Skip to content

Commit 62d8d73

Browse files
dakai-wei-of-shizenjuherrfnkbsidependabot[bot]goekay
authored
merge Steve community master 20241105 (#5)
* Extract tag authorization in a dedicated service * Provide location for tag status * adding DB migration Baselinescript * Baseline-script: insert default data into settings table * main.yml: remove right "mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "GRANT SELECT ON mysql.proc TO 'steve'@'%';" -v || true" * B1_0_5_stevedb.sql: removed auto_increment values * B1_0_5_stevedb.sql: change to maysqldump script * Baseline-script: insert default data into settings table * Baseline-script: removed unnecessary save, set and reset of DB-settings (executable comments); removed temporary tabels/views, because of that changed creation order of views transaction and ocpp_activity * Baseline-script: because Steve supports only mysql and mariadb the executable comments are changed to commands. except "/*!999999\- enable the sandbox mode */ " * Baseline-script: adding some comments * Baseline-script: formating the view creation code * Bump org.apache.maven.plugins:maven-dependency-plugin Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.7.0...maven-dependency-plugin-3.7.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-3.4.1...maven-jar-plugin-3.4.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * remove pmd github action * main.yml: remove Grant Super priviliges; B1_0_5__stevedb.sql: remove definer statements in views * adapt docs after #1439 SUPER is not needed anymore * Bump org.junit:junit-bom from 5.10.2 to 5.10.3 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.2 to 5.10.3. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.5.0 to 4.8.6.2 Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.5.0 to 4.8.6.2. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.5.0...spotbugs-maven-plugin-4.8.6.2) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson.version from 2.17.1 to 2.17.2 Bumps `jackson.version` from 2.17.1 to 2.17.2. Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.1 to 2.17.2 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.module:jackson-module-jaxb-annotations` from 2.17.1 to 2.17.2 - [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.17.1...jackson-modules-base-2.17.2) Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.17.1 to 2.17.2 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.17.1 to 2.17.2 - [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.17.1...jackson-datatype-joda-2.17.2) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.module:jackson-module-jaxb-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump io.github.git-commit-id:git-commit-id-maven-plugin Bumps [io.github.git-commit-id:git-commit-id-maven-plugin](https://github.com/git-commit-id/git-commit-id-maven-plugin) from 9.0.0 to 9.0.1. - [Release notes](https://github.com/git-commit-id/git-commit-id-maven-plugin/releases) - [Commits](https://github.com/git-commit-id/git-commit-id-maven-plugin/compare/v9.0.0...v9.0.1) --- updated-dependencies: - dependency-name: io.github.git-commit-id:git-commit-id-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flyway.version from 10.15.0 to 10.15.2 Bumps `flyway.version` from 10.15.0 to 10.15.2. Updates `org.flywaydb:flyway-mysql` from 10.15.0 to 10.15.2 Updates `org.flywaydb:flyway-maven-plugin` from 10.15.0 to 10.15.2 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.15.0...flyway-10.15.2) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update docker-compose.yml to add restart policies Added 'unless-stopped' restart policies to both the 'db' and 'app' services in docker-compose.yml to ensure they automatically restart unless explicitly stopped by the user. * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.3.1 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.0...surefire-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump net.bytebuddy:byte-buddy from 1.14.17 to 1.14.18 Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.17 to 1.14.18. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.17...byte-buddy-1.14.18) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * refactor: move OcppTagRepository into AuthTagService * better msg if logs are unavailable (closes #1503) * Bump org.projectlombok:lombok from 1.18.32 to 1.18.34 Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.32 to 1.18.34. - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](https://github.com/projectlombok/lombok/compare/v1.18.32...v1.18.34) --- updated-dependencies: - dependency-name: org.projectlombok:lombok dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * nits and style changes * add license header where missing * extract interface reason: allow multiple implementations of the same interface to exist. therefore, another impl (for calling external EMSP service) and bean can exist with @Primary annotation which can take precedence * transaction detail page shows only energy meter values (#1514) * Bump flyway.version from 10.15.2 to 10.16.0 Bumps `flyway.version` from 10.15.2 to 10.16.0. Updates `org.flywaydb:flyway-mysql` from 10.15.2 to 10.16.0 Updates `org.flywaydb:flyway-maven-plugin` from 10.15.2 to 10.16.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.15.2...flyway-10.16.0) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-pmd-plugin from 3.23.0 to 3.24.0 Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.23.0 to 3.24.0. - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.23.0...maven-pmd-plugin-3.24.