From a4caac0c82de9cd9dc909e3a852625ee276edb95 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 22 May 2023 17:46:55 -0300 Subject: [PATCH 01/35] Hash pin ci.yml --- .github/workflows/ci.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2457eded..740a6825 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,8 +16,8 @@ jobs: permissions: checks: write steps: - - uses: actions/checkout@v3 - - uses: actions/setup-java@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: distribution: 'temurin' java-version: ${{ matrix.java }} @@ -26,7 +26,7 @@ jobs: - name: Run Tests run: mvn --no-transfer-progress test - name: Publish Test Report - uses: mikepenz/action-junit-report@v3 + uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 if: ${{ !cancelled() }} with: report_paths: "**/target/surefire-reports/TEST*.xml" @@ -41,11 +41,11 @@ jobs: matrix: kcms: [ true, false ] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - run: | download_url="https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245038_d3c52aa6bfa54d3ca74e617f18309292" wget -O $RUNNER_TEMP/java_package.tar.gz $download_url - - uses: actions/setup-java@v3 + - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: distribution: 'jdkfile' jdkFile: ${{ runner.temp }}/java_package.tar.gz @@ -60,7 +60,7 @@ jobs: - name: Run Tests run: mvn --no-transfer-progress test - name: Publish Test Report - uses: mikepenz/action-junit-report@v3 + uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 if: ${{ !cancelled() }} with: report_paths: "**/target/surefire-reports/TEST*.xml" @@ -72,9 +72,9 @@ jobs: if: github.ref == 'refs/heads/master' # only perform on latest master runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Maven Central - uses: actions/setup-java@v3 + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: # running setup-java again overwrites the settings.xml distribution: 'temurin' java-version: '8' @@ -93,4 +93,4 @@ jobs: env: MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_USERNAME }} # must be the same env variable name as (1) MAVEN_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} # must be the same env variable name as (2) - MAVEN_CENTRAL_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} # must be the same env variable name as (3) \ No newline at end of file + MAVEN_CENTRAL_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} # must be the same env variable name as (3) From 8ddcbbd2b2e5b485455237ea085b4899cc393c0b Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 18:22:20 +0200 Subject: [PATCH 02/35] Create dependabot.yml --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..e1cd1a0a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + # Maven/Java library updates + - package-ecosystem: "maven" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" + # GitHub actions updates + - package-ecosystem: "github-actions" + directory: "/.github" + schedule: + interval: "daily" From 078425eed97a7e4e43f8ce3a00f733a3193488e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 16:22:44 +0000 Subject: [PATCH 03/35] Bump maven-surefire-plugin from 3.0.0-M5 to 3.1.0 Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M5 to 3.1.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M5...surefire-3.1.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 pom.xml diff --git a/pom.xml b/pom.xml old mode 100755 new mode 100644 index e2080e98..5bb7bebf --- a/pom.xml +++ b/pom.xml @@ -237,7 +237,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M5 + 3.1.0 From 829fbe7547de9bdf010ef89c97bc0313117d36e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 16:22:49 +0000 Subject: [PATCH 04/35] Bump maven-source-plugin from 3.2.1 to 3.3.0 Bumps [maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.2.1 to 3.3.0. - [Commits](https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-3.2.1...maven-source-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 pom.xml diff --git a/pom.xml b/pom.xml old mode 100755 new mode 100644 index e2080e98..8417142d --- a/pom.xml +++ b/pom.xml @@ -167,7 +167,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + 3.3.0 package From 2bbcd887983ccc5e92fdd782ace8b81641d120d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 16:22:53 +0000 Subject: [PATCH 05/35] Bump maven-compiler-plugin from 3.8.1 to 3.11.0 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.11.0. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.11.