Skip to content

Releases: exasol/artifact-reference-checker-maven-plugin

0.4.3 Fix CVE-2024-47554 in commons-io:commons-io:jar:2.11.0:test

16 Dec 16:01
@github-actions github-actions
0.4.3
1c57722
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.4.3 Fix CVE-2024-47554 in commons-io:commons-io:jar:2.11.0:test Latest
Latest

This release updates dependencies to fix CVE-2024-47554 in commons-io:commons-io:jar:2.11.0:test.

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1

Test Dependency Updates

  • Updated com.exasol:maven-plugin-integration-testing:1.1.2 to 1.1.3
  • Updated com.exasol:maven-project-version-getter:1.2.0 to 1.2.1
  • Removed org.jacoco:org.jacoco.agent:0.8.8
  • Added org.junit.jupiter:junit-jupiter-api:5.11.3
  • Removed org.junit.jupiter:junit-jupiter-engine:5.8.2
  • Updated org.junit.jupiter:junit-jupiter-params:5.8.2 to 5.11.3
  • Updated org.slf4j:slf4j-jdk14:2.0.3 to 2.0.16

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 4.5.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.17
  • Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.13.0
  • Removed org.apache.maven.plugins:maven-dependency-plugin:3.3.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1 to 3.1.3
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.5.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.5.2
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.2.7
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.0 to 3.11.1
  • Updated org.apache.maven.plugins:maven-plugin-plugin:3.6.4 to 3.15.1
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.21.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.5.2
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.2.0
  • Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.6.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.18.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.12
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 5.0.0.4389
  • Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0
Assets 4
Loading

0.4.2: Upgrade dependencies

27 Oct 14:32
@redcatbear redcatbear
0.4.2
0feb2ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.4.2: Upgrade dependencies

Summary

Release 0.4.2 fixes situations where the artifact has a prefix. Before the fix it happened that the unify command overwrote the prefix and the artifact instead of only the artifact.

Instead of looking for any matching characters in variable replacements, only letters, numbers, dash, underscore and dot are accepted now. This resolves situations where words with any kind of separators (spaces, slashes, commas, etc.) were interpreted as part of the artifact name.

Note that due to the nature of the replacement mechanism, you can still construct situations in which prefixes are mistakenly changed, but that only happens if you have repetitions in the actual artifact name, which is very unlikely.

Bugfixes

  • #22: Updated dependencies to fix vulnerabilities
  • #24: Fixed handling of prefixes

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:0.4.1 to 1.0.0

Test Dependency Updates

  • Updated com.exasol:maven-plugin-integration-testing:1.1.1 to 1.1.2
  • Updated com.exasol:maven-project-version-getter:1.1.0 to 1.2.0
  • Removed junit:junit:4.13.2
  • Updated org.jacoco:org.jacoco.agent:0.8.7 to 0.8.8
  • Updated org.slf4j:slf4j-jdk14:1.7.36 to 2.0.3

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.0.0 to 1.2.0
  • Updated com.exasol:project-keeper-maven-plugin:1.3.4 to 2.8.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.0 to 3.10.1
  • Updated org.apache.maven.plugins:maven-dependency-plugin:2.8 to 3.3.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M2 to 3.0.0-M1
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M3 to 3.0.0-M5
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.3.2 to 3.4.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M3 to 3.0.0-M5
  • Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
  • Updated org.codehaus.mojo:versions-maven-plugin:2.9.0 to 2.10.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.7 to 0.8.8
  • Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
  • Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8 to 1.6.13
Assets 9
Loading

0.4.1: Dependency updates

25 Feb 09:00
@kaklakariada kaklakariada
0.4.1
6b169ae
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.4.1: Dependency updates

Bugfixes

  • #20: Fixed security issue in dependency

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:0.4.0 to 0.4.1
  • Removed org.apache.maven:maven-plugin-api:3.8.1
  • Removed org.apache.maven:maven-project:2.2.1

Runtime Dependency Updates

  • Removed org.jacoco:org.jacoco.agent:0.8.7

Test Dependency Updates

  • Updated com.exasol:maven-plugin-integration-testing:0.1.0 to 1.1.1
  • Updated com.exasol:maven-project-version-getter:0.1.0 to 1.1.0
  • Added org.jacoco:org.jacoco.agent:0.8.7
  • Updated org.junit.jupiter:junit-jupiter-engine:5.7.2 to 5.8.2
  • Updated org.junit.jupiter:junit-jupiter-params:5.7.2 to 5.8.2
  • Updated org.slf4j:slf4j-jdk14:1.7.31 to 1.7.36

