Merge master 2024-06-10 #963

lukaszlenart · 2024-06-10T05:38:07Z

Merge master branch into Struts 7 branch

Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M6 to 3.2.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.0.0-M6...surefire-3.2.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `asm.version` from 9.6 to 9.7. Updates `org.ow2.asm:asm` from 9.6 to 9.7 Updates `org.ow2.asm:asm-commons` from 9.6 to 9.7 --- updated-dependencies: - dependency-name: org.ow2.asm:asm dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.ow2.asm:asm-commons dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.2 to 3.25.3. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.25.2...assertj-build-3.25.3) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Previously, it was impossible to set global options for the CSP interceptor. The only options was to have every action individually implement CspSettingsAware. To fix this, we add an interceptor parameter of defaultCspSettingsClassName. Values from this class will be used in the CSP header instead of DefaultCspSettings. Users may define their own custom class which implements CspSettings, and that will be the default for all actions that do not implement the CspSettingsAware interface. It is now possible to create this custom class by simply extending DefaultCspSettings. I have fixed a spelling error in DefaultCspSettings.java -- cratePolicyFormat renamed to createPolicyFormat.

…rtj-core-3.25.3 Bump org.assertj:assertj-core from 3.25.2 to 3.25.3

Bumps [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) from 2.16.1 to 2.16.2. - [Release notes](https://github.com/mojohaus/versions/releases) - [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md) - [Commits](mojohaus/versions@2.16.1...2.16.2) --- updated-dependencies: - dependency-name: org.codehaus.mojo:versions-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...1746f4a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…/upload-artifact-4.3.2 Bump actions/upload-artifact from 4.3.1 to 4.3.2

…o-versions-maven-plugin-2.16.2 Bump org.codehaus.mojo:versions-maven-plugin from 2.16.1 to 2.16.2

Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](mojohaus/exec-maven-plugin@exec-maven-plugin-3.1.0...3.2.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1746f4a...6546280) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…o-exec-maven-plugin-3.2.0 Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0

…/upload-artifact-4.3.3 Bump actions/upload-artifact from 4.3.2 to 4.3.3

WW-5421 Bump asm.version from 9.6 to 9.7

….plugins-maven-failsafe-plugin-3.2.5 Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.0.0-M6 to 3.2.5

WW-5420 Upgrades commons-text to ver. 1.12.0

[WW-5419] Fixes support for loading Tiles definitions

WW-5400 Extend default configuration options for the CSP interceptor.

Bumps [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.3.0 to 3.3.1. - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.0...maven-source-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `slf4j.version` from 2.0.12 to 2.0.13. Updates `org.slf4j:slf4j-api` from 2.0.12 to 2.0.13 Updates `org.slf4j:slf4j-simple` from 2.0.12 to 2.0.13 --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [org.apache.maven.plugins:maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.0.0 to 3.5.0. - [Commits](apache/maven-project-info-reports-plugin@maven-project-info-reports-plugin-3.0.0...maven-project-info-reports-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

….plugins-maven-source-plugin-3.3.1 Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1

This option doesn't play with Silence Consensus

Bumps [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.6.0 to 3.7.1. - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.6.0...maven-assembly-plugin-3.7.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps org.freemarker:freemarker from 2.3.32 to 2.3.33. --- updated-dependencies: - dependency-name: org.freemarker:freemarker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

….plugins-maven-assembly-plugin-3.7.1 Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1

…reemarker-2.3.33 WW-5426 Bump org.freemarker:freemarker from 2.3.32 to 2.3.33

[WW-5424] Fixes ClassCastException when using short var name in s:set tag

Disables required reviewers option

[WW-5412] Upgrades struts-master to ver 15

Co-authored-by: Kusal Kithul-Godage <[email protected]>

Bumps org.apache.commons:commons-compress from 1.26.0 to 1.26.2. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 8.4.2 to 9.2.0. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v8.4.2...v9.2.0) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

…ns-commons-compress-1.26.2 Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.2

…ency-check-maven-9.2.0 Bump org.owasp:dependency-check-maven from 8.4.2 to 9.2.0

WW-5400 Simplifies how CspSettings is created

WW-5250 Addresses TODO in test and stops using Mock Objects

sonarcloud · 2024-06-10T05:44:07Z

Quality Gate passed

Issues
9 New issues
0 Accepted issues

Measures
0 Security Hotspots
91.4% Coverage on New Code
0.6% Duplication on New Code

