Pull upstream by willdollman · Pull Request #3 · sourcegraph/s3proxy

willdollman · 2023-06-21T15:09:39Z

Pull changes from upstream repo to fix vulns

Test plan

Vulnerability scanning using grype
Basic functionality testing of application
CI tests

Release notes: https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md#473---2022-10-15

Bumps [maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 3.2.2 to 3.3.0. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.2.2...maven-jar-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-resources-plugin](https://github.com/apache/maven-resources-plugin) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.2.0...maven-resources-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.4.1...maven-assembly-plugin-3.4.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

These are not needed and generate deprecation warnings.

Release notes: https://github.com/google/error-prone/releases/tag/v2.16

Bumps [jetty-servlet](https://github.com/eclipse/jetty.project) from 11.0.11 to 11.0.13. - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-11.0.11...jetty-11.0.13) --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-servlet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.3.0 to 3.4.1. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.3.0...maven-shade-plugin-3.4.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.1.2 to 3.2.0. - [Release notes](https://github.com/apache/maven-checkstyle-plugin/releases) - [Commits](apache/maven-checkstyle-plugin@maven-checkstyle-plugin-3.1.2...maven-checkstyle-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `slf4j.version` from 1.7.36 to 2.0.6. Updates `slf4j-api` from 1.7.36 to 2.0.6 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.6) Updates `jcl-over-slf4j` from 1.7.36 to 2.0.6 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.6) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.slf4j:jcl-over-slf4j dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.2.11 to 1.4.5. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.2.11...v_1.4.5) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.4.0...maven-javadoc-plugin-3.4.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-install-plugin](https://github.com/apache/maven-install-plugin) from 3.0.1 to 3.1.0. - [Release notes](https://github.com/apache/maven-install-plugin/releases) - [Commits](apache/maven-install-plugin@maven-install-plugin-3.0.1...maven-install-plugin-3.1.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-install-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Shuffle some test teardown methods to satisfy newer testng. References gaul#473.

Bumps assertj-core from 3.23.1 to 3.24.2. --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/apache/maven-checkstyle-plugin/releases) - [Commits](apache/maven-checkstyle-plugin@maven-checkstyle-plugin-3.2.0...maven-checkstyle-plugin-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.1.0 to 3.2.1. - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.1.0...enforcer-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps commons-fileupload from 1.4 to 1.5. --- updated-dependencies: - dependency-name: commons-fileupload:commons-fileupload dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-deploy-plugin](https://github.com/apache/maven-deploy-plugin) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/apache/maven-deploy-plugin/releases) - [Commits](apache/maven-deploy-plugin@maven-deploy-plugin-3.0.0...maven-deploy-plugin-3.1.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-deploy-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `surefire.version` from 3.0.0-M8 to 3.0.0-M9. Updates `surefire-junit47` from 3.0.0-M8 to 3.0.0-M9 Updates `surefire-testng` from 3.0.0-M8 to 3.0.0-M9 Updates `surefire-junit-platform` from 3.0.0-M8 to 3.0.0-M9 Updates `maven-surefire-plugin` from 3.0.0-M8 to 3.0.0-M9 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.0.0-M8...surefire-3.0.0-M9) --- updated-dependencies: - dependency-name: org.apache.maven.surefire:surefire-junit47 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.surefire:surefire-testng dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.surefire:surefire-junit-platform dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.10.1 to 3.11.0. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.10.1...maven-compiler-plugin-3.11.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.4.2 to 3.5.0. - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.4.2...maven-assembly-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [jetty-servlet](https://github.com/eclipse/jetty.project) from 11.0.13 to 11.0.14. - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-11.0.13...jetty-11.0.14) --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-servlet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.4.5 to 1.4.6. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.4.5...v_1.4.6) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-install-plugin](https://github.com/apache/maven-install-plugin) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/apache/maven-install-plugin/releases) - [Commits](apache/maven-install-plugin@maven-install-plugin-3.1.0...maven-install-plugin-3.1.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-install-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.4.1...maven-javadoc-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `surefire.version` from 3.0.0-M9 to 3.0.0. Updates `surefire-junit47` from 3.0.0-M9 to 3.0.0 Updates `surefire-testng` from 3.0.0-M9 to 3.0.0 Updates `surefire-junit-platform` from 3.0.0-M9 to 3.0.0 Updates `maven-surefire-plugin` from 3.0.0-M9 to 3.0.0 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.0.0-M9...surefire-3.0.0) --- updated-dependencies: - dependency-name: org.apache.maven.surefire:surefire-junit47 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.surefire:surefire-testng dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.surefire:surefire-junit-platform dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps `slf4j.version` from 2.0.6 to 2.0.7. Updates `slf4j-api` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_2.0.6...v_2.0.7) Updates `jcl-over-slf4j` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_2.0.6...v_2.0.7) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.slf4j:jcl-over-slf4j dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

References gaul#479.

Bumps [jetty-servlet](https://github.com/eclipse/jetty.project) from 11.0.14 to 11.0.15. - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-11.0.14...jetty-11.0.15) --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-servlet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.4.6 to 1.4.7. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.4.6...v_1.4.7) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Fixes gaul#479.

Fixes gaul#497.

gaul and others added 30 commits December 23, 2022 15:03

Upgrade spotbugs to 4.7.3

68237a1

Release notes: https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md#473---2022-10-15

Suppress spurious md5 deprecation warnings

81e8854

Remove unneeded AliasBlobStore directory methods

b72a6fe

These are not needed and generate deprecation warnings.

Upgrade to error-prone 2.16

302e205

Release notes: https://github.com/google/error-prone/releases/tag/v2.16

Configure Dependabot for monthly notifications

65725c4

Upgrade to jclouds 2.6.0-SNAPSHOT

222f479

Shuffle some test teardown methods to satisfy newer testng. References gaul#473.

Bump assertj-core from 3.23.1 to 3.24.2

7ca3b80

Bumps assertj-core from 3.23.1 to 3.24.2. --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bump commons-fileupload from 1.4 to 1.5

7624ffa

Bumps commons-fileupload from 1.4 to 1.5. --- updated-dependencies: - dependency-name: commons-fileupload:commons-fileupload dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Add S3PROXY_JAVA_OPTS environment variable

2f941aa

dependabot Bot and others added 15 commits April 2, 2023 09:00

Configure Keystore through environment variables

52d942d

Fix variable typo

b8d285d

Configure Secure Endpoint with environment variable

bc607d6

Set default non chunked request size value

d42e42c

Expose 443 port for TLS/secure endpoint feature

ef94f39

Improve TLS Support documentation

755456e

Align SSL/TLS terminology

f84bec3

Update s3-tests submodule

886eb53

References gaul#479.

Update s3-tests

5996114

Fixes gaul#479.

Add and ignore x-amz-api-version

99c1486

Fixes gaul#497.

Cleanup the build workflow

e7dc97a

Merge remote-tracking branch 'upstream/master'

1afa8cc

willdollman merged commit 36c5d36 into master Jun 21, 2023

willdollman deleted the will/pull-upstream branch June 21, 2023 15:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pull upstream#3

Pull upstream#3
willdollman merged 45 commits into
masterfrom
will/pull-upstream

willdollman commented Jun 21, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

willdollman commented Jun 21, 2023

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants