From 46989b57d9cdf969be9473d1ca6bcb61c7923135 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:06:11 -0400 Subject: [PATCH 01/24] Updates integTestRemote task to dynamically fetch common-utils version from build.gradle (#3122) Fixes integTestRemote task to dynamically fetch common-utils version from build.gradle instead of hard-coding it in the shell script * Category : Refactoring * Why these changes are required? A temporary fix (#3018) was added to resolve CI failures in RC generation caused due to out-of-date common-utils version being used in the sanity test. ### Issues Resolved Related to comment: https://github.com/opensearch-project/security/pull/3018#issuecomment-1638612650 **This changes addresses the issue permanently by modifying integTestRemote task to fetch the common-utils version dynamically from build.gradle, and prevent blocking RC builds in future due to such issue** Signed-off-by: Darshit Chanpura --- scripts/integtest.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/scripts/integtest.sh b/scripts/integtest.sh index 0401d00fa0..98ee40fbd6 100755 --- a/scripts/integtest.sh +++ b/scripts/integtest.sh @@ -20,7 +20,6 @@ function usage() { echo -e "-v OPENSEARCH_VERSION\t, no defaults" echo -e "-n SNAPSHOT\t, defaults to false" echo -e "-m CLUSTER_NAME\t, defaults to docker-cluster" - echo -e "-u COMMON_UTILS_VERSION\t, defaults to 3.0.0.0-SNAPSHOT" echo "--------------------------------------------------------------------------" } @@ -99,12 +98,8 @@ if [ -z "$CLUSTER_NAME" ] then CLUSTER_NAME="docker-cluster" fi -if [ -z "$COMMON_UTILS_VERSION" ] -then - COMMON_UTILS_VERSION="3.0.0.0-SNAPSHOT" -fi USERNAME=`echo $CREDENTIAL | awk -F ':' '{print $1}'` PASSWORD=`echo $CREDENTIAL | awk -F ':' '{print $2}'` -./gradlew integTestRemote -Dtests.rest.cluster="$BIND_ADDRESS:$BIND_PORT" -Dtests.cluster="$BIND_ADDRESS:$BIND_PORT" -Dsecurity_enabled=$SECURITY_ENABLED -Dtests.clustername=$CLUSTER_NAME -Dhttps=true -Duser=$USERNAME -Dpassword=$PASSWORD -Dcommon_utils.version=$COMMON_UTILS_VERSION +./gradlew integTestRemote -Dtests.rest.cluster="$BIND_ADDRESS:$BIND_PORT" -Dtests.cluster="$BIND_ADDRESS:$BIND_PORT" -Dsecurity_enabled=$SECURITY_ENABLED -Dtests.clustername=$CLUSTER_NAME -Dhttps=true -Duser=$USERNAME -Dpassword=$PASSWORD From d8568d9535b266aae03f900f419376c2633aaacf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Aug 2023 16:47:26 -0500 Subject: [PATCH 02/24] dependabot: bump org.ow2.asm:asm from 9.1 to 9.5 (#3121) Bumps org.ow2.asm:asm from 9.1 to 9.5. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 442cd414ad..35ef39fb19 100644 --- a/build.gradle +++ b/build.gradle @@ -531,7 +531,7 @@ dependencies { runtimeOnly 'com.google.errorprone:error_prone_annotations:2.20.0' runtimeOnly 'com.sun.istack:istack-commons-runtime:4.2.0' runtimeOnly 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0' - runtimeOnly 'org.ow2.asm:asm:9.1' + runtimeOnly 'org.ow2.asm:asm:9.5' testImplementation 'org.apache.camel:camel-xmlsecurity:3.21.0' From f70931ba9bf2348f4abff0c3a9eedc173a5a1ecb Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Thu, 10 Aug 2023 12:25:22 -0500 Subject: [PATCH 03/24] Automatically update GitHub Actions dependencies with dependabot (#3133) Automatically update GitHub Actions dependencies with dependabot. Noticed this was possible when I was reading the notice around CodeQL's v1 deprecation, https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/#can-i-use-dependabot-to-help-me-with-this-upgrade Signed-off-by: Peter Nied --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 797b3f81cf..f8881e1f2b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,3 +10,9 @@ updates: # For all packages, ignore all major versions to minimize breaking issues - dependency-name: "*" update-types: ["version-update:semver-major"] + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "dependabot:" From 3139c184137f0bfbe8c1dea7f3839724e7a3ebef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Aug 2023 16:10:29 -0500 Subject: [PATCH 04/24] dependabot: bump SvanBoxel/delete-merged-branch from b77e873cee00b09f55cc553bd24aae5f8dfc9157 to 2b5b058e3db41a3328fd9a6a58fd4c2545a14353 (#3145) Bumps [SvanBoxel/delete-merged-branch](https://github.com/svanboxel/delete-merged-branch) from b77e873cee00b09f55cc553bd24aae5f8dfc9157 to 2b5b058e3db41a3328fd9a6a58fd4c2545a14353. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/delete_backport_branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delete_backport_branch.yml b/.github/workflows/delete_backport_branch.yml index 9964fe1ec8..d102506291 100644 --- a/.github/workflows/delete_backport_branch.yml +++ b/.github/workflows/delete_backport_branch.yml @@ -10,6 +10,6 @@ jobs: if: startsWith(github.event.pull_request.head.ref,'backport/') steps: - name: Delete merged branch - uses: SvanBoxel/delete-merged-branch@b77e873cee00b09f55cc553bd24aae5f8dfc9157 + uses: SvanBoxel/delete-merged-branch@2b5b058e3db41a3328fd9a6a58fd4c2545a14353 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 31ec3220841d063042926936bd803afaf2ace637 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Fri, 11 Aug 2023 12:11:30 -0400 Subject: [PATCH 05/24] React to changes in ActionListener and ActionResponse from #9082 (#3153) Reacts to changes in ActionListener and ActionResponse introduced in https://github.com/opensearch-project/OpenSearch/pull/9082 Also includes a fix for a call to XContentHelper.toXContent in response to https://github.com/opensearch-project/OpenSearch/pull/9156 Signed-off-by: Craig Perkins --- .../framework/cluster/ContextHeaderDecoratorClient.java | 4 ++-- .../org/opensearch/security/OpenSearchSecurityPlugin.java | 2 +- .../security/action/whoami/TransportWhoAmIAction.java | 2 +- .../opensearch/security/action/whoami/WhoAmIResponse.java | 2 +- .../configuration/ConfigurationLoaderSecurity7.java | 2 +- .../configuration/DlsFilterLevelActionHandler.java | 2 +- .../security/configuration/DlsFlsRequestValve.java | 2 +- .../security/configuration/DlsFlsValveImpl.java | 2 +- .../security/dlic/rest/api/AbstractApiAction.java | 2 +- .../security/dlic/rest/api/FlushCacheApiAction.java | 2 +- .../security/dlic/rest/api/MigrateApiAction.java | 2 +- .../org/opensearch/security/dlic/rest/support/Utils.java | 8 +++++++- .../org/opensearch/security/filter/SecurityFilter.java | 4 ++-- .../security/dlic/dlsfls/CCReplicationTest.java | 4 ++-- .../opensearch/security/filter/SecurityFilterTest.java | 4 ++-- .../http/proxy/HTTPExtendedProxyAuthenticatorTest.java | 2 +- 16 files changed, 26 insertions(+), 20 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/ContextHeaderDecoratorClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/ContextHeaderDecoratorClient.java index 2b05807fa2..c6ddf3281a 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/ContextHeaderDecoratorClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/ContextHeaderDecoratorClient.java @@ -12,9 +12,9 @@ import java.util.Collections; import java.util.Map; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.ActionRequest; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionResponse; import org.opensearch.action.ActionType; import org.opensearch.action.support.ContextPreservingActionListener; import org.opensearch.client.Client; diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 28ba1a716b..a43afcb187 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -67,7 +67,7 @@ import org.opensearch.SpecialPermission; import org.opensearch.Version; import org.opensearch.action.ActionRequest; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionResponse; import org.opensearch.action.search.PitService; import org.opensearch.action.search.SearchScrollAction; import org.opensearch.action.support.ActionFilter; diff --git a/src/main/java/org/opensearch/security/action/whoami/TransportWhoAmIAction.java b/src/main/java/org/opensearch/security/action/whoami/TransportWhoAmIAction.java index bd3ecf46a2..f7e741b868 100644 --- a/src/main/java/org/opensearch/security/action/whoami/TransportWhoAmIAction.java +++ b/src/main/java/org/opensearch/security/action/whoami/TransportWhoAmIAction.java @@ -26,7 +26,7 @@ package org.opensearch.security.action.whoami; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; import org.opensearch.cluster.service.ClusterService; diff --git a/src/main/java/org/opensearch/security/action/whoami/WhoAmIResponse.java b/src/main/java/org/opensearch/security/action/whoami/WhoAmIResponse.java index ef61af5527..976e6d1238 100644 --- a/src/main/java/org/opensearch/security/action/whoami/WhoAmIResponse.java +++ b/src/main/java/org/opensearch/security/action/whoami/WhoAmIResponse.java @@ -28,7 +28,7 @@ import java.io.IOException; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionResponse; import org.opensearch.core.common.Strings; import org.opensearch.core.common.io.stream.StreamInput; import org.opensearch.core.common.io.stream.StreamOutput; diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationLoaderSecurity7.java b/src/main/java/org/opensearch/security/configuration/ConfigurationLoaderSecurity7.java index 3cf7ce534c..ac53895310 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationLoaderSecurity7.