diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index d7a38b4..39612b7 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -13,6 +13,8 @@ on:
jobs:
linkChecker:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
defaults:
run:
shell: "bash"
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index 8886e10..e8302fe 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -15,7 +15,6 @@ jobs:
shell: "bash"
permissions:
contents: read
- checks: write # Allow scacap/action-surefire-report
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
@@ -35,9 +34,3 @@ jobs:
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
-Djava.version=17 \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
- - name: Publish Test Report for Java 17
- uses: scacap/action-surefire-report@v1
- if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- fail_if_no_tests: false
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index f400651..399b9b0 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -15,8 +15,7 @@ jobs:
shell: bash
}
permissions: {
- contents: read,
- checks: write
+ contents: read
}
concurrency: {
group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}',
diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
index 9f536ee..0fa7180 100644
--- a/.github/workflows/dependencies_update.yml
+++ b/.github/workflows/dependencies_update.yml
@@ -61,14 +61,6 @@ jobs:
env: {
CREATED_ISSUES: '${{ inputs.vulnerability_issues }}'
}
- - name: Project Keeper Fix
- id: project-keeper-fix
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- - name: Project Keeper Fix for updated Project Keeper version
- id: project-keeper-fix-2
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Generate Pull Request comment
id: pr-comment
run: |
@@ -81,7 +73,11 @@ jobs:
echo 'It updates dependencies.' >> "$GITHUB_OUTPUT"
fi
echo >> "$GITHUB_OUTPUT"
- echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT"
+ echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT"
+ echo '## Run PK fix manually' >> "$GITHUB_OUTPUT"
+ echo 'Due to restrictions workflow `dependencies_update.yml` cannot update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT"
+ echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT"
+ echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT"
echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT"
echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT"
echo 'EOF' >> "$GITHUB_OUTPUT"
diff --git a/dependencies.md b/dependencies.md
index b17e806..2a1ae5d 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -42,36 +42,37 @@
| [avro4s-core][43] | [MIT][22] |
| [Testcontainers :: Kafka][44] | [MIT][45] |
| [Joda-Time][46] | [Apache License, Version 2.0][5] |
+| [ClassGraph][47] | [The MIT License (MIT)][45] |
### Plugin Dependencies
| Dependency | License |
| ------------------------------------------------------- | --------------------------------------------- |
-| [SonarQube Scanner for Maven][47] | [GNU LGPL 3][48] |
-| [Apache Maven Toolchains Plugin][49] | [Apache License, Version 2.0][5] |
-| [Apache Maven Compiler Plugin][50] | [Apache-2.0][5] |
-| [Apache Maven Enforcer Plugin][51] | [Apache-2.0][5] |
-| [Maven Flatten Plugin][52] | [Apache Software Licenese][5] |
-| [org.sonatype.ossindex.maven:ossindex-maven-plugin][53] | [ASL2][14] |
-| [scala-maven-plugin][54] | [Public domain (Unlicense)][55] |
-| [ScalaTest Maven Plugin][56] | [the Apache License, ASL Version 2.0][19] |
-| [Apache Maven Javadoc Plugin][57] | [Apache-2.0][5] |
-| [Maven Surefire Plugin][58] | [Apache-2.0][5] |
-| [Versions Maven Plugin][59] | [Apache License, Version 2.0][5] |
-| [duplicate-finder-maven-plugin Maven Mojo][60] | [Apache License 2.0][11] |
-| [Apache Maven Assembly Plugin][61] | [Apache-2.0][5] |
-| [Apache Maven JAR Plugin][62] | [Apache License, Version 2.0][5] |
-| [Artifact reference checker and unifier][63] | [MIT License][64] |
-| [Maven Failsafe Plugin][65] | [Apache-2.0][5] |
-| [JaCoCo :: Maven Plugin][66] | [EPL-2.0][67] |
-| [error-code-crawler-maven-plugin][68] | [MIT License][69] |
-| [Reproducible Build Maven Plugin][70] | [Apache 2.0][14] |
-| [Project Keeper Maven plugin][71] | [The MIT License][72] |
-| [OpenFastTrace Maven Plugin][73] | [GNU General Public License v3.0][74] |
-| [Scalastyle Maven Plugin][75] | [Apache 2.0][11] |
-| [spotless-maven-plugin][76] | [The Apache Software License, Version 2.0][5] |
-| [scalafix-maven-plugin][77] | [BSD-3-Clause][78] |
-| [Exec Maven Plugin][79] | [Apache License 2][5] |
+| [SonarQube Scanner for Maven][48] | [GNU LGPL 3][49] |
+| [Apache Maven Toolchains Plugin][50] | [Apache-2.0][5] |
+| [Apache Maven Compiler Plugin][51] | [Apache-2.0][5] |
+| [Apache Maven Enforcer Plugin][52] | [Apache-2.0][5] |
+| [Maven Flatten Plugin][53] | [Apache Software Licenese][5] |
+| [org.sonatype.ossindex.maven:ossindex-maven-plugin][54] | [ASL2][14] |
+| [scala-maven-plugin][55] | [Public domain (Unlicense)][56] |
+| [ScalaTest Maven Plugin][57] | [the Apache License, ASL Version 2.0][19] |
+| [Apache Maven Javadoc Plugin][58] | [Apache-2.0][5] |
+| [Maven Surefire Plugin][59] | [Apache-2.0][5] |
+| [Versions Maven Plugin][60] | [Apache License, Version 2.0][5] |
+| [duplicate-finder-maven-plugin Maven Mojo][61] | [Apache License 2.0][11] |
+| [Apache Maven Assembly Plugin][62] | [Apache-2.0][5] |
+| [Apache Maven JAR Plugin][63] | [Apache-2.0][5] |
+| [Artifact reference checker and unifier][64] | [MIT License][65] |
+| [Maven Failsafe Plugin][66] | [Apache-2.0][5] |
+| [JaCoCo :: Maven Plugin][67] | [EPL-2.0][68] |
+| [error-code-crawler-maven-plugin][69] | [MIT License][70] |
+| [Reproducible Build Maven Plugin][71] | [Apache 2.0][14] |
+| [Project Keeper Maven plugin][72] | [The MIT License][73] |
+| [OpenFastTrace Maven Plugin][74] | [GNU General Public License v3.0][75] |
+| [Scalastyle Maven Plugin][76] | [Apache 2.0][11] |
+| [spotless-maven-plugin][77] | [The Apache Software License, Version 2.0][5] |
+| [scalafix-maven-plugin][78] | [BSD-3-Clause][79] |
+| [Exec Maven Plugin][80] | [Apache License 2][5] |
## Extension
@@ -79,7 +80,7 @@
| Dependency | License |
| ----------------------------------------- | ------- |
-| [@exasol/extension-manager-interface][80] | MIT |
+| [@exasol/extension-manager-interface][81] | MIT |
[0]: https://www.scala-lang.org/
[1]: https://www.apache.org/licenses/LICENSE-2.0
@@ -128,37 +129,38 @@
[44]: https://java.testcontainers.org
[45]: http://opensource.org/licenses/MIT
[46]: https://www.joda.org/joda-time/
-[47]: http://sonarsource.github.io/sonar-scanner-maven/
-[48]: http://www.gnu.org/licenses/lgpl.txt
-[49]: https://maven.apache.org/plugins/maven-toolchains-plugin/
-[50]: https://maven.apache.org/plugins/maven-compiler-plugin/
-[51]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
-[52]: https://www.mojohaus.org/flatten-maven-plugin/
-[53]: https://sonatype.github.io/ossindex-maven/maven-plugin/
-[54]: http://github.com/davidB/scala-maven-plugin
-[55]: http://unlicense.org/
-[56]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
-[57]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[58]: https://maven.apache.org/surefire/maven-surefire-plugin/
-[59]: https://www.mojohaus.org/versions/versions-maven-plugin/
-[60]: https://basepom.github.io/duplicate-finder-maven-plugin