See analysis details on SonarCloud

dependabot bot and others added 30 commits April 8, 2024 01:20

WW-5400 Better toString formatting

0151bde

WW-5400 Added @SInCE Struts 6.5.0 to new properties as requested

6ac8b04

Merge pull request #909 from apache/dependabot/maven/org.assertj-asse…

efdaf7e

…rtj-core-3.25.3 Bump org.assertj:assertj-core from 3.25.2 to 3.25.3

Merge pull request #923 from apache/dependabot/github_actions/actions…

eca5b21

…/upload-artifact-4.3.2 Bump actions/upload-artifact from 4.3.1 to 4.3.2

Merge pull request #922 from apache/dependabot/maven/org.codehaus.moj…

3cde668

…o-versions-maven-plugin-2.16.2 Bump org.codehaus.mojo:versions-maven-plugin from 2.16.1 to 2.16.2

WW-5419 Fixes support for loading Tiles definitions

a88cb74

WW-5420 Upgrades commons-text to ver. 1.12.0

36275b9

Merge pull request #925 from apache/dependabot/maven/org.codehaus.moj…

5cd9356

…o-exec-maven-plugin-3.2.0 Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0

Merge pull request #926 from apache/dependabot/github_actions/actions…

ed3786c

…/upload-artifact-4.3.3 Bump actions/upload-artifact from 4.3.2 to 4.3.3

Merge pull request #907 from apache/dependabot/maven/asm.version-9.7

3ed212a

WW-5421 Bump asm.version from 9.6 to 9.7

Merge pull request #905 from apache/dependabot/maven/org.apache.maven…

f2e93d0

….plugins-maven-failsafe-plugin-3.2.5 Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.0.0-M6 to 3.2.5

Merge pull request #924 from apache/feature/WW-5420-text

c0d1217

WW-5420 Upgrades commons-text to ver. 1.12.0

Merge pull request #920 from apache/fix/WW-5419-tiles

49b8eed

[WW-5419] Fixes support for loading Tiles definitions

Merge pull request #913 from eschulma/master

649760d

WW-5400 Extend default configuration options for the CSP interceptor.

WW-5414 Always call afterInvocation even in case of exception

4dfbe09

WW-5415 Fixes accessing public constructors via expression

b36e88f

WW-5415 Constructor members should be exempted as static members

7c523ac

Merge pull request #934 from apache/dependabot/maven/org.apache.maven…

f338fda

….plugins-maven-source-plugin-3.3.1 Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1

lukaszlenart and others added 20 commits June 2, 2024 13:53

WW-5424 Fixes ClassCastException when using short var name in s:set tag

4a8ff99

Disables required reviewers option

00752e3

This option doesn't play with Silence Consensus

WW-5412 Upgrades struts-master to ver 15

855b95e

Merge pull request #950 from apache/dependabot/maven/org.apache.maven…

f6b25ac

….plugins-maven-assembly-plugin-3.7.1 Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1

Merge pull request #953 from apache/dependabot/maven/org.freemarker-f…

ee040ba

…reemarker-2.3.33 WW-5426 Bump org.freemarker:freemarker from 2.3.32 to 2.3.33

Merge pull request #946 from apache/fix/WW-5424-class-cast-exception

0cdce05

[WW-5424] Fixes ClassCastException when using short var name in s:set tag

Merge pull request #947 from apache/fix/no-reviewers-required

a25173f

Disables required reviewers option

Merge pull request #948 from apache/feature/WW-5412-master

dcaff0b

[WW-5412] Upgrades struts-master to ver 15

WW-5400 Simplifies how CspSettings is created

3a6ad5a

Removes duplication

4a05653

Co-authored-by: Kusal Kithul-Godage <[email protected]>

WW-5250 Addresses TODO in test and stops using Mock Objects

03db4f1

Merge pull request #961 from apache/dependabot/maven/org.apache.commo…

de2a8d9

…ns-commons-compress-1.26.2 Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.2

Merge pull request #962 from apache/dependabot/maven/org.owasp-depend…

cabc076

…ency-check-maven-9.2.0 Bump org.owasp:dependency-check-maven from 8.4.2 to 9.2.0

Merge pull request #956 from apache/feature/WW-5400-refactor

cf34f0d

WW-5400 Simplifies how CspSettings is created

Merge pull request #957 from apache/fix/WW-5250-todo

444e4d4

WW-5250 Addresses TODO in test and stops using Mock Objects

Merge branch 'master' into merge/master-2024-06-10

28ea6d0

lukaszlenart requested review from rgielen, aleksandr-m, yasserzamani, sdutry, cnenning and kusalk June 10, 2024 05:38

kusalk approved these changes Jun 10, 2024

View reviewed changes

lukaszlenart merged commit d1d02c1 into release/struts-7-0-x Jun 12, 2024
7 checks passed

lukaszlenart deleted the merge/master-2024-06-10 branch June 12, 2024 05:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge master 2024-06-10 #963

Merge master 2024-06-10 #963

lukaszlenart commented Jun 10, 2024

sonarcloud bot commented Jun 10, 2024

Merge master 2024-06-10 #963

Merge master 2024-06-10 #963

Conversation

lukaszlenart commented Jun 10, 2024

sonarcloud bot commented Jun 10, 2024

Quality Gate passed