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 pom.xml diff --git a/pom.xml b/pom.xml old mode 100755 new mode 100644 index e2080e98..8d04a853 --- a/pom.xml +++ b/pom.xml @@ -222,7 +222,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.1 + 3.11.0 true 1.7 From 77c81a06bcc72cf9c73d2140edafe56fae16e093 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 16:22:56 +0000 Subject: [PATCH 06/35] Bump maven-release-plugin from 3.0.0-M4 to 3.0.0 Bumps [maven-release-plugin](https://github.com/apache/maven-release) from 3.0.0-M4 to 3.0.0. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.0.0-M4...maven-release-3.0.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 pom.xml diff --git a/pom.xml b/pom.xml old mode 100755 new mode 100644 index e2080e98..b4e76205 --- a/pom.xml +++ b/pom.xml @@ -250,7 +250,7 @@ org.apache.maven.plugins maven-release-plugin - 3.0.0-M4 + 3.0.0 true release From 0ae2c2f01dc9a2458ec810140d03399b4d95608d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 16:23:01 +0000 Subject: [PATCH 07/35] Bump maven-surefire-report-plugin from 3.0.0-M5 to 3.1.0 Bumps [maven-surefire-report-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M5 to 3.1.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M5...surefire-3.1.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-report-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 pom.xml diff --git a/pom.xml b/pom.xml old mode 100755 new mode 100644 index e2080e98..3cb27e0e --- a/pom.xml +++ b/pom.xml @@ -272,7 +272,7 @@ org.apache.maven.plugins maven-surefire-report-plugin - 3.0.0-M5 + 3.1.0 org.codehaus.mojo From f74e8c8ba1b8d94b3fab00fecb0386942cc96024 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 18:48:15 +0200 Subject: [PATCH 08/35] Stop dependabot causing double workflow runs. --- .github/workflows/ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 740a6825..8f4328b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,12 @@ name: CI -on: [ push, pull_request ] +on: + push: + branches: + - '**' + - '!dependabot/**' + pull_request: + branches: [ 'master' ] permissions: read-all From 9715f4e74c4355044b175588f07798404187e2fe Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 20:04:16 +0200 Subject: [PATCH 09/35] Attempt to fix problem with upgraded maven source plugin. --- servlet/pom.xml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/servlet/pom.xml b/servlet/pom.xml index 756b8b45..64ee8f6c 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -36,10 +36,6 @@ - - maven-source-plugin - - maven-resources-plugin @@ -62,6 +58,7 @@ + org.apache.maven.plugins maven-shade-plugin From 81b358b37790e598be3371f9af04913630eaf3f0 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 20:14:28 +0200 Subject: [PATCH 10/35] Attempt to fix problem with upgraded maven source plugin, take 2 --- pom.xml | 1 - servlet/pom.xml | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8e48982e..51ac5b07 100644 --- a/pom.xml +++ b/pom.xml @@ -174,7 +174,6 @@ attach-sources jar-no-fork - jar test-jar diff --git a/servlet/pom.xml b/servlet/pom.xml index 64ee8f6c..44586112 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -36,6 +36,10 @@ + + maven-source-plugin + + maven-resources-plugin From 6dd74070f43746782ba956c61d13663f34bfdf40 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 20:27:26 +0200 Subject: [PATCH 11/35] Remove transfer progress from Maven deploy output --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8f4328b1..ecc88efc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -95,7 +95,7 @@ jobs: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV - name: Publish to Maven Central if: ${{ endsWith(env.PROJECT_VERSION, '-SNAPSHOT') }} - run: mvn deploy -P release -DskipTests + run: mvn --no-transfer-progress deploy -P release -DskipTests env: MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_USERNAME }} # must be the same env variable name as (1) MAVEN_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} # must be the same env variable name as (2) From 13b37b3839a62aa34fbdbc3a25d82e4012e9f499 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 20:34:21 +0200 Subject: [PATCH 12/35] Use Maven in batch mode! --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ecc88efc..ec4fbce2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ jobs: java-package: jdk cache: 'maven' - name: Run Tests - run: mvn --no-transfer-progress test + run: mvn --batch-mode --no-transfer-progress test - name: Publish Test