-[61]: https://maven.apache.org/plugins/maven-assembly-plugin/
-[62]: https://maven.apache.org/plugins/maven-jar-plugin/
-[63]: https://github.com/exasol/artifact-reference-checker-maven-plugin/
-[64]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE
-[65]: https://maven.apache.org/surefire/maven-failsafe-plugin/
-[66]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[67]: https://www.eclipse.org/legal/epl-2.0/
-[68]: https://github.com/exasol/error-code-crawler-maven-plugin/
-[69]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
-[70]: http://zlika.github.io/reproducible-build-maven-plugin
-[71]: https://github.com/exasol/project-keeper/
-[72]: https://github.com/exasol/project-keeper/blob/main/LICENSE
-[73]: https://github.com/itsallcode/openfasttrace-maven-plugin
-[74]: https://www.gnu.org/licenses/gpl-3.0.html
-[75]: http://www.scalastyle.org
-[76]: https://github.com/diffplug/spotless
-[77]: https://github.com/evis/scalafix-maven-plugin
-[78]: https://opensource.org/licenses/BSD-3-Clause
-[79]: https://www.mojohaus.org/exec-maven-plugin
-[80]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz
+[47]: https://github.com/classgraph/classgraph
+[48]: http://sonarsource.github.io/sonar-scanner-maven/
+[49]: http://www.gnu.org/licenses/lgpl.txt
+[50]: https://maven.apache.org/plugins/maven-toolchains-plugin/
+[51]: https://maven.apache.org/plugins/maven-compiler-plugin/
+[52]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
+[53]: https://www.mojohaus.org/flatten-maven-plugin/
+[54]: https://sonatype.github.io/ossindex-maven/maven-plugin/
+[55]: http://github.com/davidB/scala-maven-plugin
+[56]: http://unlicense.org/
+[57]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
+[58]: https://maven.apache.org/plugins/maven-javadoc-plugin/
+[59]: https://maven.apache.org/surefire/maven-surefire-plugin/
+[60]: https://www.mojohaus.org/versions/versions-maven-plugin/
+[61]: https://basepom.github.io/duplicate-finder-maven-plugin
+[62]: https://maven.apache.org/plugins/maven-assembly-plugin/
+[63]: https://maven.apache.org/plugins/maven-jar-plugin/
+[64]: https://github.com/exasol/artifact-reference-checker-maven-plugin/
+[65]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE
+[66]: https://maven.apache.org/surefire/maven-failsafe-plugin/
+[67]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[68]: https://www.eclipse.org/legal/epl-2.0/
+[69]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[70]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[71]: http://zlika.github.io/reproducible-build-maven-plugin
+[72]: https://github.com/exasol/project-keeper/
+[73]: https://github.com/exasol/project-keeper/blob/main/LICENSE
+[74]: https://github.com/itsallcode/openfasttrace-maven-plugin
+[75]: https://www.gnu.org/licenses/gpl-3.0.html
+[76]: http://www.scalastyle.org
+[77]: https://github.com/diffplug/spotless
+[78]: https://github.com/evis/scalafix-maven-plugin
+[79]: https://opensource.org/licenses/BSD-3-Clause
+[80]: https://www.mojohaus.org/exec-maven-plugin
+[81]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 7233f97..b209bd3 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [1.7.6](changes_1.7.6.md)
* [1.7.5](changes_1.7.5.md)
* [1.7.4](changes_1.7.4.md)
* [1.7.3](changes_1.7.3.md)
diff --git a/doc/changes/changes_1.7.6.md b/doc/changes/changes_1.7.6.md
new file mode 100644
index 0000000..9fe5953
--- /dev/null
+++ b/doc/changes/changes_1.7.6.md
@@ -0,0 +1,42 @@
+# Kafka Connector Extension 1.7.6, released 2024-07-04
+
+Code name: Fix CVE-2021-47621 and update dependencies
+
+## Summary
+
+Fixes CVE-2021-47621 and update dependencies
+
+## Security
+
+* #98: CVE-2021-47621: io.github.classgraph:classgraph:jar:4.8.21:test
+
+## Dependency Updates
+
+### Exasol Kafka Connector Extension
+
+#### Compile Dependency Updates
+
+* Updated `com.fasterxml.jackson.core:jackson-core:2.17.0` to `2.17.1`
+* Updated `com.google.guava:guava:33.1.0-jre` to `33.2.1-jre`
+* Updated `io.confluent:kafka-avro-serializer:7.6.0` to `7.6.1`
+* Updated `org.apache.commons:commons-compress:1.26.1` to `1.26.2`
+
+#### Test Dependency Updates
+
+* Updated `ch.qos.logback:logback-classic:1.5.3` to `1.5.6`
+* Updated `ch.qos.logback:logback-core:1.5.3` to `1.5.6`
+* Updated `com.exasol:exasol-testcontainers:7.0.1` to `7.1.0`
+* Updated `com.exasol:extension-manager-integration-test-java:0.5.10` to `0.5.12`
+* Updated `io.confluent:kafka-streams-avro-serde:7.6.0` to `7.6.1`
+* Added `io.github.classgraph:classgraph:4.8.174`
+* Updated `io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.6.0` to `7.6.1.1`
+* Updated `org.testcontainers:kafka:1.19.7` to `1.19.8`
+
+#### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3`
+* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.3.3`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
+* Updated `org.apache.maven.plugins:maven-jar-plugin:3.3.0` to `3.4.1`
+* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index b9e4fde..d1224cf 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
kafka-connector-extension-generated-parent
- 1.7.5
+ 1.7.6
pom
UTF-8
@@ -39,12 +39,12 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.11.0.3922
+ 4.0.0.4121
org.apache.maven.plugins
maven-toolchains-plugin
- 3.1.0
+ 3.2.0
@@ -77,7 +77,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.4.1
+ 3.5.0
enforce-maven
@@ -230,7 +230,7 @@
org.apache.maven.plugins
maven-jar-plugin
- 3.3.0
+ 3.4.1
default-jar
@@ -315,7 +315,7 @@
com.exasol
error-code-crawler-maven-plugin
- 2.0.2
+ 2.0.3
verify
diff --git a/pom.xml b/pom.xml
index 70dfaac..1d5e3fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.exasol
kafka-connector-extension
- 1.7.5
+ 1.7.6
Exasol Kafka Connector Extension
Exasol Kafka Extension for accessing Apache Kafka
https://github.com/exasol/kafka-connector-extension/
@@ -58,7 +58,7 @@
at org.apache.avro.SchemaBuilder$FieldBuilder.completeField(SchemaBuilder.java:2249) -->
com.fasterxml.jackson.core
jackson-core
- 2.17.0
+ 2.17.1
com.exasol
@@ -68,12 +68,12 @@
org.apache.commons
commons-compress
- 1.26.1
+ 1.26.2
io.confluent
kafka-avro-serializer
- 7.6.0
+ 7.6.1
org.slf4j
@@ -109,7 +109,7 @@
com.google.guava
guava
- 33.1.0-jre
+ 33.2.1-jre
@@ -133,7 +133,7 @@
com.exasol
exasol-testcontainers
- 7.0.1
+ 7.1.0
test
@@ -151,7 +151,7 @@
com.exasol
extension-manager-integration-test-java
- 0.5.10
+ 0.5.12
test
@@ -164,7 +164,7 @@
io.github.embeddedkafka
embedded-kafka-schema-registry_${scala.compat.version}
- 7.6.0
+ 7.6.1.1
test
@@ -216,20 +216,20 @@
ch.qos.logback
logback-core
- 1.5.3
+ 1.5.6
test
ch.qos.logback
logback-classic
- 1.5.3
+ 1.5.6
test
io.confluent
kafka-streams-avro-serde
- 7.6.0
+ 7.6.1
test
@@ -247,7 +247,7 @@
org.testcontainers
kafka
- 1.19.7
+ 1.19.8
test
@@ -268,6 +268,13 @@
2.12.7
test
+
+
+ io.github.classgraph
+ classgraph
+ 4.8.174
+ test
+
@@ -476,7 +483,7 @@
com.exasol
project-keeper-maven-plugin
- 4.3.0
+ 4.3.3
@@ -634,7 +641,7 @@
kafka-connector-extension-generated-parent
com.exasol
- 1.7.5
+ 1.7.6
pk_generated_parent.pom
diff --git a/release_config.yml b/release_config.yml
deleted file mode 100644
index 45f75e8..0000000
--- a/release_config.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-release-platforms:
- - GitHub
-language: Java