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationLoaderSecurity7.java @@ -40,7 +40,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.get.GetResponse; import org.opensearch.action.get.MultiGetItemResponse; import org.opensearch.action.get.MultiGetRequest; diff --git a/src/main/java/org/opensearch/security/configuration/DlsFilterLevelActionHandler.java b/src/main/java/org/opensearch/security/configuration/DlsFilterLevelActionHandler.java index fa1c4989e0..099e27c238 100644 --- a/src/main/java/org/opensearch/security/configuration/DlsFilterLevelActionHandler.java +++ b/src/main/java/org/opensearch/security/configuration/DlsFilterLevelActionHandler.java @@ -25,7 +25,6 @@ import org.apache.logging.log4j.Logger; import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.ActionListener; import org.opensearch.action.ActionRequest; import org.opensearch.action.admin.cluster.shards.ClusterSearchShardsRequest; import org.opensearch.action.get.GetRequest; @@ -44,6 +43,7 @@ import org.opensearch.common.document.DocumentField; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.common.util.concurrent.ThreadContext.StoredContext; +import org.opensearch.core.action.ActionListener; import org.opensearch.index.IndexService; import org.opensearch.index.get.GetResult; import org.opensearch.index.mapper.MapperService; diff --git a/src/main/java/org/opensearch/security/configuration/DlsFlsRequestValve.java b/src/main/java/org/opensearch/security/configuration/DlsFlsRequestValve.java index 9bce6564dc..954461b43d 100644 --- a/src/main/java/org/opensearch/security/configuration/DlsFlsRequestValve.java +++ b/src/main/java/org/opensearch/security/configuration/DlsFlsRequestValve.java @@ -26,7 +26,7 @@ package org.opensearch.security.configuration; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.ActionRequest; import org.opensearch.core.xcontent.NamedXContentRegistry; import org.opensearch.search.internal.SearchContext; diff --git a/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java b/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java index cf2e77a25f..14eaed4e0d 100644 --- a/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java +++ b/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java @@ -34,7 +34,7 @@ import org.opensearch.OpenSearchException; import org.opensearch.OpenSearchSecurityException; import org.opensearch.SpecialPermission; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.ActionRequest; import org.opensearch.action.DocWriteRequest; import org.opensearch.action.RealtimeRequest; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java index aeeb4f1c92..6a1d011fd3 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java @@ -22,7 +22,6 @@ import org.apache.logging.log4j.Logger; import org.opensearch.ExceptionsHelper; -import org.opensearch.action.ActionListener; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.index.IndexResponse; import org.opensearch.action.support.WriteRequest.RefreshPolicy; @@ -42,6 +41,7 @@ import org.opensearch.rest.RestController; import org.opensearch.rest.RestRequest; import org.opensearch.rest.RestRequest.Method; +import org.opensearch.core.action.ActionListener; import org.opensearch.core.rest.RestStatus; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.action.configupdate.ConfigUpdateAction; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java index ad7e035d7c..9c36b971e7 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java @@ -20,11 +20,11 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import org.opensearch.action.ActionListener; import org.opensearch.client.Client; import org.opensearch.cluster.service.ClusterService; import org.opensearch.common.inject.Inject; import org.opensearch.common.settings.Settings; +import org.opensearch.core.action.ActionListener; import org.opensearch.rest.RestChannel; import org.opensearch.rest.RestController; import org.opensearch.rest.RestRequest; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java index 73066666b9..9cb926497f 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java @@ -22,7 +22,6 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import org.opensearch.action.ActionListener; import org.opensearch.action.admin.indices.create.CreateIndexResponse; import org.opensearch.action.bulk.BulkRequestBuilder; import org.opensearch.action.bulk.BulkResponse; @@ -32,6 +31,7 @@ import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexMetadata; import org.opensearch.cluster.service.ClusterService; +import org.opensearch.core.action.ActionListener; import org.opensearch.core.common.bytes.BytesReference; import org.opensearch.common.collect.Tuple; import org.opensearch.common.inject.Inject; diff --git a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java index 34a8da8b9d..5a3392e2d4 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java +++ b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java @@ -41,6 +41,7 @@ import org.opensearch.common.xcontent.XContentHelper; import org.opensearch.common.xcontent.XContentType; import org.opensearch.common.xcontent.json.JsonXContent; +import org.opensearch.core.xcontent.MediaTypeRegistry; import org.opensearch.core.xcontent.NamedXContentRegistry; import org.opensearch.core.xcontent.ToXContent; import org.opensearch.core.xcontent.XContentParser; @@ -111,7 +112,12 @@ public static JsonNode convertJsonToJackson(ToXContent jsonContent, boolean omit pm.put("omit_defaults", String.valueOf(omitDefaults)); ToXContent.MapParams params = new ToXContent.MapParams(pm); - final BytesReference bytes = XContentHelper.toXContent(jsonContent, XContentType.JSON, params, false); + final BytesReference bytes = org.opensearch.core.xcontent.XContentHelper.toXContent( + jsonContent, + MediaTypeRegistry.JSON, + params, + false + ); return DefaultObjectMapper.readTree(bytes.utf8ToString()); } catch (IOException e1) { throw ExceptionsHelper.convertToOpenSearchException(e1); diff --git a/src/main/java/org/opensearch/security/filter/SecurityFilter.java b/src/main/java/org/opensearch/security/filter/SecurityFilter.java index e540d48512..06f2fae397 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityFilter.java +++ b/src/main/java/org/opensearch/security/filter/SecurityFilter.java @@ -40,9 +40,9 @@ import org.opensearch.OpenSearchException; import org.opensearch.OpenSearchSecurityException; import org.opensearch.ResourceAlreadyExistsException; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.ActionRequest; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionResponse; import org.opensearch.action.DocWriteRequest.OpType; import org.opensearch.action.admin.cluster.snapshots.restore.RestoreSnapshotRequest; import org.opensearch.action.admin.indices.alias.Alias; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java index 697ed8f898..549486b784 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java @@ -23,10 +23,10 @@ import org.junit.Test; import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.action.ActionRequest; import org.opensearch.action.ActionRequestValidationException; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionResponse; import org.opensearch.action.ActionType; import org.opensearch.action.IndicesRequest; import org.opensearch.action.IndicesRequest.Replaceable; diff --git a/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java index 3e9cfe4b5e..ea2978302e 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java @@ -21,8 +21,8 @@ import org.mockito.ArgumentCaptor; import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.ActionListener; -import org.opensearch.action.ActionResponse; +import org.opensearch.core.action.ActionListener; +import org.opensearch.core.action.ActionResponse; import org.opensearch.cluster.service.ClusterService; import org.opensearch.common.settings.Settings; import org.opensearch.security.auditlog.AuditLog; diff --git a/src/test/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticatorTest.java b/src/test/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticatorTest.java index 085ea61668..d3bf10d943 100644 --- a/src/test/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticatorTest.java +++ b/src/test/java/org/opensearch/security/http/proxy/HTTPExtendedProxyAuthenticatorTest.java @@ -36,7 +36,7 @@ import org.junit.Test; import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.ActionListener; +import org.opensearch.core.action.ActionListener; import org.opensearch.core.common.bytes.BytesReference; import org.opensearch.common.settings.Settings; import org.opensearch.common.util.concurrent.ThreadContext; From fec926dc094d55d3eb25102275c3f8be72f53b5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 12:50:24 -0400 Subject: [PATCH 06/24] dependabot: bump com.google.guava:guava from 32.1.1-jre to 32.1.2-jre (#3149) Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.1-jre to 32.1.2-jre.
Release notes

Sourced from com.google.guava:guava's releases.

32.1.2

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.2-jre</version>
  <!-- or, for Android: -->
  <version>32.1.2-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. (9ed0fa65ab)
  • Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. (71a16d5a74)
  • collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. (b41968f5f2)
  • net: Optimized InternetDomainName construction. (3a1d18fbefa10218988a0fbbb6e1fada012397bf, eaa62eb09548a6f1b7a757e21d8852724b631cab)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.guava:guava&package-manager=gradle&previous-version=32.1.1-jre&new-version=32.1.2-jre)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 35ef39fb19..c06909f391 100644 --- a/build.gradle +++ b/build.gradle @@ -30,7 +30,7 @@ buildscript { open_saml_version = '4.3.0' one_login_java_saml = '2.9.0' jjwt_version = '0.11.5' - guava_version = '32.1.1-jre' + guava_version = '32.1.2-jre' jaxb_version = '2.3.8' if (buildVersionQualifier) { From 6d4f2728cf1ef8da8e38bd019a7599051142125d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 12:51:05 -0400 Subject: [PATCH 07/24] dependabot: bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.5.1 (#3148) Bumps [com.fasterxml.woodstox:woodstox-core](https://github.com/FasterXML/woodstox) from 6.4.0 to 6.5.1.
Commits
  • 725694c [maven-release-plugin] prepare release woodstox-core-6.5.1
  • b205e22 Update release notes wrt #170
  • 5e4ff54 Declare osgi.serviceloader.registrar to be optional. (#172)
  • 696330e Fix #167: remove StudyTrails links
  • 256a82e Add 6.5 Javadocs
  • 8b99a01 [maven-release-plugin] prepare for next development iteration
  • 830654b [maven-release-plugin] prepare release woodstox-core-6.5.0
  • 168eb4b Prepare for Woodstox 6.5.0 release
  • c8e64cb Revert "Declare osgi.serviceloader.registrar requirement as optional. (#155)"...
  • 2ebb4a5 Update master to 6.5.0-SNAPSHOT
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fasterxml.woodstox:woodstox-core&package-manager=gradle&previous-version=6.4.0&new-version=6.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index c06909f391..d7c6711d1f 100644 --- a/build.gradle +++ b/build.gradle @@ -568,7 +568,7 @@ dependencies { runtimeOnly 'org.xerial.snappy:snappy-java:1.1.10.3' runtimeOnly 'org.codehaus.woodstox:stax2-api:4.2.1' runtimeOnly "org.glassfish.jaxb:txw2:${jaxb_version}" - runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.4.0' + runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.5.1' runtimeOnly 'org.apache.ws.xmlschema:xmlschema-core:2.2.5' runtimeOnly 'org.apache.santuario:xmlsec:2.2.3' runtimeOnly "com.github.luben:zstd-jni:${versions.zstd}" From d5b0715dcc4d06f73cbff4e13616d35b0031138b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:05:22 -0400 Subject: [PATCH 08/24] dependabot: bump org.junit.jupiter:junit-jupiter from 5.8.2 to 5.10.0 (#3146) Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.8.2 to 5.10.0.
Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.10.0 = Platform 1.10.0 + Jupiter 5.10.0 + Vintage 5.10.0

See Release Notes.

Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.0-RC2...r5.10.0

JUnit 5.10.0-RC2 = Platform 1.10.0-RC2+ Jupiter 5.10.0-RC2 + Vintage 5.10.0-RC2

See Release Notes.

JUnit 5.10.0-RC1 = Platform 1.10.0-RC1 + Jupiter 5.10.0-RC1 + Vintage 5.10.0-RC1

See Release Notes.

JUnit 5.10.0-M1 = Platform 1.10.0-M1 + Jupiter 5.10.0-M1 + Vintage 5.10.0-M1

See Release Notes.

JUnit 5.9.3 = Platform 1.9.3 + Jupiter 5.9.3 + Vintage 5.9.3

See Release Notes.

JUnit 5.9.2 = Platform 1.9.2 + Jupiter 5.9.2 + Vintage 5.9.2

See Release Notes.

JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1

See Release Notes.

JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0

See Release Notes.

JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1

See Release Notes.

JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1

See Release Notes.

Commits
  • 7f619ca Release 5.10
  • 9899de4 Update Gradle Enterprise plugin to 3.14
  • 45b970f Replace soon-to-be-deprecated usages of project.buildDir
  • 463ae36 Prune Release Notes for 5.10 GA
  • 893c64b Back to snapshots for further development
  • e6ff0c5 Release 5.10.0-RC2
  • b08a76b Add 5.10.0-RC2 release notes
  • 2c278c7 Revert "Prune Release Notes for 5.10 GA"
  • acb6e65 Provide access to source element annotations for TempDirFactory
  • 73818a1 Bump org.gradle.toolchains:foojay-resolver from 0.5.0 to 0.6.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.jupiter:junit-jupiter&package-manager=gradle&previous-version=5.8.2&new-version=5.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index d7c6711d1f..5b347c3ae5 100644 --- a/build.gradle +++ b/build.gradle @@ -600,8 +600,8 @@ dependencies { testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" testImplementation 'org.springframework.kafka:spring-kafka-test:2.9.6' testImplementation 'org.springframework:spring-beans:5.3.20' - testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' - testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' + testImplementation 'org.junit.jupiter:junit-jupiter:5.10.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0' // Only osx-x86_64, osx-aarch_64, linux-x86_64, linux-aarch_64, windows-x86_64 are available if (osdetector.classifier in ["osx-x86_64", "osx-aarch_64", "linux-x86_64", "linux-aarch_64", "windows-x86_64"]) { testImplementation "io.netty:netty-tcnative-classes:2.0.54.Final" From 5bb58de8fe6b815da75f28e165e3d953c31c9e33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:05:49 -0400 Subject: [PATCH 09/24] dependabot: bump actions/upload-release-asset from 1.0.1 to 1.0.2 (#3144) Bumps [actions/upload-release-asset](https://github.com/actions/upload-release-asset) from 1.0.1 to 1.0.2.
Release notes

Sourced from actions/upload-release-asset's releases.

Automate sliding major version number

This is a minor update to make the current release have the latest code from master, and additionally allows for a new automation workflow to execute to automate the sliding of the major (v1, v2, v3, etc) version numbers for ease of referencing

Commits
  • e8f9f06 Merge pull request #27 from actions/IAmHughes/add-automated-versioning
  • 1418754 Add versioning action to automatically slide major versions with releases
  • 7d8fb6c Merge pull request #6 from actions/IAmHughes/fix-link-to-license
  • c53f077 Fix link to LICENSE
  • 72e8a5e Merge pull request #5 from cesperanc/documentation-update
  • bf2a7fb Update example to use the fixed version
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-release-asset&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 03d5d6bd9b..1893e8965e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -57,7 +57,7 @@ jobs: - name: Upload Release Asset id: upload-release-asset - uses: actions/upload-release-asset@v1.0.1 + uses: actions/upload-release-asset@v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From fe22729ca983514bb643c3c721fcfdc5d5c48b2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:06:22 -0400 Subject: [PATCH 10/24] dependabot: bump tibdex/github-app-token from 1.5.0 to 1.8.0 (#3147) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1.5.0 to 1.8.0.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tibdex/github-app-token&package-manager=github_actions&previous-version=1.5.0&new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/auto-release.yml | 2 +- .github/workflows/backport.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index ce71aed419..4f37d6918f 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -13,7 +13,7 @@ jobs: steps: - name: GitHub App token id: github_app_token - uses: tibdex/github-app-token@v1.5.0 + uses: tibdex/github-app-token@v1.8.0 with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.APP_PRIVATE_KEY }} diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 6472a968d8..40ec3d70b1 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -16,7 +16,7 @@ jobs: steps: - name: GitHub App token id: github_app_token - uses: tibdex/github-app-token@v1.5.0 + uses: tibdex/github-app-token@v1.8.0 with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.APP_PRIVATE_KEY }} From 35357a253d08f20544266f7608b582b879a460b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:06:50 -0400 Subject: [PATCH 11/24] dependabot: bump com.unboundid:unboundid-ldapsdk from 4.0.9 to 4.0.14 (#3143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 4.0.9 to 4.0.14.
Release notes

Sourced from com.unboundid:unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 4.0.14

We have just released version 4.0.14 of the UnboundID LDAP SDK for Java. It is available for download from the releases page of our GitHub repository (https://github.com/pingidentity/ldapsdk/releases), from the Files page of our SourceForge repository (https://sourceforge.net/projects/ldap-sdk/files/), and from the Maven Central Repository (https://search.maven.org/search?q=g:com.unboundid%20AND%20a:unboundid-ldapsdk&core=gav).

The LDAP SDK release notes are available at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but the changes included in this release are as follows:

  • Fixed an issue in which LDAP URLs with consecutive percent-encoded bytes were not decoded correctly.

  • Fixed an issue that could cause the LDAP SDK to incorrectly handle data read from a server when the communication was protected with SASL integrity or confidentiality. Thanks to Boris Danilovich for reporting the problem and identifying the cause.

  • Fixed an issue that prevented the searchrate tool from running if neither a base DN pattern nor an LDAP URL pattern was provided.

  • Improved the logic that the LDAP SDK used when selecting the cipher suites to use when establishing a TLS-secured connection. Weaker suites are disabled, and the enabled suites are prioritized so that those offering forward secrecy and stronger encryption are preferred.

  • Added a new FullLDAPInterface that extends LDAPInterface and adds support for close, bind, and processExtendedOperation methods. The existing LDAPConnection, AbstractConnectionPool, and InMemoryDirectoryServer classes have been updated to implement this interface.

  • Added a new non-final MockableLDAPConnection class that makes it easier to mock an LDAPConnection instance. It implements FullLDAPInterface and wraps a provided LDAPConnection. If you create a MockableLDAPConnection subclass, then you may override any of the FullLDAPInterface methods to provide whatever logic you desire for them. Any non-overridden methods will invoke the corresponding method on the provided LDAPConnection instance.

  • Fixed a minor typo in the ldapsearch usage information

UnboundID LDAP SDK for Java 4.0.13

We have just released version 4.0.13 of the UnboundID LDAP SDK for Java. It is available for download from the releases page of our GitHub repository (https://github.com/pingidentity/ldapsdk/releases), from the Files page of our SourceForge repository (https://sourceforge.net/projects/ldap-sdk/files/), and from the Maven Central Repository (https://search.maven.org/search?q=g:com.unboundid%20AND%20a:unboundid-ldapsdk&core=gav).

This is a minor update that is primarily intended to serve the upcoming Ping Identity Directory Server 8.0.0.0 release. The LDAP SDK release notes are available online at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but the changes included in this release are as follows:

  • Added support for debugging connection pool interactions, including checking out and releasing connections, as well as establishing and closing connections for use in the pool.

  • Fixed an issue in the prompt trust manager that could cause it to incorrectly display a warning for some certificates with a basic constraints extension that included the optional path length constraint.

  • Updated the manage-certificates check-certificate-usability command to add an additional check to see whether the certificate at the root of the chain is found in the JVM’s default set of trusted issuer certificates. If it is not found, the tool will display a notice, but it will still complete with a success result.

  • Fixed an issue in manage-certificates that could prevent it from correctly showing the key agreement usage when displaying verbose information about a certificate with the key usage extension.

  • Fixed an issue that could prevent properly decoding an authority key identifier extension that included the optional authorityCertIssuer element in an X.509 certificate.

  • Made the ManageCertificates.readCertificatesFromFile method public so that it can be used outside of the LDAP SDK. This method can be used to read a set of PEM-encoded or DER-encoded X.509 certificates from a specified file.

  • Made the ManageCertificates.readCertificateSigningRequestFromFile method so that it can be used outside of the LDAP SDK. This method can be used to read a PEM-encoded or DER-encoded PKCS #10 certificate signing request from a file.

  • Updated the passphrase-encrypted output stream to provide an option to override the default key factory iteration count.

  • Updated support for the exec task to add an option to specify the path to use as the current working directory when invoking the specified command. Previously, the server would always use the server instance root directory, and that will still be the default if no alternate working directory is specified.

  • Added an additional StaticUtils.getEnvironmentVariable method variant that can be used to provide a default value that should be used if the specified environment variable is not set.

  • Added an additional StaticUtils.getStackTrace method variant that allows you to limit the number of stack frames to include from code before the call into the LDAP SDK. Also, updated StaticUtils.getExceptionMessage when invoked for a NullPointerException so that it now shows all frames from the LDAP SDK (and anything that the LDAP SDK calls), and up to three frames from the code before the call into the LDAP SDK.

UnboundID LDAP SDK for Java 4.0.12

We have just released version 4.0.12 of the UnboundID LDAP SDK for Java. It is available for download from the releases page of our GitHub repository (https://github.com/pingidentity/ldapsdk/releases), from the Files page of our SourceForge repository (https://sourceforge.net/projects/ldap-sdk/files/), and from the Maven Central Repository (https://search.maven.org/search?q=g:com.unboundid%20AND%20a:unboundid-ldapsdk&core=gav).

The LDAP SDK release notes are available at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but the changes included in this release are as follows:

... (truncated)

Changelog

Sourced from com.unboundid:unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information 

          <h2>Release Notes</h2>

      &lt;h3&gt;Version 6.0.10&lt;/h3&gt;

      &lt;p&gt;
The following changes were made between the 6.0.9 and 6.0.10 releases:
      &lt;/p&gt;

      &lt;ul&gt;
        &lt;li&gt;
Added a new ReusableRefeerralConnector interface that can be used to
provide a
way of following referrals using a mechanism that doesn't automatically
close
connections after they are used. This allows for the possibility that
connections created for the purpose of following referrals could be used
for
multiple referrals, rather than always closing them after their first
use as was
previously the case. Also, added a new PooledReferralConnector
implementation
that uses connection pools to maintain connections for following
referrals.
          &lt;br&gt;&lt;br&gt;
        &lt;/li&gt;

        &lt;li&gt;
Updated the PLAINBindRequest class to add an encodeCredentials method
that can be
used to retrieve a properly encoded representation of the SASL
credentials for a
PLAIN bind request with the given authentication ID, authorization ID,
and
          password.
          &lt;br&gt;&lt;br&gt;
        &lt;/li&gt;

        &lt;li&gt;
Updated the JSONNumber class to add getValueAsInteger and getValueAsLong
methods
that will return the value of the number as an Integer or Long,
respectively, but
only if it can do so losslessly. These methods will return null if the
value has
a fractional component or if it is outside the range of the associated
data type.
          &lt;br&gt;&lt;br&gt;
        &lt;/li&gt;

        &lt;li&gt;
Updated the JSONNumber class to add a getValueAsDouble method that will
return
the value of the number as a double. This method will never return null,
although the value that is returned may have less precision than the
internal
BigDecimal value, or it may be converted to positive or negative
infinity if the
BigDecimal value is outside the range that can be represented by a
double.
          &lt;br&gt;&lt;br&gt;
        &lt;/li&gt;

... (truncated)

Commits
  • c0fb784 Fix an issue with percent-decoding of LDAP URLs
  • 59b23b6 Allow selecting supported cipher suites
  • e6d19bf Allow selecting supported cipher suites
  • ab92023 Improve TLS cipher suite selection
  • b0bfa20 Fix a GenerateToolUsage issue with no examples
  • 54cf106 Fix a searchrate NPE with no base DN or LDAP URL
  • 00bb393 Make it easier to mock LDAPConnection
  • d49a006 Fix an issue with SASL integrity/confidentiality
  • e7085c8 Fix a minor typo in ldapsearch usage
  • e37261b Post 4.0.13 release updates
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.unboundid:unboundid-ldapsdk&package-manager=gradle&previous-version=4.0.9&new-version=4.0.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 5b347c3ae5..815d3aa840 100644 --- a/build.gradle +++ b/build.gradle @@ -588,9 +588,9 @@ dependencies { testImplementation "org.opensearch.plugin:aggs-matrix-stats-client:${opensearch_version}" testImplementation "org.apache.logging.log4j:log4j-core:${versions.log4j}" testImplementation 'javax.servlet:servlet-api:2.5' - testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' + testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14' testImplementation 'com.github.stephenc.jcip:jcip-annotations:1.0-1' - testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' + testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14' testImplementation 'javax.servlet:servlet-api:2.5' testImplementation 'org.apache.httpcomponents:fluent-hc:4.5.13' testImplementation "org.apache.httpcomponents.client5:httpclient5-fluent:${versions.httpclient5}" @@ -642,7 +642,7 @@ dependencies { integrationTestImplementation('org.awaitility:awaitility:4.2.0') { exclude(group: 'org.hamcrest', module: 'hamcrest') } - integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' + integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14' //Checkstyle checkstyle 'com.puppycrawl.tools:checkstyle:10.12.1' From 05f12d8b3093b811a24e16395af2ad891d6035a7 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 11 Aug 2023 13:31:36 -0500 Subject: [PATCH 12/24] Only run CI on push for 'official' branches (#3150) --- .github/workflows/ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 66919ab87e..fcc1ffe7ac 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,12 @@ name: CI -on: [push, pull_request] +on: + push: + branches: + - main + - 1.* + - 2.* + pull_request: env: GRADLE_OPTS: -Dhttp.keepAlive=false From 554c97a50d0797e74c213c863f4424ff7ba78c94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:41:05 -0400 Subject: [PATCH 13/24] dependabot: bump actions/create-release from 1.0.0 to 1.1.4 (#3141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/create-release](https://github.com/actions/create-release) from 1.0.0 to 1.1.4.
Release notes

Sourced from actions/create-release's releases.

v1.1.4

This release adds the ability to specify an owner/repo in your inputs to have an action run create releases on a different repository.

v1.1.3

This release includes vendored licenses for this action's npm dependencies.

v1.1.2

Adds the ability to populate the release body from a file. actions/create-release#50

v1.1.1

v1.1.0

  • Add support to v2 to connect to GHES (#70)
  • Bumped acorn (#57) and handlebars (#33) versions

Automate sliding major version number

This is a minor update to make the current release have the latest code from master, and additionally allows for a new automation workflow to execute to automate the sliding of the major (v1, v2, v3, etc) version numbers for ease of referencing

Commits
  • 0cb9c9b Merge pull request #96 from Chocrates/main
  • 8868c04 Add commitish to inputs in README
  • 7c69cb4 Updating readme with new inputs
  • 818a8f0 adding owner/repo options for remote releasing
  • 1e92f6f Merge pull request #86 from thboop/thboop/AddThirdPartyLicenses
  • 653bc6f Update licenses for @​actions npm modules
  • e7b3139 Add Third Party License Information
  • 705dd14 Merge pull request #82 from actions/ci-on-main
  • c068e85 Update ci.yml
  • 89e8dc2 Merge pull request #81 from actions/dependabot/npm_and_yarn/lodash-4.17.19
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-release&package-manager=github_actions&previous-version=1.0.0&new-version=1.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 1893e8965e..8c7255347f 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -46,7 +46,7 @@ jobs: - name: Create Github Draft Release id: create_release - uses: actions/create-release@v1.0.0 + uses: actions/create-release@v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From d5cc47c431de904e747cd0b852e21f2b151426a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 08:10:33 -0400 Subject: [PATCH 14/24] dependabot: bump aws-actions/configure-aws-credentials from 1 to 2 (#3171) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 1 to 2.
Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v2

This tag tracks the latest v2.x.x release.

v1.7.0

See the changelog for details about the changes included in this release.

v1.6.1

See the changelog for details about the changes included in this release.

v1.6.0

See the changelog for details about the changes included in this release.

v1.5.11

See the changelog for details about the changes included in this release.

v1.5.10

See the changelog for details about the changes included in this release.

v1.5.9

See the changelog for details about the changes included in this release.

v1.5.8

See the changelog for details about the changes included in this release.

v1.5.7

See the changelog for details about the changes included in this release.

v1.5.6

See the changelog for details about the changes included in this release.

v1.5.5

See the changelog for details about the changes included in this release.

v1.5.4

See the changelog for details about the changes included in this release.

v1.5.3

See the changelog for details about the changes included in this release.

v1.5.2

See the changelog for details about the changes included in this release.

v1.5.1

See the changelog for details about the changes included in this release.

v1.5.0

See the changelog for details about the changes included in this release.

v1.4.4

See the changelog for details about the changes included in this release.

... (truncated)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/configure-aws-credentials&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/maven-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 1490e1d7f6..13a2b8a265 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -22,7 +22,7 @@ jobs: distribution: temurin # Temurin is a distribution of adoptium java-version: 11 - uses: actions/checkout@v3 - - uses: aws-actions/configure-aws-credentials@v1 + - uses: aws-actions/configure-aws-credentials@v2 with: role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }} aws-region: us-east-1 From 3ab1a8929080f345e2f89b9caaeff0bc4916d8fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 08:11:19 -0400 Subject: [PATCH 15/24] dependabot: bump actions/cache from 2 to 3 (#3170) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
Release notes

Sourced from actions/cache's releases.

v3.0.0

  • This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

  • Few dependencies and cache action usage examples have also been updated.

Updating actions/core to version 1.10.0

The ::save-state and ::set-output are deprecated. The newer version of actions/core >1.10.0 uses the new syntax for save and set output. After this change, customers using actions/cache@v2 won't see deprecation warning message.

v2.1.7

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

  • Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

v2.1.5

  • Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

v2.1.4

  • Make caching more verbose #650
  • Use GNU tar on macOS if available #701

v2.1.3

  • Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
  • Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

v2.1.2

  • Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
  • No-op when executing on GHES

v2.1.1

  • Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

v2.1.0

  • Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
  • Display download progress and speed
Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

  • Updated minimum runner version support from node 12 -> node 16

3.0.1

  • Added support for caching from GHES 3.5.
  • Fixed download issue for files > 2GB during restore.

3.0.2

  • Added support for dynamic cache size cap on GHES.

3.0.3

  • Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

  • Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

  • Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

  • Fixed #809 - zstd -d: no such file or directory error
  • Fixed #833 - cache doesn't work with github workspace directory

3.0.7

  • Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

  • Fix zstd not working for windows on gnu tar in issues #888 and #891.
  • Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

  • Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

  • Fix a bug with sorting inputs.
  • Update definition for restore-keys in README.md

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 8c7255347f..5c57b2b35e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v2 - name: Cache Gradle packages - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/.gradle/caches From 4af12a4e4e3eecb78352c2ac6c3bf79e9b05a2ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 08:11:53 -0400 Subject: [PATCH 16/24] dependabot: bump com.netflix.nebula.ospackage from 11.3.0 to 11.4.0 (#3168) Bumps com.netflix.nebula.ospackage from 11.3.0 to 11.4.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.netflix.nebula.ospackage&package-manager=gradle&previous-version=11.3.0&new-version=11.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 815d3aa840..399e13dd2d 100644 --- a/build.gradle +++ b/build.gradle @@ -63,7 +63,7 @@ plugins { id 'maven-publish' id 'com.diffplug.spotless' version '6.20.0' id 'checkstyle' - id 'com.netflix.nebula.ospackage' version "11.3.0" + id 'com.netflix.nebula.ospackage' version "11.4.0" id "org.gradle.test-retry" version "1.5.4" id 'eclipse' id "com.github.spotbugs" version "5.0.14" From 8b3932f75ea95f6e62bcef47169e9eb6dd732455 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 08:12:21 -0400 Subject: [PATCH 17/24] dependabot: bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#3167) Bumps org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-lang3&package-manager=gradle&previous-version=3.12.0&new-version=3.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 399e13dd2d..5353c7f38e 100644 --- a/build.gradle +++ b/build.gradle @@ -578,7 +578,7 @@ dependencies { testImplementation "org.opensaml:opensaml-messaging-impl:${open_saml_version}" - implementation 'org.apache.commons:commons-lang3:3.12.0' + implementation 'org.apache.commons:commons-lang3:3.13.0' testImplementation "org.opensearch:common-utils:${common_utils_version}" testImplementation "org.opensearch.plugin:reindex-client:${opensearch_version}" testImplementation "org.opensearch:opensearch-ssl-config:${opensearch_version}" From 4593be78f7c9940a9ba45a5357b935e0c2c1d2b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 08:12:44 -0400 Subject: [PATCH 18/24] dependabot: bump org.springframework.retry:spring-retry from 1.3.3 to 1.3.4 (#3166) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.springframework.retry:spring-retry](https://github.com/spring-projects/spring-retry) from 1.3.3 to 1.3.4.
Release notes

Sourced from org.springframework.retry:spring-retry's releases.

v1.3.4

:lady_beetle: Bug Fixes

  • IllegalArgumentException when migrating from 1.3.1 to 1.3.2 and using class annotations #316
  • Pass evaluationContext when parsing expressions for CircuitBreaker properties #315
  • Allow composing @Retryable annotation with @AliasFor recover method #314
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.retry:spring-retry&package-manager=gradle&previous-version=1.3.3&new-version=1.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 5353c7f38e..f8f9b701ad 100644 --- a/build.gradle +++ b/build.gradle @@ -610,7 +610,7 @@ dependencies { // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.1.2' // Kafka test execution - testRuntimeOnly 'org.springframework.retry:spring-retry:1.3.3' + testRuntimeOnly 'org.springframework.retry:spring-retry:1.3.4' testRuntimeOnly ('org.springframework:spring-core:5.3.27') { exclude(group:'org.springframework', module: 'spring-jcl' ) } From 88b6d23f0c84d83f138cf1a61bbe0145d8dd007e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 14 Aug 2023 12:50:38 -0400 Subject: [PATCH 19/24] Fix Document GET with DLS terms query (#3136) ### Description Fixes an error on document retrieval for users that are mapped to roles with DLS rules including a terms query. The bug was introduced by a change in Lucene and reported on Slack [here](https://opensearch.slack.com/archives/C0539F41Z5X/p1690714779140659). This fix adds a test to catch an error like this at build time and assert the intended behavior. * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Bug fix ### Issues Resolved https://github.com/opensearch-project/security/issues/3088 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Craig Perkins --- .../configuration/DlsFlsFilterLeafReader.java | 2 +- .../security/dlic/dlsfls/DlsTest.java | 34 +++++++++++++++++++ .../security/test/helper/rest/RestHelper.java | 17 ++++++++++ src/test/resources/dlsfls/roles.yml | 9 +++++ src/test/resources/dlsfls/roles_mapping.yml | 4 +++ 5 files changed, 65 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/opensearch/security/configuration/DlsFlsFilterLeafReader.java b/src/main/java/org/opensearch/security/configuration/DlsFlsFilterLeafReader.java index 0966a3f3ac..84dc7f8c19 100644 --- a/src/main/java/org/opensearch/security/configuration/DlsFlsFilterLeafReader.java +++ b/src/main/java/org/opensearch/security/configuration/DlsFlsFilterLeafReader.java @@ -232,7 +232,7 @@ public DlsGetEvaluator(final Query dlsQuery, final LeafReader in, boolean applyD // https://github.com/apache/lucene-solr/blob/branch_6_3/lucene/misc/src/java/org/apache/lucene/index/PKIndexSplitter.java final IndexSearcher searcher = new IndexSearcher(DlsFlsFilterLeafReader.this); searcher.setQueryCache(null); - final Weight preserveWeight = searcher.createWeight(dlsQuery, ScoreMode.COMPLETE_NO_SCORES, 1f); + final Weight preserveWeight = searcher.rewrite(dlsQuery).createWeight(searcher, ScoreMode.COMPLETE_NO_SCORES, 1f); final int maxDoc = in.maxDoc(); final FixedBitSet bits = new FixedBitSet(maxDoc); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java index d43a804d47..e2badef14c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java @@ -35,6 +35,13 @@ protected void populateData(Client tc) { new IndexRequest("deals").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"amount\": 1500}", XContentType.JSON) ).actionGet(); + tc.index( + new IndexRequest("terms").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"foo\": \"bar\"}", XContentType.JSON) + ).actionGet(); + tc.index( + new IndexRequest("terms").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"foo\": \"baz\"}", XContentType.JSON) + ).actionGet(); + try { Thread.sleep(3000); } catch (InterruptedException e) { @@ -44,6 +51,7 @@ protected void populateData(Client tc) { System.out.println("q"); System.out.println(Strings.toString(XContentType.JSON, tc.search(new SearchRequest().indices(".opendistro_security")).actionGet())); tc.search(new SearchRequest().indices("deals")).actionGet(); + tc.search(new SearchRequest().indices("terms")).actionGet(); } @Test @@ -251,6 +259,32 @@ public void testDls() throws Exception { } + @Test + public void testDlsWithTermsQuery() throws Exception { + + setup(); + + HttpResponse res; + + Assert.assertEquals( + HttpStatus.SC_OK, + (res = rh.executeGetRequest("/terms/_search?pretty", encodeBasicHeader("dept_manager", "password"))).getStatusCode() + ); + Assert.assertEquals(res.getTextFromJsonBody("/hits/total/value"), "1"); + Assert.assertEquals(res.getTextFromJsonBody("/_shards/failed"), "0"); + + Assert.assertEquals( + HttpStatus.SC_OK, + (res = rh.executeGetRequest("/terms/_doc/0", encodeBasicHeader("dept_manager", "password"))).getStatusCode() + ); + Assert.assertEquals(res.getTextFromJsonBody("/_source/foo"), "bar"); + + Assert.assertEquals( + HttpStatus.SC_NOT_FOUND, + rh.executeGetRequest("/terms/_doc/1", encodeBasicHeader("dept_manager", "password")).getStatusCode() + ); + } + @Test public void testNonDls() throws Exception { diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 87ffa06da7..7eefd22273 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -45,6 +45,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.lang3.StringUtils; import org.apache.hc.client5.http.async.methods.SimpleHttpRequest; @@ -433,6 +434,22 @@ public boolean isJsonContentType() { return ct.contains("application/json"); } + public String getTextFromJsonBody(String jsonPointer) { + return getJsonNodeAt(jsonPointer).asText(); + } + + private JsonNode getJsonNodeAt(String jsonPointer) { + try { + return toJsonNode().at(jsonPointer); + } catch (IOException e) { + throw new IllegalArgumentException("Cound not convert response body to JSON node ", e); + } + } + + private JsonNode toJsonNode() throws JsonProcessingException, IOException { + return DefaultObjectMapper.objectMapper.readTree(getBody()); + } + public SimpleHttpResponse getInner() { return inner; } diff --git a/src/test/resources/dlsfls/roles.yml b/src/test/resources/dlsfls/roles.yml index c692f73ceb..185116e2bb 100644 --- a/src/test/resources/dlsfls/roles.yml +++ b/src/test/resources/dlsfls/roles.yml @@ -2482,3 +2482,12 @@ logs_index_with_dls: masked_fields: null allowed_actions: - "OPENDISTRO_SECURITY_READ" + +terms_index_with_dls: + index_permissions: + - index_patterns: + - "terms" + dls: "{ \"terms\": { \"foo\" : [\"bar\"] } }" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" diff --git a/src/test/resources/dlsfls/roles_mapping.yml b/src/test/resources/dlsfls/roles_mapping.yml index 27cf71c3bb..a37299908d 100644 --- a/src/test/resources/dlsfls/roles_mapping.yml +++ b/src/test/resources/dlsfls/roles_mapping.yml @@ -247,3 +247,7 @@ opendistro_security_mapped: logs_index_with_dls: users: - dept_manager + +terms_index_with_dls: + users: + - dept_manager From b943e1b17a7fc52f8c6e3789fac30dd61a4272c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Aug 2023 08:50:09 -0400 Subject: [PATCH 20/24] dependabot: bump codecov/codecov-action from 1 to 3 (#3172) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3.
Release notes

Sourced from codecov/codecov-action's releases.

v3.0.0

Breaking Changes

  • #689 Bump to node16 and small fixes

Features

  • #688 Incorporate gcov arguments for the Codecov uploader

Dependencies

  • #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
  • #603 [Snyk] Upgrade @​actions/core from 1.5.0 to 1.6.0
  • #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
  • #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
  • #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
  • #652 build(deps-dev): bump @​vercel/ncc from 0.30.0 to 0.33.3
  • #653 build(deps-dev): bump @​types/node from 16.11.21 to 17.0.18
  • #659 build(deps-dev): bump @​types/jest from 27.4.0 to 27.4.1
  • #667 build(deps): bump actions/checkout from 2 to 3
  • #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
  • #683 build(deps): bump minimist from 1.2.5 to 1.2.6
  • #685 build(deps): bump @​actions/github from 5.0.0 to 5.0.1
  • #681 build(deps-dev): bump @​types/node from 17.0.18 to 17.0.23
  • #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
  • #676 build(deps): bump @​actions/exec from 1.1.0 to 1.1.1
  • #675 build(deps): bump openpgp from 5.1.0 to 5.2.1

v2.1.0

2.1.0

Features

  • #515 Allow specifying version of Codecov uploader

Dependencies

  • #499 build(deps-dev): bump @​vercel/ncc from 0.29.0 to 0.30.0
  • #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
  • #514 build(deps-dev): bump @​types/node from 16.6.0 to 16.9.0

v2.0.3

2.0.3

Fixes

  • #464 Fix wrong link in the readme
  • #485 fix: Add override OS and linux default to platform

Dependencies

  • #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
  • #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
  • #465 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
  • #466 build(deps-dev): bump @​typescript-eslint/parser from 4.28.4 to 4.29.1
  • #468 build(deps-dev): bump @​types/jest from 26.0.24 to 27.0.0
  • #470 build(deps-dev): bump @​types/node from 16.4.0 to 16.6.0
  • #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
  • #473 build(deps-dev): bump @​types/jest from 27.0.0 to 27.0.1

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
  • #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
  • #895 build(deps): bump json5 from 2.2.1 to 2.2.3
  • #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
  • #900 build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.1
  • #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
  • #911 build(deps-dev): bump @​types/node from 16.11.40 to 18.13.0
  • #922 build(deps-dev): bump @​types/node from 18.13.0 to 18.14.0
  • #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
  • #927 build(deps-dev): bump @​types/node from 18.14.0 to 18.14.2
  • #933 build(deps-dev): bump @​types/node from 18.14.2 to 18.14.6
  • #937 build(deps-dev): bump @​types/node from 18.14.6 to 18.15.0
  • #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
  • #945 build(deps-dev): bump @​types/node from 18.15.0 to 18.15.5

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=1&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fcc1ffe7ac..536a7d7822 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,7 +60,7 @@ jobs: -x test - name: Coverage - uses: codecov/codecov-action@v1 + uses: codecov/codecov-action@v3 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./build/reports/jacoco/test/jacocoTestReport.xml From ea4b2e11c846cd84369a934670857f6e145be0b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Aug 2023 08:50:59 -0400 Subject: [PATCH 21/24] dependabot: bump net.minidev:accessors-smart from 2.4.7 to 2.5.0 (#3165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [net.minidev:accessors-smart](https://github.com/netplex/json-smart-v2) from 2.4.7 to 2.5.0.
Release notes

Sourced from net.minidev:accessors-smart's releases.

V 2.5.0

What's Changed

Full Changelog: https://github.com/netplex/json-smart-v2/compare/2.4.11...2.5.0

V 2.4.11

V 2.4.11 (2023-05-18)

  • Fix error in isWritable in accessor-smart. PR 147
  • Update json-smart dependency to use accessor-smart:2.4.11

What's Changed

New Contributors

Full Changelog: https://github.com/netplex/json-smart-v2/compare/2.4.10...2.4.11

V 2.4.10

What's Changed

New Contributors

Full Changelog: https://github.com/netplex/json-smart-v2/compare/2.4.9...2.4.10

V 2.4.9

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.minidev:accessors-smart&package-manager=gradle&previous-version=2.4.7&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f8f9b701ad..163b841849 100644 --- a/build.gradle +++ b/build.gradle @@ -515,7 +515,7 @@ dependencies { implementation "org.apache.kafka:kafka-clients:${kafka_version}" - runtimeOnly 'net.minidev:accessors-smart:2.4.7' + runtimeOnly 'net.minidev:accessors-smart:2.5.0' implementation("org.apache.cxf:cxf-rt-rs-security-jose:${apache_cxf_version}") { exclude(group: 'jakarta.activation', module: 'jakarta.activation-api') From 0b89858e1e2c5581159f97e8fc24f8bc17b548bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Aug 2023 09:37:43 -0400 Subject: [PATCH 22/24] dependabot: bump actions/checkout from 2 to 3 (#3169) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
Release notes

Sourced from actions/checkout's releases.

v3.0.0

  • Updated to the node16 runtime by default
    • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

v2.7.0

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v2.6.0...v2.7.0

v2.6.0

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v2.5.0...v2.6.0

v2.5.0

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.5.0

v2.4.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

v2.4.1

  • Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

  • Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

v2.3.3

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.2

v3.0.1

v3.0.0

v2.3.1

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/auto-release.yml | 2 +- .github/workflows/bwc-tests.yml | 4 ++-- .github/workflows/cd.yml | 2 +- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/code-hygiene.yml | 10 +++++----- .github/workflows/integration-tests.yml | 2 +- .github/workflows/plugin_install.yml | 2 +- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 4f37d6918f..835132d68f 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -21,7 +21,7 @@ jobs: - name: Get tag id: tag uses: dawidd6/action-get-tag@v1 - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: ncipollo/release-action@v1 with: github_token: ${{ steps.github_app_token.outputs.token }} diff --git a/.github/workflows/bwc-tests.yml b/.github/workflows/bwc-tests.yml index 4a378c3e7d..0a5e6786cb 100644 --- a/.github/workflows/bwc-tests.yml +++ b/.github/workflows/bwc-tests.yml @@ -13,7 +13,7 @@ jobs: java-version: 11 - name: Checkout Security Repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 - id: build-previous uses: ./.github/actions/run-bwc-suite @@ -32,7 +32,7 @@ jobs: java-version: 11 - name: Checkout Security Repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 - id: build-previous uses: ./.github/actions/run-bwc-suite diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 5c57b2b35e..152a75318c 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -20,7 +20,7 @@ jobs: java-version: 11 - name: Checkout security - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Gradle packages uses: actions/cache@v3 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 536a7d7822..795beb8d86 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: java-version: 17 - name: Checkout security - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Generate list of tasks id: set-matrix @@ -50,7 +50,7 @@ jobs: java-version: ${{ matrix.jdk }} - name: Checkout security - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Build and Test uses: gradle/gradle-build-action@v2 @@ -93,7 +93,7 @@ jobs: java-version: ${{ matrix.jdk }} - name: Checkout security - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Build and Test uses: gradle/gradle-build-action@v2 @@ -116,7 +116,7 @@ jobs: java-version: ${{ matrix.jdk }} - name: Checkout Security Repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 - id: build-previous uses: ./.github/actions/run-bwc-suite @@ -128,7 +128,7 @@ jobs: code-ql: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-java@v1 with: java-version: 11 @@ -141,7 +141,7 @@ jobs: build-artifact-names: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-java@v1 with: diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index 04590fc7fd..18c91f52e8 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -8,7 +8,7 @@ jobs: name: Check if all files end in newline steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Linelint uses: fernandrone/linelint@0.0.4 @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest name: Spotless scan steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-java@v2 with: @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest name: Checkstyle scan steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-java@v2 with: @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest name: Spotbugs scan steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-java@v2 with: @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest name: Check permissions orders steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - run: npm install yaml - name: Check permissions order diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index fff2f84650..93e86be650 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -20,7 +20,7 @@ jobs: distribution: temurin # Temurin is a distribution of adoptium java-version: ${{ matrix.jdk }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - run: OPENDISTRO_SECURITY_TEST_OPENSSL_OPT=true ./gradlew test diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml index 301c193e11..b850a4b4a7 100644 --- a/.github/workflows/plugin_install.yml +++ b/.github/workflows/plugin_install.yml @@ -22,7 +22,7 @@ jobs: java-version: ${{ matrix.jdk }} - name: Checkout Branch - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Assemble target plugin uses: gradle/gradle-build-action@v2 From 5e8f12ce5afe95f2f510cddf2a5b2cf50c076a66 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Tue, 15 Aug 2023 14:50:52 -0500 Subject: [PATCH 23/24] [Build Break] Disable gradlew build cache to ensure most up-to-date dependencies (#3186) Disable gradlew build cache to ensure most up-to-date dependencies We suspect that we are seeing the snapshot build of opensearch be cached in some circumstances and not cached in others that is creating a mix of build failures that are hard to interpret. Follow up issue to revisit and potentially renable this setting https://github.com/opensearch-project/security/issues/3185 Signed-off-by: Peter Nied --- .github/actions/create-bwc-build/action.yaml | 1 + .github/actions/run-bwc-suite/action.yaml | 1 + .github/workflows/ci.yml | 2 ++ .github/workflows/code-hygiene.yml | 3 +++ .github/workflows/plugin_install.yml | 2 ++ 5 files changed, 9 insertions(+) diff --git a/.github/actions/create-bwc-build/action.yaml b/.github/actions/create-bwc-build/action.yaml index a2bf324cdc..25a348bcc0 100644 --- a/.github/actions/create-bwc-build/action.yaml +++ b/.github/actions/create-bwc-build/action.yaml @@ -35,6 +35,7 @@ runs: - name: Build uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: assemble build-root-directory: ${{ inputs.plugin-branch }} diff --git a/.github/actions/run-bwc-suite/action.yaml b/.github/actions/run-bwc-suite/action.yaml index 4614872858..6771faddab 100644 --- a/.github/actions/run-bwc-suite/action.yaml +++ b/.github/actions/run-bwc-suite/action.yaml @@ -31,6 +31,7 @@ runs: - name: Run BWC tests uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: | bwcTestSuite -Dtests.security.manager=false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 795beb8d86..d5f2a0ed2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,6 +55,7 @@ jobs: - name: Build and Test uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: | ${{ matrix.gradle_task }} -Dbuild.snapshot=false -x test @@ -99,6 +100,7 @@ jobs: uses: gradle/gradle-build-action@v2 continue-on-error: true # Until retries are enable do not fail the workflow https://github.com/opensearch-project/security/issues/2184 with: + cache-disabled: true arguments: | integrationTest -Dbuild.snapshot=false diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index 18c91f52e8..f23b77fcbd 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -26,6 +26,7 @@ jobs: - uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: spotlessCheck checkstyle: @@ -41,6 +42,7 @@ jobs: - uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: checkstyleMain checkstyleTest spotbugs: @@ -56,6 +58,7 @@ jobs: - uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: spotbugsMain check-permissions-order: diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml index b850a4b4a7..f6e6db70a1 100644 --- a/.github/workflows/plugin_install.yml +++ b/.github/workflows/plugin_install.yml @@ -27,6 +27,7 @@ jobs: - name: Assemble target plugin uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: assemble # Move and rename the plugin for installation @@ -59,4 +60,5 @@ jobs: - name: Run sanity tests uses: gradle/gradle-build-action@v2 with: + cache-disabled: true arguments: integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="opensearch" -Dhttps=true -Duser=admin -Dpassword=admin From bd084c89baff0312a1b11b961e8b850b68e83829 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Wed, 16 Aug 2023 11:42:41 -0400 Subject: [PATCH 24/24] Add Integration Test to confirm Core Change to Fix Search template request Auth (#2921) Adds integration test to verify change in core, allowing proper authorization of search template request related to: #1678 ### Description [Describe what this change achieves] * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) * Why these changes are required? * What is the old behavior before changes and new behavior after changes? ### Issues Resolved [List any issues this PR will resolve] Is this a backport? If so, please add backport PR # and/or commits # ### Testing [Please provide details of testing done: unit testing, integration testing and manual testing] ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Derek Ho --- .../privileges/PrivilegesEvaluatorTest.java | 52 ++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index a896376d4d..9f9da4366c 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -17,6 +17,7 @@ import org.junit.Test; import org.junit.runner.RunWith; +import org.opensearch.script.mustache.MustacheModulePlugin; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.TestSecurityConfig.Role; import org.opensearch.test.framework.cluster.ClusterManager; @@ -44,10 +45,20 @@ public class PrivilegesEvaluatorTest { new Role("negated_regex_role").indexPermissions("read").on("/^[a-z].*/").clusterPermissions("cluster_composite_ops") ); + protected final static TestSecurityConfig.User SEARCH_TEMPLATE = new TestSecurityConfig.User("search_template_user").roles( + new Role("search_template_role").indexPermissions("read").on("services").clusterPermissions("cluster_composite_ops") + ); + + private String TEST_QUERY = + "{\"source\":{\"query\":{\"match\":{\"service\":\"{{service_name}}\"}}},\"params\":{\"service_name\":\"Oracle\"}}"; + + private String TEST_DOC = "{\"source\": {\"title\": \"Spirited Away\"}}"; + @ClassRule public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS) .authc(AUTHC_HTTPBASIC_INTERNAL) - .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX) + .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX, SEARCH_TEMPLATE, TestSecurityConfig.User.USER_ADMIN) + .plugin(MustacheModulePlugin.class) .build(); @Test @@ -68,4 +79,43 @@ public void testRegexPattern() throws Exception { } } + + @Test + public void testSearchTemplateRequestSuccess() { + // Insert doc into services index with admin user + try (TestRestClient client = cluster.getRestClient(TestSecurityConfig.User.USER_ADMIN)) { + TestRestClient.HttpResponse response = client.postJson("services/_doc", TEST_DOC); + assertThat(response.getStatusCode(), equalTo(HttpStatus.SC_CREATED)); + } + + try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) { + final String searchTemplateOnServicesIndex = "services/_search/template"; + final TestRestClient.HttpResponse searchTemplateOnAuthorizedIndexResponse = client.getWithJsonBody( + searchTemplateOnServicesIndex, + TEST_QUERY + ); + assertThat(searchTemplateOnAuthorizedIndexResponse.getStatusCode(), equalTo(HttpStatus.SC_OK)); + } + } + + @Test + public void testSearchTemplateRequestUnauthorizedIndex() { + try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) { + final String searchTemplateOnMoviesIndex = "movies/_search/template"; + final TestRestClient.HttpResponse searchTemplateOnUnauthorizedIndexResponse = client.getWithJsonBody( + searchTemplateOnMoviesIndex, + TEST_QUERY + ); + assertThat(searchTemplateOnUnauthorizedIndexResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN)); + } + } + + @Test + public void testSearchTemplateRequestUnauthorizedAllIndices() { + try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) { + final String searchTemplateOnAllIndices = "_search/template"; + final TestRestClient.HttpResponse searchOnAllIndicesResponse = client.getWithJsonBody(searchTemplateOnAllIndices, TEST_QUERY); + assertThat(searchOnAllIndicesResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN)); + } + } }