Report uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 if: ${{ !cancelled() }} @@ -64,7 +64,7 @@ jobs: - name: Display Java version run: java -version - name: Run Tests - run: mvn --no-transfer-progress test + run: mvn --batch-mode --no-transfer-progress test - name: Publish Test Report uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 if: ${{ !cancelled() }} @@ -92,10 +92,10 @@ jobs: gpg-passphrase: MAVEN_CENTRAL_GPG_PASSPHRASE # env variable for GPG private key passphrase (3) - name: Get Project Version run: | - echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV + echo "PROJECT_VERSION=$(mvn --batch-mode help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV - name: Publish to Maven Central if: ${{ endsWith(env.PROJECT_VERSION, '-SNAPSHOT') }} - run: mvn --no-transfer-progress deploy -P release -DskipTests + run: mvn --batch-mode --no-transfer-progress deploy -P release -DskipTests env: MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_USERNAME }} # must be the same env variable name as (1) MAVEN_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} # must be the same env variable name as (2) From 41460bd32aefc5fe4f283b0bec5687ff65995430 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Wed, 24 May 2023 21:43:33 +0200 Subject: [PATCH 13/35] JDK 20 compliance --- .github/workflows/ci.yml | 2 +- .../java/com/twelvemonkeys/lang/StringUtil.java | 2 +- .../com/twelvemonkeys/lang/StringUtilTest.java | 4 ++-- .../imageio/color/KCMSSanitizerStrategyTest.java | 15 +++++++++++++++ .../imageio/color/LCMSSanitizerStrategyTest.java | 3 +++ pom.xml | 4 ++-- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ec4fbce2..19f1356c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, windows-latest, macos-latest ] - java: [ 8, 11, 17, 18 ] + java: [ 8, 11, 17, 20 ] runs-on: ${{ matrix.os }} permissions: checks: write diff --git a/common/common-lang/src/main/java/com/twelvemonkeys/lang/StringUtil.java b/common/common-lang/src/main/java/com/twelvemonkeys/lang/StringUtil.java index d1f88c93..3a6b1bf0 100755 --- a/common/common-lang/src/main/java/com/twelvemonkeys/lang/StringUtil.java +++ b/common/common-lang/src/main/java/com/twelvemonkeys/lang/StringUtil.java @@ -904,7 +904,7 @@ public final class StringUtil { } catch (ParseException pe) { // Wrap in RuntimeException - throw new IllegalArgumentException(pe.getMessage()); + throw new IllegalArgumentException(pe.getMessage() + " at pos " + pe.getErrorOffset()); } } diff --git a/common/common-lang/src/test/java/com/twelvemonkeys/lang/StringUtilTest.java b/common/common-lang/src/test/java/com/twelvemonkeys/lang/StringUtilTest.java index 923cffd0..c6863961 100644 --- a/common/common-lang/src/test/java/com/twelvemonkeys/lang/StringUtilTest.java +++ b/common/common-lang/src/test/java/com/twelvemonkeys/lang/StringUtilTest.java @@ -593,8 +593,8 @@ public class StringUtilTest { cal.clear(); cal.set(Calendar.HOUR, 1); cal.set(Calendar.MINUTE, 2); - date = StringUtil.toDate("1:02 am", - DateFormat.getTimeInstance(DateFormat.SHORT, Locale.US)); + format = new SimpleDateFormat("HH:mm"); + date = StringUtil.toDate("1:02", format); assertNotNull(date); assertEquals(cal.getTime(), date); } diff --git a/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/KCMSSanitizerStrategyTest.java b/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/KCMSSanitizerStrategyTest.java index 3cf80a29..c8b8ae61 100644 --- a/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/KCMSSanitizerStrategyTest.java +++ b/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/KCMSSanitizerStrategyTest.java @@ -36,9 +36,11 @@ import java.awt.color.ColorSpace; import java.awt.color.ICC_ColorSpace; import java.awt.color.ICC_Profile; import java.io.IOException; +import java.lang.reflect.Method; import java.util.Arrays; import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assume.assumeFalse; import static org.mockito.Mockito.