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * migrate to jakarta and upgrade spring, jetty, cxf * fix SecurityConfiguration * fix http client in GithubReleaseCheckService * fix test classes * fix dependencies * upgrade jetty from 11 to 12 * update ocpp-jaxb * fix jsp world * fix spring security signin page was causing too many redirects to itself. https://github.com/spring-projects/spring-security/issues/13285 * switch to openapi v3 plus: start offering swagger ui * version bump [ci skip] * version bump for snapshot [ci skip] * use ocpp-jaxb tag version * jooq: make DateTime operations through field's converter (#1520) * validate chargeBoxId for WS connections (#1526) * tighten regex of valid chargeBoxId definition (#1526) * switch logic to use blacklist of chars (#1526) * add flexibility to override default chargeBoxId validation regex (#1526) * add error logging for violating the pattern (#1526) * put chargeBoxId through html encoder in unknownList (#1526) * refactor * Encode values properly when rendering HTML pages (#1533) * use html encoder on page: chagepointDetails (#1532) * use html encoder on page: transactions (#1532) * use html encoder on page: transactionDetails (#1532) * use html encoder on page: ocppTags (#1532) * use html encoder on page: connectorStatus (#1532) * use html encoder on page: GetConfigurationResponse (#1532) * use html encoder on page: taskResult (#1532) * Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1530) Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0. - [Release notes](https://github.com/hamcrest/JavaHamcrest/releases) - [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md) - [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0) --- updated-dependencies: - dependency-name: org.hamcrest:hamcrest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flyway.version from 10.16.0 to 10.17.0 (#1529) Bumps `flyway.version` from 10.16.0 to 10.17.0. Updates `org.flywaydb:flyway-mysql` from 10.16.0 to 10.17.0 Updates `org.flywaydb:flyway-maven-plugin` from 10.16.0 to 10.17.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.16.0...flyway-10.17.0) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jetty.version from 12.0.11 to 12.0.12 (#1528) Bumps `jetty.version` from 12.0.11 to 12.0.12. Updates `org.eclipse.jetty:jetty-server` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.11 to 12.0.12 Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.11 to 12.0.12 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-rewrite dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix ObjectMapper used for API endpoint errors reason: warnings like the following [WARN ] 2024-08-08 23:34:20,844 org.eclipse.jetty.ee10.servlet.ServletChannel (qtp739264372-28) - handleException /steve/api/v1/transactions com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Joda date/time type `org.joda.time.DateTime` not supported by default: add Module "com.fasterxml.jackson.datatype:jackson-datatype-joda" to enable handling (through reference chain: de.rwth.idsg.steve.web.api.ApiControllerAdvice$ApiErrorResponse["timestamp"]) ApiDocsConfiguration activates JacksonAutoConfiguration which creates a default/primary ObjectMapper that is different from our ObjectMapper. this came with the spring 6.x migration since OpenApi integration was massively refactored with that as well. * add authorization support to open-api and swagger-ui (#1043) * refactor instead of creating a 2nd ObjectMapper with a custom qualifier, override the default that comes from JacksonAutoConfiguration. * Bump org.slf4j:slf4j-bom from 2.0.13 to 2.0.16 Bumps [org.slf4j:slf4j-bom](https://github.com/qos-ch/slf4j) from 2.0.13 to 2.0.16. - [Commits](https://github.com/qos-ch/slf4j/compare/v_2.0.13...v_2.0.16) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update mysql-connector-j (#1537) * pom: adapted changes in mysql-connector dependency location: mysql --> com.mysql; mysql-connector-java -> mysql-connector-j, version update to 8.4.0 * pom: mysql.jdbc.version update to 9.0.0 --------- Co-authored-by: brosi <[email protected]> * exclude websocket paths from spring security (#1523) * disable CSRF for SOAP endpoints * enable spring security for all profiles reason: so far, spring security was enabled only for prod profile. the tests were running with test profile. therefore, any security-related issue/regression was not detected. * Implement database-based multi user system for Web UI (#1539) * add UserDetailsService impl using Jooq * improve impl such that it is in a working condition * refactor: make github action checks happy * force data type JSON in Jooq for web_user.authorities reason: our build matrix fails for mysql, but succeeds for mariadb. Jooq infers data type org.jooq.JSON for web_user.authorities for mysql. on the other hand, it is String for mariadb. example: https://github.com/steve-community/steve/actions/runs/10339451112 * tighten json logic * add check for validating that "authorities" is an array * store a sorted set of authorities without duplicates * add method to delete web user by database id reason: to be used by web pages. a better way than doing with username, and is consistent with other delete operations we do. * PR feedback: skip default admin user creation, if "any" admin already exists * refactor: PR feedback * prepare database for #1540 * PR feedback * add license header where missing * Bump jooq.version from 3.19.10 to 3.19.11 (#1552) Bumps `jooq.version` from 3.19.10 to 3.19.11. Updates `org.jooq:jooq-meta` from 3.19.10 to 3.19.11 Updates `org.jooq:jooq-codegen` from 3.19.10 to 3.19.11 Updates `org.jooq:jooq` from 3.19.10 to 3.19.11 Updates `org.jooq:jooq-codegen-maven` from 3.19.10 to 3.19.11 --- updated-dependencies: - dependency-name: org.jooq:jooq-meta dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jooq:jooq-codegen dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jooq:jooq dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jooq:jooq-codegen-maven dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre (#1551) Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.1-jre to 33.3.0-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api (#1550) Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases) - [Commits](https://github.com/eclipse-ee4j/jstl-api/commits) --- updated-dependencies: - dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.junit:junit-bom from 5.10.3 to 5.11.0 (#1549) Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.3 to 5.11.0. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.14.19 (#1548) Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.18 to 1.14.19. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.18...byte-buddy-1.14.19) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flyway.version from 10.17.0 to 10.17.1 (#1547) Bumps `flyway.version` from 10.17.0 to 10.17.1. Updates `org.flywaydb:flyway-mysql` from 10.17.0 to 10.17.1 Updates `org.flywaydb:flyway-maven-plugin` from 10.17.0 to 10.17.1 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.0...flyway-10.17.1) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * switch to basic auth for API access (#1545) * switch to basic auth for API access * PR feedback * add cache for API users * PR feedback * start setting/updating api_password * refactor: undo moveApiTokenFromConfigToDatabase prep * switch open-api spec to basic auth (#1540) * refactor DataSource * make DataSource a spring bean * move checkJavaAndMySQLOffsets() into GenericRepository * necessary consequential changes * Bump org.owasp.encoder:encoder-jakarta-jsp from 1.3.0 to 1.3.1 Bumps [org.owasp.encoder:encoder-jakarta-jsp](https://github.com/owasp/owasp-java-encoder) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](https://github.com/owasp/owasp-java-encoder/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder-jakarta-jsp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flyway.version from 10.17.1 to 10.17.2 Bumps `flyway.version` from 10.17.1 to 10.17.2. Updates `org.flywaydb:flyway-mysql` from 10.17.1 to 10.17.2 Updates `org.flywaydb:flyway-maven-plugin` from 10.17.1 to 10.17.2 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.1...flyway-10.17.2) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-dependency-plugin Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.7.1...maven-dependency-plugin-3.8.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump net.bytebuddy:byte-buddy from 1.14.19 to 1.15.0 Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.19 to 1.15.0. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.19...byte-buddy-1.15.0) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump spring.security.version from 6.3.1 to 6.3.3 Bumps `spring.security.version` from 6.3.1 to 6.3.3. Updates `org.springframework.security:spring-security-web` from 6.3.1 to 6.3.3 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.3.1...6.3.3) Updates `org.springframework.security:spring-security-config` from 6.3.1 to 6.3.3 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.3.1...6.3.3) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-checkstyle-plugin Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.4.0 to 3.5.0. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.4.0...maven-checkstyle-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.1 to 3.4.0 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases) - [Commits](https://github.com/eclipse-ee4j/jstl-api/commits) --- updated-dependencies: - dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.0 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.4.0...surefire-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump net.bytebuddy:byte-buddy from 1.15.0 to 1.15.1 Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.0 to 1.15.1. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.0...byte-buddy-1.15.1) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-pmd-plugin from 3.24.0 to 3.25.0 Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.24.0 to 3.25.0. - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.24.0...maven-pmd-plugin-3.25.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.mockito:mockito-junit-jupiter from 5.12.0 to 5.13.0 Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.12.0 to 5.13.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.12.0...v5.13.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jetty.version from 12.0.12 to 12.0.13 Bumps `jetty.version` from 12.0.12 to 12.0.13. Updates `org.eclipse.jetty:jetty-server` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.12 to 12.0.13 Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.12 to 12.0.13 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-rewrite dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.logging.log4j:log4j-bom from 2.23.1 to 2.24.0 Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.23.1 to 2.24.0. - [Release notes](https://github.com/apache/logging-log4j2/releases) - [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc) - [Commits](https://github.com/apache/logging-log4j2/compare/rel/2.23.1...rel/2.24.0) --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.3 Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.2 to 4.8.6.3. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.2...spotbugs-maven-plugin-4.8.6.3) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Warn about security risks Related to #100 * Bump flyway.version from 10.17.2 to 10.18.0 Bumps `flyway.version` from 10.17.2 to 10.18.0. Updates `org.flywaydb:flyway-mysql` from 10.17.2 to 10.18.0 Updates `org.flywaydb:flyway-maven-plugin` from 10.17.2 to 10.18.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.2...flyway-10.18.0) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * add APIs link to navigation header * set ram percentage in Dockerfile default is 25% which is too conservative. details: https://developers.redhat.com/articles/2022/04/19/java-17-whats-new-openjdks-container-awareness#tuning_defaults_for_containers * Bump org.apache.httpcomponents.client5:httpclient5 from 5.3.1 to 5.4 Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.3.1 to 5.4. - [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.3.1...rel/v5.4) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump joda-time:joda-time from 2.12.7 to 2.13.0 Bumps [joda-time:joda-time](https://github.com/JodaOrg/joda-time) from 2.12.7 to 2.13.0. - [Release notes](https://github.com/JodaOrg/joda-time/releases) - [Changelog](https://github.com/JodaOrg/joda-time/blob/main/RELEASE-NOTES.txt) - [Commits](https://github.com/JodaOrg/joda-time/compare/v2.12.7...v2.13.0) --- updated-dependencies: - dependency-name: joda-time:joda-time dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.3 to 4.8.6.4 Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.3 to 4.8.6.4. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.3...spotbugs-maven-plugin-4.8.6.4) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flyway.version from 10.18.0 to 10.18.2 Bumps `flyway.version` from 10.18.0 to 10.18.2. Updates `org.flywaydb:flyway-mysql` from 10.18.0 to 10.18.2 Updates `org.flywaydb:flyway-maven-plugin` from 10.18.0 to 10.18.2 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.18.0...flyway-10.18.2) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson.version from 2.17.2 to 2.18.0 Bumps `jackson.version` from 2.17.2 to 2.18.0. Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.2 to 2.18.0 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.17.2 to 2.18.0 - [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.17.2...jackson-modules-base-2.18.0) Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.17.2 to 2.18.0 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.17.2 to 2.18.0 - [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.17.2...jackson-datatype-joda-2.18.0) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.3.0-jre to 33.3.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.jetbrains:annotations from 24.1.0 to 25.0.0 Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 24.1.0 to 25.0.0. - [Release notes](https://github.com/JetBrains/java-annotations/releases) - [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md) - [Commits](https://github.com/JetBrains/java-annotations/compare/24.1.0...25.0.0) --- updated-dependencies: - dependency-name: org.jetbrains:annotations dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.mockito:mockito-junit-jupiter from 5.13.0 to 5.14.1 Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.13.0 to 5.14.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.13.0...v5.14.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.junit:junit-bom from 5.11.0 to 5.11.2 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.2) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump plugin.license-maven.version from 4.5 to 4.6 Bumps `plugin.license-maven.version` from 4.5 to 4.6. Updates `com.mycila:license-maven-plugin-git` from 4.5 to 4.6 - [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases) - [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.5...license-maven-plugin-4.6) Updates `com.mycila:license-maven-plugin` from 4.5 to 4.6 - [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases) - [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.5...license-maven-plugin-4.6) --- updated-dependencies: - dependency-name: com.mycila:license-maven-plugin-git dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: com.mycila:license-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flyway.version from 10.18.2 to 10.19.0 Bumps `flyway.version` from 10.18.2 to 10.19.0. Updates `org.flywaydb:flyway-mysql` from 10.18.2 to 10.19.0 Updates `org.flywaydb:flyway-maven-plugin` from 10.18.2 to 10.19.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.18.2...flyway-10.19.0) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.1 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.0...surefire-3.5.