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:0.5.0 to 1.0.0
  • Updated com.exasol:project-keeper-maven-plugin:0.9.0 to 1.3.4
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.13 to 0.15
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.8.1 to 3.10.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:2.7 to 3.0.0-M2
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3 to 3.0.0
  • Updated org.apache.maven.plugins:maven-gpg-plugin:1.6 to 3.0.1
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.2.0 to 3.3.2
  • Updated org.apache.maven.plugins:maven-plugin-plugin:3.6.0 to 3.6.4
  • Updated org.codehaus.mojo:versions-maven-plugin:2.7 to 2.9.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.5 to 0.8.7
  • Updated org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0 to 3.2.0
Assets 9
Loading

Shade Plugin Support

06 Jul 11:47
@jakobbraun jakobbraun
0.4.0
209ad46
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Shade Plugin Support

Features

  • #17: Added support for maven shade plugin

Dependency Updates

Compile Dependency Updates

  • Added com.exasol:error-reporting-java:0.4.0

Runtime Dependency Updates

  • Updated org.jacoco:org.jacoco.agent:0.8.5 to 0.8.7

Test Dependency Updates

  • Added junit:junit:4.13.2

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:0.1.1 to 0.5.0
  • Updated com.exasol:project-keeper-maven-plugin:0.7.3 to 0.9.0
Assets 5
Loading

Maintenance

22 Jun 15:45
@jakobbraun jakobbraun
0.3.2
e0685e5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Maintenance Pre-release
Pre-release

Summary

In this release we updated dependencies and project structure. By that we also fixed the transitive CVE-2020-15250.

Bug Fixes

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.maven:maven-plugin-api:3.6.3 to 3.8.1

Runtime Dependency Updates

  • Added org.jacoco:org.jacoco.agent:0.8.5

Test Dependency Updates

  • Added com.exasol:maven-plugin-integration-testing:0.1.0
  • Added com.exasol:maven-project-version-getter:0.1.0
  • Updated org.junit.jupiter:junit-jupiter-engine:5.6.2 to 5.7.2
  • Updated org.junit.jupiter:junit-jupiter-params:5.6.2 to 5.7.2
  • Removed org.junit.platform:junit-platform-runner:1.6.2
  • Updated org.slf4j:slf4j-jdk14:1.7.30 to 1.7.31
  • Removed org.testcontainers:junit-jupiter:1.14.3
  • Removed org.testcontainers:testcontainers:1.14.3

Plugin Dependency Updates

  • Added com.exasol:error-code-crawler-maven-plugin:0.1.1
  • Added com.exasol:project-keeper-maven-plugin:0.7.3
  • Added io.github.zlika:reproducible-build-maven-plugin:0.13
  • Added org.apache.maven.plugins:maven-dependency-plugin:2.8
  • Updated org.apache.maven.plugins:maven-surefire-plugin:2.12.4 to 3.0.0-M3
  • Added org.jacoco:jacoco-maven-plugin:0.8.5
  • Added org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8
Assets 5
Loading

Changed default phase to package

09 Sep 05:44
@jakobbraun jakobbraun
0.3.1
4c82b3f
Compare
Choose a tag to compare
Changed default phase to package

Features / Enhancements

  • #12 Changes default phase to package
Assets 3
Loading

Added file exclusions

08 Sep 08:54
@jakobbraun jakobbraun
0.3.0
b64175d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Added file exclusions

Summary

Added file exclusions

Features / Enhancements

  • #10 Added file exclusions
Assets 3
Loading

Added unifying

07 Sep 08:54
@jakobbraun jakobbraun
0.2.0
62ff014
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Added unifying

Summary

Added unifying

Features / Enhancements

  • #3 Added support for unifying versions
Assets 3
Loading

Initial implementation

04 Sep 12:50
@jakobbraun jakobbraun
0.1.0
e7879cf
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Initial implementation

Summary

Initial implementation

Features / Enhancements

  • #2 Implemented a maven plugin for validating artifact references
Assets 3
Loading