*; public class KCMSSanitizerStrategyTest { @@ -56,6 +58,8 @@ public class KCMSSanitizerStrategyTest { @Test public void testFixProfileUpdateHeader() throws Exception { + assumeICC_ProfileNotSealed(); // Ignores test for JDK 19+ + byte[] header = new byte[128]; header[ICC_Profile.icHdrRenderingIntent + 3] = 1; ICC_Profile profile = mock(ICC_Profile.class); @@ -69,6 +73,17 @@ public class KCMSSanitizerStrategyTest { verify(profile).setData(eq(ICC_Profile.icSigHead), any(byte[].class)); } + static void assumeICC_ProfileNotSealed() { + try { + Method isSealed = Class.class.getMethod("isSealed"); + Boolean result = (Boolean) isSealed.invoke(ICC_Profile.class); + assumeFalse("Can't mock ICC_Profile, class is sealed (as of JDK 19).", result); + } + catch (ReflectiveOperationException ignore) { + // We can't have sealed classes if we don't have the isSealed method... + } + } + @Test public void testFixProfileCorbisRGB() throws IOException { // TODO: Consider re-writing this using mocks, to avoid dependencies on the CMS implementation diff --git a/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/LCMSSanitizerStrategyTest.java b/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/LCMSSanitizerStrategyTest.java index d7b63ea2..cff1acbd 100644 --- a/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/LCMSSanitizerStrategyTest.java +++ b/imageio/imageio-core/src/test/java/com/twelvemonkeys/imageio/color/LCMSSanitizerStrategyTest.java @@ -34,6 +34,7 @@ import org.junit.Test; import java.awt.color.ICC_Profile; +import static com.twelvemonkeys.imageio.color.KCMSSanitizerStrategyTest.assumeICC_ProfileNotSealed; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verifyNoMoreInteractions; @@ -46,6 +47,8 @@ public class LCMSSanitizerStrategyTest { @Test public void testFixProfile() throws Exception { + assumeICC_ProfileNotSealed(); // Ignores test for JDK 19+ + ICC_Profile profile = mock(ICC_Profile.class); new LCMSSanitizerStrategy().fixProfile(profile); diff --git a/pom.xml b/pom.xml index 51ac5b07..d9ac2551 100644 --- a/pom.xml +++ b/pom.xml @@ -224,8 +224,8 @@ 3.11.0 true - 1.7 - 1.7 + 8 + 8 false source,lines From c5dc2e4e53409dd0f30b638c1e04e7dcdb4477c6 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Thu, 25 May 2023 10:29:09 +0200 Subject: [PATCH 14/35] Update README.md --- README.md | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) diff --git a/README.md b/README.md index e999aceb..d02367c3 100644 --- a/README.md +++ b/README.md @@ -380,7 +380,7 @@ Other "fat" JAR bundlers will probably have similar mechanisms to merge entries ##### Latest version (3.9.4) -Requires Java 7 or later. +The latest version that will run on Java 7 is 3.9.4. Later versions will require Java 8 or later. Common dependencies * [common-lang-3.9.4.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/common/common-lang/3.9.4/common-lang-3.9.4.jar) @@ -417,37 +417,6 @@ Photoshop Path support for ImageIO Servlet support * [servlet-3.9.4.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/servlet/servlet/3.9.4/servlet-3.9.4.jar) -##### Old version (3.0.x) - -Use this version for projects that requires Java 6 or need the JMagick support. *Does not support Java 8 or later*. - -Common dependencies -* [common-lang-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/common/common-lang/3.0.2/common-lang-3.0.2.jar) -* [common-io-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/common/common-io/3.0.2/common-io-3.0.2.jar) -* [common-image-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/common/common-image/3.0.2/common-image-3.0.2.jar) - -ImageIO dependencies -* [imageio-core-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-core/3.0.2/imageio-core-3.0.2.jar) -* [imageio-metadata-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-metadata/3.0.2/imageio-metadata-3.0.2.jar) - -ImageIO plugins -* [imageio-jpeg-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-jpeg/3.0.2/imageio-jpeg-3.0.2.jar) -* [imageio-tiff-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-tiff/3.0.2/imageio-tiff-3.0.2.jar) -* [imageio-psd-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-psd/3.0.2/imageio-psd-3.0.2.jar) -* [imageio-pict-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-pict/3.0.2/imageio-pict-3.0.2.jar) -* [imageio-iff-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-iff/3.0.2/imageio-iff-3.0.2.jar) -* [imageio-icns-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-icns/3.0.2/imageio-icns-3.0.2.jar) -* [imageio-ico-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-ico/3.0.2/imageio-ico-3.0.2.jar) -* [imageio-thumbsdb-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-thumbsdb/3.0.2/imageio-thumbsdb-3.0.2.jar) - -ImageIO plugins requiring 3rd party libs -* [imageio-batik-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-batik/3.0.2/imageio-batik-3.0.2.jar) -* [imageio-jmagick-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/imageio/imageio-jmagick/3.0.2/imageio-jmagick-3.0.2.jar) - -Servlet