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.logging.log4j:log4j-bom from 2.24.0 to 2.24.1 Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.24.0 to 2.24.1. - [Release notes](https://github.com/apache/logging-log4j2/releases) - [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc) - [Commits](https://github.com/apache/logging-log4j2/compare/rel/2.24.0...rel/2.24.1) --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.zaxxer:HikariCP from 5.1.0 to 6.0.0 Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 5.1.0 to 6.0.0. - [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES) - [Commits](https://github.com/brettwooldridge/HikariCP/compare/HikariCP-5.1.0...HikariCP-6.0.0) --- updated-dependencies: - dependency-name: com.zaxxer:HikariCP dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.mysql:mysql-connector-j from 9.0.0 to 9.1.0 Bumps [com.mysql:mysql-connector-j](https://github.com/mysql/mysql-connector-j) from 9.0.0 to 9.1.0. - [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES) - [Commits](https://github.com/mysql/mysql-connector-j/compare/9.0.0...9.1.0) --- updated-dependencies: - dependency-name: com.mysql:mysql-connector-j dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.jetbrains:annotations from 25.0.0 to 26.0.1 Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 25.0.0 to 26.0.1. - [Release notes](https://github.com/JetBrains/java-annotations/releases) - [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md) - [Commits](https://github.com/JetBrains/java-annotations/compare/25.0.0...26.0.1) --- updated-dependencies: - dependency-name: org.jetbrains:annotations dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump net.bytebuddy:byte-buddy from 1.15.1 to 1.15.7 Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.1 to 1.15.7. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.1...byte-buddy-1.15.7) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jetty.version from 12.0.13 to 12.0.14 Bumps `jetty.version` from 12.0.13 to 12.0.14. Updates `org.eclipse.jetty:jetty-server` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.13 to 12.0.14 Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.13 to 12.0.14 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-rewrite dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * adjust checkstyle [ci skip] inline conditionals are fine in some cases. more compact and less verbose. * migrate "header value" as "api password" to database (#1540) * Bump org.springframework.security:spring-security-web Bumps [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) from 6.3.3 to 6.3.4. - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.3.3...6.3.4) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.mockito:mockito-junit-jupiter from 5.14.1 to 5.14.2 Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.14.1 to 5.14.2. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.14.1...v5.14.2) --- updated-dependencies: - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson.version from 2.18.0 to 2.18.1 Bumps `jackson.version` from 2.18.0 to 2.18.1. Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.0 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.18.0 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.18.0...jackson-modules-base-2.18.1) Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.18.0 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.18.0 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.18.0...jackson-datatype-joda-2.18.1) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.4 to 4.8.6.5 Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.4 to 4.8.6.5. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.4...spotbugs-maven-plugin-4.8.6.5) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flyway.version from 10.19.0 to 10.20.1 Bumps `flyway.version` from 10.19.0 to 10.20.1. Updates `org.flywaydb:flyway-mysql` from 10.19.0 to 10.20.1 Updates `org.flywaydb:flyway-maven-plugin` from 10.19.0 to 10.20.1 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-10.19.0...flyway-10.20.1) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-dependency-plugin Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.0 to 3.8.1. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.8.0...maven-dependency-plugin-3.8.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.httpcomponents.client5:httpclient5 from 5.4 to 5.4.1 Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.4 to 5.4.1. - [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.4.1/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.4...rel/v5.4.1) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.9 Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.7 to 1.15.9. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.7...byte-buddy-1.15.9) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-checkstyle-plugin Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.5.0 to 3.6.0. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.5.0...maven-checkstyle-plugin-3.6.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.apache.maven.plugins:maven-pmd-plugin from 3.25.0 to 3.26.0 Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.25.0 to 3.26.0. - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.25.0...maven-pmd-plugin-3.26.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump org.junit:junit-bom from 5.11.2 to 5.11.3 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.2 to 5.11.3. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Julien Herr <[email protected]> Co-authored-by: fnkbsi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sevket Gökay <[email protected]> Co-authored-by: Andrei <[email protected]> Co-authored-by: Julien Herr <[email protected]> Co-authored-by: brosi <[email protected]> Co-authored-by: Julien Herr <[email protected]>
1 parent bbe9f35 commit 62d8d73

File tree

147 files changed

+1990
-709
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

147 files changed

+1990
-709
lines changed

.github/workflows/main.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,6 @@ jobs:
3535
mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "CREATE DATABASE stevedb_test_2aa6a783d47d;" -v
3636
mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "CREATE USER 'steve'@'%' IDENTIFIED BY 'changeme';" -v
3737
mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "GRANT ALL PRIVILEGES ON stevedb_test_2aa6a783d47d.* TO 'steve'@'%';" -v
38-
mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "GRANT SELECT ON mysql.proc TO 'steve'@'%';" -v || true
39-
mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "GRANT SUPER ON *.* TO 'steve'@'%';" -v || true
4038
4139
- name: Build with Maven
4240
run: ./mvnw -B -V -Dmaven.javadoc.skip=true -Ptest clean package --file pom.xml

.github/workflows/review.yml

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,23 +18,6 @@ jobs:
1818

1919
- name: Check with Maven
2020
run: mvn -B -V license:check --file pom.xml
21-
pmd:
22-
runs-on: 'ubuntu-latest'
23-
steps:
24-
- uses: actions/checkout@v4
25-
- uses: actions/setup-java@v4
26-
with:
27-
distribution: 'temurin'
28-
java-version: '17'
29-
- name: Run PMD
30-
uses: pmd/pmd-github-action@v2
31-
with:
32-
version: 'latest'
33-
sourcePath: './src/main/java'
34-
rulesets: './src/main/resources/maven-pmd-plugin-default.xml'
35-
- name: Fail build if there are violations
36-
if: steps.pmd.outputs.violations != 0
37-
run: exit 1
3821
checkstyle:
3922
runs-on: 'ubuntu-latest'
4023
steps:

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,5 +25,5 @@ RUN chmod +x /code/mvnw
2525
# Build and run steve, requires a db to be available on port 3306
2626
CMD dockerize -wait tcp://mariadb:3306 -timeout 60s && \
2727
./mvnw clean package -Pdocker -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" && \
28-
java -jar target/steve.jar
28+
java -XX:MaxRAMPercentage=85 -jar target/steve.jar
2929

README.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@ Electric charge points using the following OCPP versions are supported:
2525
* OCPP1.6S
2626
* OCPP1.6J
2727

28+
⚠️ Currently, Steve doesn't support [the OCPP-1.6 security whitepaper](https://openchargealliance.org/wp-content/uploads/2023/11/OCPP-1.6-security-whitepaper-edition-3-2.zip) yet (see [#100](https://github.com/steve-community/steve/issues/100)) and anyone can send events to a public steve instance once the chargebox id is known.
29+
Please, don't expose a Steve instance without knowing that risk.
30+
2831
For Charging Station compatibility please check:
2932
https://github.com/steve-community/steve/wiki/Charging-Station-Compatibility
3033

@@ -52,11 +55,6 @@ SteVe is designed to run standalone, a java servlet container / web server (e.g.
5255
CREATE DATABASE stevedb CHARACTER SET utf8 COLLATE utf8_unicode_ci;
5356
CREATE USER 'steve'@'localhost' IDENTIFIED BY 'changeme';
5457
GRANT ALL PRIVILEGES ON stevedb.* TO 'steve'@'localhost';
55-
GRANT SUPER ON *.* TO 'steve'@'localhost';
56-
```
57-
Note: The statement `GRANT SUPER [...]` is only necessary to execute some of the previous migration files and is only needed for the initial database setup. Afterwards, you can remove this privilege by executing
58-
```
59-
REVOKE SUPER ON *.* FROM 'steve'@'localhost';
6058
```
6159
6260
2. Download and extract tarball:

docker-compose.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,15 +13,16 @@ services:
1313
# TODO: Get database migrations to work with the latest point releases of
1414
# MariaDB 10.4.
1515
image: mariadb:10.4.30
16+
restart: unless-stopped
1617
ports:
1718
- 3306:3306
1819
environment:
1920
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
2021
MYSQL_DATABASE: stevedb
2122
MYSQL_USER: steve
2223
MYSQL_PASSWORD: changeme
23-
2424
app:
25+
restart: unless-stopped
2526
build: .
2627
links:
2728
- "db:mariadb"
@@ -40,4 +41,4 @@ services:
4041
volumes:
4142
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
4243
depends_on:
43-
- app
44+
- app

0 commit comments

Comments
 (0)