[PR] Bump github/codeql-action from 3.27.4 to 3.27.5 [cxf]
dependabot[bot] opened a new pull request, #2164: URL: https://github.com/apache/cxf/pull/2164 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. Release notes Sourced from https://github.com/github/codeql-action/releases";>github/codeql-action's releases. v3.27.5 CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. 3.27.5 - 19 Nov 2024 No user facing changes. See the full https://github.com/github/codeql-action/blob/v3.27.5/CHANGELOG.md";>CHANGELOG.md for more information. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] No user facing changes. 3.27.5 - 19 Nov 2024 No user facing changes. 3.27.4 - 14 Nov 2024 No user facing changes. 3.27.3 - 12 Nov 2024 No user facing changes. 3.27.2 - 12 Nov 2024 Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". https://redirect.github.com/github/codeql-action/pull/2590";>#2590 3.27.1 - 08 Nov 2024 The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. https://redirect.github.com/github/codeql-action/pull/2573";>#2573 Update default CodeQL bundle version to 2.19.3. https://redirect.github.com/github/codeql-action/pull/2576";>#2576 3.27.0 - 22 Oct 2024 Bump the minimum CodeQL bundle version to 2.14.6. https://redirect.github.com/github/codeql-action/pull/2549";>#2549 Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. https://redirect.github.com/github/codeql-action/pull/2557";>#2557 Update default CodeQL bundle version to 2.19.2. https://redirect.github.com/github/codeql-action/pull/2552";>#2552 3.26.13 - 14 Oct 2024 No user facing changes. 3.26.12 - 07 Oct 2024 Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. https://redirect.github.com/github/codeql-action/pull/2520";>#2520 If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 3.26.11 - 03 Oct 2024 ... (truncated) Commits https://github.com/github/codeql-action/commit/f09c1c0a94de965c15400f5634aa42fac8fb8f88";>f09c1c0 Merge pull request https://redirect.github.com/github/codeql-action/issues/2616";>#2616 from github/update-v3.27.5-a6c8729a5 https://github.com/github/codeql-action/commit/67b73eaba559c7e6913377065b0362ccbfc94e87";>67b73ea Update changelog for v3.27.5 https://github.com/github/codeql-action/commit/a6c8729a5d7573eb8d440e52a9645ce4db61d9
Re: CXF JAX-RS: working with multipart form-data
Hi Jean,
My apologies for the delay, took me a bit longer to find the time. So I've added
another test case to the existing pull request [1], that includes multipart and
bean validation, no issues and the validation works as expected. Could you help
me out and point what I am doing differently (one difference is that the CXF
tests
use Hibernate Validator under the hood but it should not matter I believe, in
any
case I will try to run the tests with the library you are using).
Thanks.
[1] https://github.com/apache/cxf/pull/2152
Best Regards,
Andriy Redko
> If I deactivate the bean validation feature in createMagdadocServer(...)
> it works.
> Some further questions:
> 1. Setting the target address when using WebClient directly
>
> Currently I create my client using JAXRSClientFactoryBean refereincing my
> service class as follows ( is either my service interface class or
> some interface extending on it):
> protected synchronized PT getApiProxy() {
> if (apiProxy == null) {
> //Get the base address of the service endpoint
> String baseAddress =
> Configuration.getInstance().getItem("magdadocumentendienst.service.base.ur
> i");
> apiProxy = getThreadsafeProxy(baseAddress);
> }
> return apiProxy;
> }
> private PT getThreadsafeProxy(String baseAddress) {
> JacksonJsonProvider jjProvider = new
> JacksonJsonProvider(new CustomObjectMapper());
> List providers = Arrays.asList(new
> MultipartProvider(), jjProvider);
>
> final JAXRSClientFactoryBean factory = new
> JAXRSClientFactoryBean();
> factory.setAddress(baseAddress);
>
> factory.setServiceClass(getPTClass());
> factory.setProviders(providers);
> factory.setThreadSafe(true);
>
> //only for testing the sending of attachments as
> multipart/form-data
> LoggingFeature feature = new LoggingFeature();
> feature.setLogMultipart(true);
> feature.setLogBinary(true);
> feature.setLimit(128*1000);
>
> feature.addBinaryContentMediaTypes(MediaType.APPLICATION_OCTET_STREAM);
> feature.addBinaryContentMediaTypes("application/pdf");
> factory.setFeatures(Arrays.asList(feature));
> PT api = (PT) factory.create(getPTClass());
> ClientConfiguration config = WebClient.getConfig(api);
> addTLSClientParameters(config.getHttpConduit());
> return api;
> }
> When invoking a method on it (e.g. getApiProxy().createMessage(...)) it is
> handled by cxf the class ClientProxyImpl. This uses the method signature
> and all annotated 'path' declarations to determine the target address.
> This doesn't happen when I invoke the call through a WebClient, e.g. (as
> to your suggestion):
> MultipartBody body = new
> MultipartBody(attachments,MediaType.MULTIPART_FORM_DATA_TYPE,false);
> WebClient wc = WebClient.fromClient(client)
> .path("/messages")
> .accept(MediaType.APPLICATION_JSON_TYPE);
> return
> wc.post(Entity.entity(body,MediaType.MULTIPART_FORM_DATA_TYPE));
> Here I have to set the path manually. Is there a way to construct it
> similar to what ClientProxyImpl does?