support -* [servlet-3.0.2.jar](https://search.maven.org/remotecontent?filepath=com/twelvemonkeys/servlet/servlet/3.0.2/servlet-3.0.2.jar) - - ## License This project is provided under the OSI approved [BSD license](https://opensource.org/licenses/BSD-3-Clause): From 3a2efd9491dd8edddb59f1b210bf924faad99462 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:08:18 +0000 Subject: [PATCH 15/35] Bump maven-help-plugin from 3.2.0 to 3.4.0 Bumps [maven-help-plugin](https://github.com/apache/maven-help-plugin) from 3.2.0 to 3.4.0. - [Commits](https://github.com/apache/maven-help-plugin/compare/maven-help-plugin-3.2.0...maven-help-plugin-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-help-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d9ac2551..9be867de 100644 --- a/pom.xml +++ b/pom.xml @@ -145,7 +145,7 @@ org.apache.maven.plugins maven-help-plugin - 3.2.0 + 3.4.0 From 4e614dfc7e70db6a33236f8afe15931e332286ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:08:23 +0000 Subject: [PATCH 16/35] Bump maven-checkstyle-plugin from 3.1.2 to 3.3.0 Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.1.2 to 3.3.0. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.1.2...maven-checkstyle-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d9ac2551..75c6aa4d 100644 --- a/pom.xml +++ b/pom.xml @@ -286,7 +286,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.1.2 + 3.3.0 From 2699b75b79d49c65e313e73020bbe2ade25bd253 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:08:30 +0000 Subject: [PATCH 17/35] Bump junit from 4.13.1 to 4.13.2 Bumps [junit](https://github.com/junit-team/junit4) from 4.13.1 to 4.13.2. - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](https://github.com/junit-team/junit4/compare/r4.13.1...r4.13.2) --- updated-dependencies: - dependency-name: junit:junit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- common/pom.xml | 2 +- contrib/pom.xml | 2 +- imageio/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common/pom.xml b/common/pom.xml index 05cb02a4..a6088a44 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -47,7 +47,7 @@ junit junit - 4.13.1 + 4.13.2 test diff --git a/contrib/pom.xml b/contrib/pom.xml index 2ff3522d..b3235671 100644 --- a/contrib/pom.xml +++ b/contrib/pom.xml @@ -65,7 +65,7 @@ junit junit - 4.13.1 + 4.13.2 test diff --git a/imageio/pom.xml b/imageio/pom.xml index c73399db..145d9877 100644 --- a/imageio/pom.xml +++ b/imageio/pom.xml @@ -98,7 +98,7 @@ junit junit - 4.13.1 + 4.13.2 test From 1d5359dd35e0a6441623f601fe4924edd02ac23d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:08:34 +0000 Subject: [PATCH 18/35] Bump maven-pmd-plugin from 3.14.0 to 3.21.0 Bumps [maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.14.0 to 3.21.0. - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.14.0...maven-pmd-plugin-3.21.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d9ac2551..d248b42a 100644 --- a/pom.xml +++ b/pom.xml @@ -281,7 +281,7 @@ org.apache.maven.plugins maven-pmd-plugin - 3.14.0 + 3.21.0 org.apache.maven.plugins From 3ce35e059ceab92911c87d037f5b961cde94ed4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:08:40 +0000 Subject: [PATCH 19/35] Bump maven-resources-plugin from 3.2.0 to 3.3.1 Bumps [maven-resources-plugin](https://github.com/apache/maven-resources-plugin) from 3.2.0 to 3.3.1. - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](https://github.com/apache/maven-resources-plugin/compare/maven-resources-plugin-3.2.0...maven-resources-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d9ac2551..69fac9b8 100644 --- a/pom.xml +++ b/pom.xml @@ -198,7 +198,7 @@ org.apache.maven.plugins maven-resources-plugin - 3.2.0 + 3.3.1 UTF-8 From 783c28ae0edcc4fd5f5a728deced69da64a3de7d Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Thu, 25 May 2023 12:16:38 +0200 Subject: [PATCH 20/35] More lenient test, using dynamic local port. --- .../imageio/metadata/xmp/XMPReaderTest.java | 39 +++++++++++++++---- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/imageio/imageio-metadata/src/test/java/com/twelvemonkeys/imageio/metadata/xmp/XMPReaderTest.java b/imageio/imageio-metadata/src/test/java/com/twelvemonkeys/imageio/metadata/xmp/XMPReaderTest.java index 02be1834..315274d9 100644 --- a/imageio/imageio-metadata/src/test/java/com/twelvemonkeys/imageio/metadata/xmp/XMPReaderTest.java +++ b/imageio/imageio-metadata/src/test/java/com/twelvemonkeys/imageio/metadata/xmp/XMPReaderTest.java @@ -35,8 +35,11 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.io.OutputStream; import java.net.ServerSocket; import java.net.Socket; @@ -50,6 +53,7 @@ import java.util.Iterator; import javax.imageio.ImageIO; import javax.imageio.stream.ImageInputStream; +import com.twelvemonkeys.imageio.stream.DirectImageInputStream; import org.junit.Test; import com.twelvemonkeys.imageio.metadata.CompoundDirectory; @@ -490,12 +494,15 @@ public class XMPReaderTest extends MetadataReaderAbstractTest { assertThat(exif.getEntryById("http://ns.adobe.com/exif/1.0/NativeDigest"), hasValue("36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;A7F21D25E2C562F152B2C4ECC9E534DA")); } - @Test(timeout = 1500L) + @Test(timeout = 2500L) public void testNoExternalRequest() throws Exception { - // TODO: Use dynamic port? - try (HTTPServer server = new HTTPServer(7777)) { - try { - createReader().read(getResourceAsIIS("/xmp/xmp-jpeg-xxe.xml")); + String maliciousXML = resourceAsString("/xmp/xmp-jpeg-xxe.xml"); + + try (HTTPServer server = new HTTPServer()) { + String dynamicXML = maliciousXML.replace("http://localhost:7777/", "http://localhost:" + server.port() + "/"); + + try (DirectImageInputStream input = new DirectImageInputStream(new ByteArrayInputStream(dynamicXML.getBytes(StandardCharsets.UTF_8)));) { + createReader().read(input); } catch (IOException ioe) { if (ioe.getMessage().contains("501")) { throw new AssertionError("Reading should not cause external requests", ioe); @@ -507,12 +514,26 @@ public class XMPReaderTest extends MetadataReaderAbstractTest { } } + private String resourceAsString(String name) throws IOException { + StringBuilder builder = new StringBuilder(1024); + + try (BufferedReader reader = new BufferedReader(new InputStreamReader(getResource(name).openStream(), StandardCharsets.UTF_8))) { + String line; + while ((line = reader.readLine()) != null) { + builder.append(line) + .append('\n'); + } + } + + return builder.toString(); + } + private static class HTTPServer implements AutoCloseable { private final ServerSocket server; private final Thread thread; - HTTPServer(int port) throws IOException { - server = new ServerSocket(port, 1); + HTTPServer() throws IOException { + server = new ServerSocket(0, 1); thread = new Thread(new Runnable() { @Override public void run() { serve(); @@ -521,6 +542,10 @@ public class XMPReaderTest extends MetadataReaderAbstractTest { thread.start(); } + public final int port() { + return server.getLocalPort(); + } + private void serve() { try { Socket client = server.accept(); From 628523ddc82cffad3c1f45588485ff91801c0021 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Thu, 25 May 2023 13:42:21 +0200 Subject: [PATCH 21/35] Dependabot workflow updates --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e1cd1a0a..9df528cd 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,6 @@ updates: interval: "daily" # GitHub actions updates - package-ecosystem: "github-actions" - directory: "/.github" + directory: "/.github/workflows" schedule: interval: "daily" From 967e71dc924683274cac481b0eb846344fde2a75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:42:47 +0000 Subject: [PATCH 22/35] Bump mikepenz/action-junit-report in /.github/workflows Bumps [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) from 3.7.6 to 3.7.7. - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](https://github.com/mikepenz/action-junit-report/compare/959aefb7f095e717eb407fe917238d61ca323ff3...c0e4b81aaa0067314a2d0d06e19b512c9d8af4f5) --- updated-dependencies: - dependency-name: mikepenz/action-junit-report dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 19f1356c..c366d4d6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: - name: Run Tests run: mvn --batch-mode --no-transfer-progress test - name: Publish Test Report - uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 + uses: mikepenz/action-junit-report@c0e4b81aaa0067314a2d0d06e19b512c9d8af4f5 # v3.7.7 if: ${{ !cancelled() }} with: report_paths: "**/target/surefire-reports/TEST*.xml" @@ -66,7 +66,7 @@ jobs: - name: Run Tests run: mvn --batch-mode --no-transfer-progress test - name: Publish Test Report - uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 + uses: mikepenz/action-junit-report@c0e4b81aaa0067314a2d0d06e19b512c9d8af4f5 # v3.7.7 if: ${{ !cancelled() }} with: report_paths: "**/target/surefire-reports/TEST*.xml" From 9aa04d311e64768a2b5d3d4254daacd4ff280a13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:42:51 +0000 Subject: [PATCH 23/35] Bump maven-gpg-plugin from 1.6 to 3.1.0 Bumps [maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 1.6 to 3.1.0. - [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-1.6...maven-gpg-plugin-3.1.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..1d48236a 100644 --- a/pom.xml +++ b/pom.xml @@ -98,7 +98,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.1.0 From 6cb7424bd02b5ceee7a9d3d0048703b7d9696c72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:42:53 +0000 Subject: [PATCH 24/35] Bump servlet-api from 2.4 to 2.5 Bumps servlet-api from 2.4 to 2.5. --- updated-dependencies: - dependency-name: javax.servlet:servlet-api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- servlet/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servlet/pom.xml b/servlet/pom.xml index 44586112..01945382 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -15,7 +15,7 @@ javax.servlet servlet-api - 2.4 + 2.5 provided From 7bb5fee23b8a1bc100938f5d6c33a4444d3e8dba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:42:57 +0000 Subject: [PATCH 25/35] Bump maven-shade-plugin from 3.2.2 to 3.4.1 Bumps [maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.2.2 to 3.4.1. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](https://github.com/apache/maven-shade-plugin/compare/maven-shade-plugin-3.2.2...maven-shade-plugin-3.4.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- servlet/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servlet/pom.xml b/servlet/pom.xml index 44586112..e2060241 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -66,7 +66,7 @@ org.apache.maven.plugins maven-shade-plugin - 3.2.2 + 3.4.1 jakarta From a3534ecd5959c6beb2f23cadbc1308dd3caef89d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:43:00 +0000 Subject: [PATCH 26/35] Bump commons-io from 2.11.0 to 2.12.0 Bumps commons-io from 2.11.0 to 2.12.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- imageio/imageio-batik/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imageio/imageio-batik/pom.xml b/imageio/imageio-batik/pom.xml index a452d6c1..e2a8fe93 100644 --- a/imageio/imageio-batik/pom.xml +++ b/imageio/imageio-batik/pom.xml @@ -51,7 +51,7 @@ commons-io commons-io - 2.11.0 + 2.12.0 provided From 15dc4b385252d3e5ea124a0ddc20f63c4d2bc108 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:43:04 +0000 Subject: [PATCH 27/35] Bump maven-deploy-plugin from 3.0.0-M1 to 3.1.1 Bumps [maven-deploy-plugin](https://github.com/apache/maven-deploy-plugin) from 3.0.0-M1 to 3.1.1. - [Release notes](https://github.com/apache/maven-deploy-plugin/releases) - [Commits](https://github.com/apache/maven-deploy-plugin/compare/maven-deploy-plugin-3.0.0-M1...maven-deploy-plugin-3.1.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-deploy-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..eca4f74e 100644 --- a/pom.xml +++ b/pom.xml @@ -266,7 +266,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.0.0-M1 + 3.1.1 org.apache.maven.plugins From 9db4e0b3ed691ab5a5c296eaab38d5411a4be2f8 Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Thu, 25 May 2023 13:55:14 +0200 Subject: [PATCH 28/35] More Dependabot PRs, please --- .github/dependabot.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9df528cd..2a29b1e4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,11 @@ version: 2 updates: # Maven/Java library updates - - package-ecosystem: "maven" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "maven" + directory: "/" schedule: interval: "daily" + open-pull-requests-limit: 10 # GitHub actions updates - package-ecosystem: "github-actions" directory: "/.github/workflows" From f0db338f3b17e3cbf6e8a075f5281cb047b43e6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:55:41 +0000 Subject: [PATCH 29/35] Bump maven-javadoc-plugin from 3.2.0 to 3.5.0 Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.2.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.2.0...maven-javadoc-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..be9c7af7 100644 --- a/pom.xml +++ b/pom.xml @@ -119,7 +119,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.2.0 + 3.5.0 attach-javadocs From 79982cd4933d90c3ea2283fc4d8bf9a19ce84155 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:55:46 +0000 Subject: [PATCH 30/35] Bump maven-jar-plugin from 2.4 to 3.3.0 Bumps [maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 2.4 to 3.3.0. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-2.4...maven-jar-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- servlet/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..29024ff0 100644 --- a/pom.xml +++ b/pom.xml @@ -206,7 +206,7 @@ org.apache.maven.plugins maven-jar-plugin - 3.2.0 + 3.3.0 true diff --git a/servlet/pom.xml b/servlet/pom.xml index 44586112..79796101 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -50,7 +50,7 @@ org.apache.maven.plugins maven-jar-plugin - 2.4 + 3.3.0 From 0083b8e77e6075aba457ce64f8d93e8737258bb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:55:55 +0000 Subject: [PATCH 31/35] Bump maven-scm-provider-gitexe from 1.11.2 to 2.0.1 Bumps maven-scm-provider-gitexe from 1.11.2 to 2.0.1. --- updated-dependencies: - dependency-name: org.apache.maven.scm:maven-scm-provider-gitexe dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..1fc0315e 100644 --- a/pom.xml +++ b/pom.xml @@ -259,7 +259,7 @@ org.apache.maven.scm maven-scm-provider-gitexe - 1.11.2 + 2.0.1 From 72b9f19a5113184f27a0f1152b76f2b9f3ee109f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:55:57 +0000 Subject: [PATCH 32/35] Bump nexus-staging-maven-plugin from 1.6.8 to 1.6.13 Bumps nexus-staging-maven-plugin from 1.6.8 to 1.6.13. --- updated-dependencies: - dependency-name: org.sonatype.plugins:nexus-staging-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f0d5ea3b..c67df89d 100644 --- a/pom.xml +++ b/pom.xml @@ -183,7 +183,7 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.8 + 1.6.13 true ossrh From 2d8125e69c92b701a28a92a4246d2ec03eddd8cb Mon Sep 17 00:00:00 2001 From: Harald Kuhr Date: Thu, 25 May 2023 14:29:18 +0200 Subject: [PATCH 33/35] Manual mockito bump --- imageio/pom.xml | 2 +- servlet/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/imageio/pom.xml b/imageio/pom.xml index 145d9877..964bf618 100644 --- a/imageio/pom.xml +++ b/imageio/pom.xml @@ -105,7 +105,7 @@ org.mockito mockito-core - 3.12.4 + 4.11.0 test diff --git a/servlet/pom.xml b/servlet/pom.xml index 01945382..abfe2d0a 100644 --- a/servlet/pom.xml +++ b/servlet/pom.xml @@ -29,7 +29,7 @@ org.mockito mockito-core - 4.1.0 + 4.11.0 test From 20cd259abd8caa9358a6176c023db98edb509b38 Mon Sep 17 00:00:00 2001 From: Davide Tantillo Date: Sun, 28 May 2023 15:03:21 +0200 Subject: [PATCH 34/35] PSD: Adding parsing for 'lsdk' (undocumented) additional layer information key that represents a 'nested section diverder setting' --- .../main/java/com/twelvemonkeys/imageio/plugins/psd/PSD.java | 2 ++ .../com/twelvemonkeys/imageio/plugins/psd/PSDLayerInfo.java | 1 + 2 files changed, 3 insertions(+) diff --git a/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSD.java b/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSD.java index da7cf425..1a1f2063 100755 --- a/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSD.java +++ b/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSD.java @@ -709,4 +709,6 @@ interface PSD extends com.twelvemonkeys.imageio.metadata.psd.PSD { int luni = 'l' << 24 | 'u' << 16 | 'n' << 8 | 'i'; int lyid = 'l' << 24 | 'y' << 16 | 'i' << 8 | 'd'; int lsct = 'l' << 24 | 's' << 16 | 'c' << 8 | 't'; + // Undocumented: Nested section divider setting + int lsdk = 'l' << 24 | 's' << 16 | 'd' << 8 | 'k'; } diff --git a/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSDLayerInfo.java b/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSDLayerInfo.java index 6bb0fa14..d6814d9e 100755 --- a/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSDLayerInfo.java +++ b/imageio/imageio-psd/src/main/java/com/twelvemonkeys/imageio/plugins/psd/PSDLayerInfo.java @@ -155,6 +155,7 @@ final class PSDLayerInfo { layerId = pInput.readInt(); break; + case PSD.lsdk: case PSD.lsct: if (resourceLength < 4) { throw new IIOException(String.format("Expected sectionDividerSetting length >= 4: %d", resourceLength)); From 9d50acd2fea43bece5acf3573def66bd6237990a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 09:10:54 +0000 Subject: [PATCH 35/35] Bump maven-release-plugin from 3.0.0 to 3.0.1 Bumps [maven-release-plugin](https://github.com/apache/maven-release) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.0.0...maven-release-3.0.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d38a7e86..c1c3d937 100644 --- a/pom.xml +++ b/pom.xml @@ -249,7 +249,7 @@ org.apache.maven.plugins maven-release-plugin - 3.0.0 + 3.0.1 true release