Request for Apache CXF 3.5.9 release timelines

[somasani nikhil]

HI Team,

We have recently figured out a critical security vulnerability for
spring-framework that is embedded within CXF package - the same has been
addressed via ticket https://issues.apache.org/jira/browse/CXF-9016 which
is expected to be available in next release versions
3.5.9

, 4.1.0

, 4.0.5

, 3.6.4

Could you please provide any update (if possible) on the timelines for
these versions ? Particularly version 3.5.9 ?

Thank you in advance.

Regards,
Nikhil

Re: [PR] Bump github/codeql-action from 3.25.6 to 3.25.7 [cxf]

[via GitHub]

reta merged PR #1907:
URL: https://github.com/apache/cxf/pull/1907


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.apache.maven.plugins:maven-plugin-plugin from 3.13.0 to 3.13.1 [cxf]

[via GitHub]

reta merged PR #1909:
URL: https://github.com/apache/cxf/pull/1909


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 [cxf]

[via GitHub]

reta merged PR #1910:
URL: https://github.com/apache/cxf/pull/1910


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Request for Apache CXF 3.5.9 release timelines

[Andriy Redko]

Hi Nikhil,


Although dependencies in question were updated, there is no reason to wait for 
release: you could always provide dependency overrides for the ones affected 
using the build tool of your choice. Thank you.

Best Regards,
Andriy Redko


Monday, June 3, 2024, 5:52:50 AM, you wrote:

sn> HI Team,

sn> We have recently figured out a critical security vulnerability for
sn> spring-framework that is embedded within CXF package - the same has been
sn> addressed via ticket https://issues.apache.org/jira/browse/CXF-9016 which
sn> is expected to be available in next release versions
sn> 3.5.9
sn> 

sn> , 4.1.0
sn> 

sn> , 4.0.5
sn> 

sn> , 3.6.4
sn> 

sn> Could you please provide any update (if possible) on the timelines for
sn> these versions ? Particularly version 3.5.9 ?

sn> Thank you in advance.

sn> Regards,
sn> Nikhil

[PR] Bump github/codeql-action from 2.13.4 to 3.25.7 [cxf-fediz]

[via GitHub]

dependabot[bot] opened a new pull request, #282:
URL: https://github.com/apache/cxf-fediz/pull/282

   Bumps [github/codeql-action](https://github.com/github/codeql-action) from 
2.13.4 to 3.25.7.
   
   Release notes
   Sourced from https://github.com/github/codeql-action/releases";>github/codeql-action's 
releases.
   
   CodeQL Bundle v2.17.4
   Bundles CodeQL CLI v2.17.4
   
   (https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md";>changelog,
 https://github.com/github/codeql-cli-binaries/releases/tag/v2.17.4";>release)
   
   Includes the following CodeQL language packs from https://github.com/github/codeql/tree/codeql-cli/v2.17.4";>github/codeql@codeql-cli/v2.17.4:
   
   codeql/cpp-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/cpp/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/cpp/ql/src";>source)
   codeql/cpp-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/cpp/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/cpp/ql/lib";>source)
   codeql/csharp-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/csharp/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/csharp/ql/src";>source)
   codeql/csharp-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/csharp/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/csharp/ql/lib";>source)
   codeql/go-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/go/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/go/ql/src";>source)
   codeql/go-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/go/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/go/ql/lib";>source)
   codeql/java-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/java/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/java/ql/src";>source)
   codeql/java-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/java/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/java/ql/lib";>source)
   codeql/javascript-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/javascript/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/javascript/ql/src";>source)
   codeql/javascript-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/javascript/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/javascript/ql/lib";>source)
   codeql/python-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/python/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/python/ql/src";>source)
   codeql/python-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/python/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/python/ql/lib";>source)
   codeql/ruby-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/ruby/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/ruby/ql/src";>source)
   codeql/ruby-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/ruby/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/ruby/ql/lib";>source)
   codeql/swift-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/swift/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/swift/ql/src";>source)
   codeql/swift-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.4/swift/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.4/swift/ql/lib";>source)
   
   CodeQL Bundle v2.17.3
   Bundles CodeQL CLI v2.17.3
   
   (https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md";>changelog,
 https://github.com/github/codeql-cli-binaries/releases/tag/v2.17.3";>release)
   
   Includes the following CodeQL language packs from https://github.com/github/codeql/tree/codeql-cli/v2.17.3";>github/codeql@codeql-cli/v2.17.3:
   
   codeql/cpp-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.3/cpp/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.3/cpp/ql/src";>source)
   codeql/cpp-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.3/cpp/ql/lib/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.3/cpp/ql/lib";>source)
   codeql/csharp-queries (https://github.com/github/codeql/tree/codeql-cli/v2.17.3/csharp/ql/src/CHANGELOG.md";>changelog,
 https://github.com/github/codeql/tree/codeql-cli/v2.17.3/csharp/ql/src";>source)
   codeql/csharp-all (https://github.com/github/codeql/tree/codeql-cli/v2.17.3/csharp/ql/lib/CHANGELOG.md";>changelog,
 h

Re: [PR] Bump github/codeql-action from 2.13.4 to 3.25.6 [cxf-fediz]

[via GitHub]

dependabot[bot] closed pull request #281: Bump github/codeql-action from 2.13.4 
to 3.25.6
URL: https://github.com/apache/cxf-fediz/pull/281


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump github/codeql-action from 2.13.4 to 3.25.6 [cxf-fediz]

[via GitHub]

dependabot[bot] commented on PR #281:
URL: https://github.com/apache/cxf-fediz/pull/281#issuecomment-2145037127

   Superseded by #282.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Deprecate aegis databinding ?

[Matt Pavlovich]

Solving the map-of-maps or map of collections, often requires creation of 
custom data model classes that fit into the json/xml/xsd paradigms.

In xml, a map can be represented as a sequence of complex types that have a key 
and some other structure for a value (primitive or otherwise).


  

  
  


  
  




> On Apr 29, 2024, at 4:46 AM, Vassilis Virvilis 
>  wrote:
> 
> I am using it.
> 
> Although I plan to move to JAX-RS. However,  I can't be sure about the 
> scheduling...
> 
> Aegis is the simplest and most versatile databinding for java first 
> development in my opinion.
> 
> The others (jax-ws, jaxb and xmlbeans) never worked for me when I had to 
> transfer
> Map Of Maps or Map of Collections.
> 
> I just wanted to give you my one datapoint. I understand that the developers 
> will have to weigh
>  carrying around a databinding vs its existing usage vs the development 
> effort required.
> 
>Vassilis
> 
> On 4/22/24 6:06 AM, Jim Ma wrote:
>> Hi all,
>> I am not sure if it's the time to deprecate some old cxf things that no one
>> is using, so I write to get your thoughts/ideas here.
>> The first I can think of is aegis databinding. Is the aegis databinding
>> still used by CXF users ? Is it a good time to deprecate and remove in the
>> future release ?
>> 
>> Thanks,
>> Jim
>> 
> 
> -- 
> 
> __
> 
> Vassilis Virvilis Ph.D.
> Head of IT
> Biovista Inc.
> 
> Stay tuned
> www: http://www.biovista.com
> LinkedIn: https://www.linkedin.com/company/biovista
> Twitter: https://twitter.com/BiovistaInc/
>   Vizit https://twitter.com/BiovistaVizit/
> Facebook: https://www.facebook.com/biovistainc
>   Vizit (research): https://www.facebook.com/BiovistaVizit
> YouTube: https://www.youtube.com/user/BiovistaInc
> 
> --
> US Offices
> 2421 Ivy Road
> Charlottesville, VA 22903
> USA
> T: +1.434.971.1141
> F: +1.434.971.1144
> 
> European Offices
> 34 Rodopoleos Street
> Ellinikon, Athens 16777
> GREECE
> T: +30.210.9629848
> F: +30.210.9647606
> 
> Biovista is a privately held biotechnology company that finds novel uses for 
> existing drugs, and profiles their side effects using their mechanism of 
> action. Biovista develops its own pipeline of drugs in CNS, oncology, 
> auto-immune and rare diseases. Biovista is collaborating with 
> biopharmaceutical companies on indication expansion and de-risking of their 
> portfolios and with the FDA on adverse event prediction.
> 

Re: [PR] CXF-9009: Async operations fails (netty-conduit) [cxf]

[via GitHub]

reta merged PR #1868:
URL: https://github.com/apache/cxf/pull/1868


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 [cxf-xjc-utils]

[via GitHub]

dependabot[bot] opened a new pull request, #148:
URL: https://github.com/apache/cxf-xjc-utils/pull/148

   Bumps 
[org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin)
 from 3.6.3 to 3.7.0.
   
   Commits
   
   https://github.com/apache/maven-javadoc-plugin/commit/2c28b8d90ede19c28ae7b94d07ad0fbb6c23b720";>2c28b8d
 [maven-release-plugin] prepare release maven-javadoc-plugin-3.7.0
   https://github.com/apache/maven-javadoc-plugin/commit/5530d6801179f388db07a2f1f42e4dc9d06bf447";>5530d68
 [MJAVADOC-793] java.lang.NullPointerException: Cannot invoke 
"String.length()...
   https://github.com/apache/maven-javadoc-plugin/commit/08cf68e7d3e0a6ac2e1cae4a1336878e4f19dd2b";>08cf68e
 Revert "Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 
4.9.2"
   https://github.com/apache/maven-javadoc-plugin/commit/64468220d5d27d3d219c51baf55cdadfcb4fdd48";>6446822
 Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
   https://github.com/apache/maven-javadoc-plugin/commit/49c93adfc132f648dbdc8fe64a7043ec45ba0022";>49c93ad
 Bump org.assertj:assertj-core from 3.25.3 to 3.26.0
   https://github.com/apache/maven-javadoc-plugin/commit/4e720486ab401acfabc616b85a153126960b1370";>4e72048
 [MJAVADOC-795] Upgrade to Parent 42 and Maven 3.6.3
   https://github.com/apache/maven-javadoc-plugin/commit/b55dd967254813dcb51d19bb3c3667bc951590b4";>b55dd96
 Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2
   https://github.com/apache/maven-javadoc-plugin/commit/77ad41087057ae507d1d0e4c83420537b0db";>77ad410
 Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
   https://github.com/apache/maven-javadoc-plugin/commit/c21568ad451a622ed6ecefeb9f77d82a1a84bd2a";>c21568a
 Bump commons-io:commons-io from 2.16.0 to 2.16.1
   https://github.com/apache/maven-javadoc-plugin/commit/ded56a90d22dfb53ec99c03fdaf735fb62e1afd7";>ded56a9
 Exclude JDK 8 - temurin, adopt-openj9 on macos
   Additional commits viewable in https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.6.3...maven-javadoc-plugin-3.7.0";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-javadoc-plugin&package-manager=maven&previous-version=3.6.3&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump cxf.jetty.version from 12.0.9 to 12.0.10 [cxf]

[via GitHub]

dependabot[bot] opened a new pull request, #1912:
URL: https://github.com/apache/cxf/pull/1912

   Bumps `cxf.jetty.version` from 12.0.9 to 12.0.10.
   Updates `org.eclipse.jetty:jetty-server` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-server` from 
12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` 
from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-session` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-util` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-io` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-security` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-jmx` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-http` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.http2:jetty-http2-server` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-alpn-server` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-alpn-java-server` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.9 to 
12.0.10
   
   Updates `org.eclipse.jetty.http2:jetty-http2-client` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-alpn-java-client` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-jndi` from 12.0.9 to 12.0.10
   
   Updates `org.eclipse.jetty:jetty-client` from 12.0.9 to 12.0.10
   
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 [cxf-xjc-utils]

[via GitHub]

reta merged PR #148:
URL: https://github.com/apache/cxf-xjc-utils/pull/148


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [cxf]

[via GitHub]

dependabot[bot] opened a new pull request, #1913:
URL: https://github.com/apache/cxf/pull/1913

   Bumps org.hsqldb:hsqldb from 2.7.2 to 2.7.3.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.hsqldb:hsqldb&package-manager=maven&previous-version=2.7.2&new-version=2.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org