> 2.Bean validation
> ==
> I guess there are different bean validation frameworks/libraries. I'd like
> to keep bean validation active any suggestions on how to
> resolve/circumvent this issue, e.g.:
> - using another bean validation library
> - disabling validation for a specific method (is this possible?)
> -
> Regards,
> J.P. Urkens
> -Oorspronkelijk bericht-
> Van: Jean Pierre URKENS
> Verzonden: maandag 18 november 2024 10:20
> Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
>
> Onderwerp: RE: CXF JAX-RS: working with multipart form-data
> Validation is done using apache library bval-jsr-2.0.5.jar. So this might
> be well out-of-scope of CXF.
> -Oorspronkelijk bericht-
> Van: Jean Pierre URKENS
> Verzonden: maandag 18 november 2024 10:02
> Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
>
> Onderwerp: RE: CXF JAX-RS: working with multipart form-data
> Hi Andriy,
> Thanks for the example. I tried something similar last week but since my
> method was annotated with @Parameter(required=true,schema =
> @Schema(implementation=MessageToSend.class)) request parameter validation
> failed on the server side (see server trace below).
> I have a JAXRSBeanValidationInInterceptor provider active at the server
> side and somehow matching the multipart request body to the method
> signature fails.
> So does it mean that va
[PR] Bump org.jboss.ws.cxf:jbossws-cxf-client from 7.2.0.Final to 7.3.0.Final [cxf]
dependabot[bot] opened a new pull request, #2166: URL: https://github.com/apache/cxf/pull/2166 Bumps org.jboss.ws.cxf:jbossws-cxf-client from 7.2.0.Final to 7.3.0.Final. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump com.googlecode.maven-download-plugin:download-maven-plugin from 1.11.2 to 1.13.0 [cxf]
dependabot[bot] opened a new pull request, #2165: URL: https://github.com/apache/cxf/pull/2165 Bumps [com.googlecode.maven-download-plugin:download-maven-plugin](https://github.com/download-maven-plugin/download-maven-plugin) from 1.11.2 to 1.13.0. Release notes Sourced from https://github.com/download-maven-plugin/download-maven-plugin/releases";>com.googlecode.maven-download-plugin:download-maven-plugin's releases. 1.13.0 What's Changed https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/223";>#223 An option to set executable permission on downloaded file by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/304";>download-maven-plugin/download-maven-plugin#304 Full Changelog: https://github.com/download-maven-plugin/download-maven-plugin/compare/1.12.1...1.13.0";>https://github.com/download-maven-plugin/download-maven-plugin/compare/1.12.1...1.13.0 1.12.1 What's Changed https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/302";>#302 Avoid XmlStreamReader class not found on password decryption by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/303";>download-maven-plugin/download-maven-plugin#303 Full Changelog: https://github.com/download-maven-plugin/download-maven-plugin/compare/1.12.0...1.12.1";>https://github.com/download-maven-plugin/download-maven-plugin/compare/1.12.0...1.12.1 1.12.0 - Rename Github project (repo and organization) What's Changed https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/289";>#289 Introduce checkstyle and fix some violations by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/290";>download-maven-plugin/download-maven-plugin#290 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/291";>#291 Fix checkstyle violations (part 2) by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/292";>download-maven-plugin/download-maven-plugin#292 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/293";>#293 Fix checkstyle violations (part 3) by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/294";>download-maven-plugin/download-maven-plugin#294 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/295";>#295 Fix checkstyle violations (part 4) by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/296";>download-maven-plugin/download-maven-plugin#296 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/297";>#297 Introduce dependency checks by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/298";>download-maven-plugin/download-maven-plugin#298 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/248";>#248 Rename project according to Github org and repo renaming by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/299";>download-maven-plugin/download-maven-plugin#299 https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/300";>#300 Remove https://github.com/checkstyle";>@checkstyle tags by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/download-maven-plugin/download-maven-plugin/pull/301";>download-maven-plugin/download-maven-plugin#301 Full Changelog: https://github.com/download-maven-plugin/download-maven-plugin/compare/1.11.5...1.12.0";>https://github.com/download-maven-plugin/download-maven-plugin/compare/1.11.5...1.12.0 1.11.5 What's Changed https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/264";>#264 Turn back support of encrypted passwords in maven settings.xml by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/maven-download-plugin/maven-download-plugin/pull/288";>maven-download-plugin/maven-download-plugin#288 Full Changelog: https://github.com/maven-download-plugin/maven-download-plugin/compare/1.11.3...1.11.5";>https://github.com/maven-download-plugin/maven-download-plugin/compare/1.11.3...1.11.5 1.11.3 What's Changed https://redirect.github.com/download-maven-plugin/download-maven-plugin/issues/286";>#286 Turn back java 8 plugin compatibility by https://github.com/longtimeago";>@longtimeago in https://redirect.github.com/maven-download-plugin/maven-download-plugin/pull/287";>maven-download-plugin/maven
Re: [PR] CXF-9082: Allow to modify sensitive header list [cxf]
reta merged PR #2150: URL: https://github.com/apache/cxf/pull/2150 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
