pom.xml file, which appears to be a routine update without immediate security implications.

Expand for full summary

Summary:

The code change in this pull request updates the version of the smallrye-config dependency from 3.4.4 to 3.10.2 in the pom.xml file of the jans-keycloak-integration project. From an application security perspective, this change is not directly related to any security vulnerabilities or concerns. The smallrye-config library is a configuration management library for Java applications, and the version bump is likely to address bug fixes, performance improvements, or feature additions. However, it's important to review dependency updates carefully, as they can sometimes introduce new vulnerabilities or breaking changes. In this case, the version change appears to be a minor update, and there are no known security issues with the smallrye-config library that would be addressed by this particular update. Overall, this code change seems to be a routine dependency update and does not raise any immediate application security concerns.

Files Changed:

  • jans-keycloak-integration/pom.xml: This file has been updated to change the version of the smallrye-config dependency from 3.4.4 to 3.10.2. This is a routine dependency update and does not introduce any obvious security vulnerabilities or concerns.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@dependabot dependabot bot force-pushed the dependabot/maven/jans-keycloak-integration/io.smallrye.config-smallrye-config-3.10.2 branch from cab8bde to 6ae5288 Compare December 6, 2024 09:52
@dependabot dependabot bot force-pushed the dependabot/maven/jans-keycloak-integration/io.smallrye.config-smallrye-config-3.10.2 branch from 6ae5288 to f73b136 Compare December 24, 2024 14:29
@moabu moabu force-pushed the dependabot/maven/jans-keycloak-integration/io.smallrye.config-smallrye-config-3.10.2 branch from f73b136 to 92ae0d3 Compare December 26, 2024 19:25
@moabu moabu force-pushed the main branch 2 times, most recently from 5126af2 to aa1b2ed Compare December 27, 2024 04:55
@moabu moabu force-pushed the dependabot/maven/jans-keycloak-integration/io.smallrye.config-smallrye-config-3.10.2 branch from 92ae0d3 to 9425801 Compare December 27, 2024 04:55
@dependabot
chore(deps): bump io.smallrye.config:smallrye-config
943c251 
Bumps [io.smallrye.config:smallrye-config](https://github.com/smallrye/smallrye-config) from 3.4.4 to 3.10.2.
- [Release notes](https://github.com/smallrye/smallrye-config/releases)
- [Commits](smallrye/smallrye-config@3.4.4...3.10.2)

---
updated-dependencies:
- dependency-name: io.smallrye.config:smallrye-config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/jans-keycloak-integration/io.smallrye.config-smallrye-config-3.10.2 branch from 9425801 to 943c251 Compare December 27, 2024 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uprightech uprightech Awaiting requested review from uprightech uprightech is a code owner

@devrimyatar devrimyatar Awaiting requested review from devrimyatar

@duttarnab duttarnab Awaiting requested review from duttarnab

@iromli iromli Awaiting requested review from iromli

@jgomer2001 jgomer2001 Awaiting requested review from jgomer2001

@moabu moabu Awaiting requested review from moabu

@yurem yurem Awaiting requested review from yurem

@yuriyz yuriyz Awaiting requested review from yuriyz

@yuriyzz yuriyzz Awaiting requested review from yuriyzz

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
java Pull requests that update Java code kind-dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants