Dependabot/maven/projects/apache cxf/project parent/fuzz targets/maven 54e24642b2#15248
Open
0ai-Cyberviser wants to merge 16 commits intogoogle:masterfrom
Conversation
…ang, fix corpus copying Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/a1668967-46ee-418f-96a4-049e1c8cc7bb Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/a1668967-46ee-418f-96a4-049e1c8cc7bb Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
…d.sh, Dockerfile, project.yaml Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/af52d22e-2d85-45fc-8730-fb6a7a2c9beb Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
Fix hancock OSS-Fuzz integration: use compile_python_fuzzer, fix build config
…anches Fix hancock OSS-Fuzz project integration
Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/8bb39d09-4a6c-4678-9353-a6b31c1412b5 Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
Fix hancock project: deduplicate build.sh and project.yaml from overlapping merges
- Create SECURITY.md with vulnerability reporting guidelines - Create .github/dependabot.yml for automated dependency updates (GitHub Actions, pip, npm, gomod, bundler) - Update .github/workflows/codeql-analysis.yml from deprecated v2 to v3 CodeQL actions, add weekly scheduled scan Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/41c406a0-8905-4b19-b9bd-2e71001dc78d Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
Remove email reporting option that lacked a specific address. Address code review feedback. Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/41c406a0-8905-4b19-b9bd-2e71001dc78d Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
…n-alerts Set up repository security: policy, Dependabot, and CodeQL v3
Bumps the maven group with 3 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core, org.apache.cxf:cxf-rt-frontend-jaxrs and org.apache.cxf:cxf-rt-transports-http. Bumps the maven group with 1 update in the /projects/apache-tika/project-parent/fuzz-targets directory: [org.apache.tika:tika-core](https://github.com/apache/tika). Bumps the maven group with 2 updates in the /projects/async-http-client/project-parent/fuzz-targets directory: [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) and org.eclipse.jetty:jetty-server. Bumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro. Bumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform). Bumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common. Bumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit). Bumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server. Updates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11 Updates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11 Updates `org.apache.cxf:cxf-rt-transports-http` from Fuzzing-SNAPSHOT to 3.1.16 Updates `org.apache.tika:tika-core` from Fuzzing-SNAPSHOT to 3.2.2 - [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt) - [Commits](https://github.com/apache/tika/commits/3.2.2) Updates `org.asynchttpclient:async-http-client` from Fuzzing-SNAPSHOT to 2.0.35 - [Release notes](https://github.com/AsyncHttpClient/async-http-client/releases) - [Commits](https://github.com/AsyncHttpClient/async-http-client/commits/async-http-client-project-2.0.35) Updates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24 Updates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4 Updates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0 - [Commits](https://github.com/eclipse-platform/eclipse.platform/commits) Updates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0 Updates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0 - [Release notes](https://github.com/HtmlUnit/htmlunit/releases) - [Commits](HtmlUnit/htmlunit@HtmlUnit-2.7...3.9.0) Updates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826 Updates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31 Updates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009 --- updated-dependencies: - dependency-name: org.apache.cxf:cxf-core dependency-version: 3.5.11 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.cxf:cxf-rt-frontend-jaxrs dependency-version: 2.6.11 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.cxf:cxf-rt-transports-http dependency-version: 3.1.16 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.tika:tika-core dependency-version: 3.2.2 dependency-type: direct:production dependency-group: maven - dependency-name: org.asynchttpclient:async-http-client dependency-version: 2.0.35 dependency-type: direct:production dependency-group: maven - dependency-name: org.eclipse.jetty:jetty-server dependency-version: 11.0.24 dependency-type: direct:development dependency-group: maven - dependency-name: org.apache.avro:avro dependency-version: 1.11.4 dependency-type: direct:development dependency-group: maven - dependency-name: org.eclipse.platform:org.eclipse.core.runtime dependency-version: 3.29.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.hadoop:hadoop-common dependency-version: 3.4.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.htmlunit:htmlunit dependency-version: 3.9.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.eclipse.jetty:jetty-server dependency-version: 9.4.56.v20240826 dependency-type: direct:production dependency-group: maven - dependency-name: org.eclipse.jetty:jetty-http dependency-version: 12.0.31 dependency-type: direct:production dependency-group: maven - dependency-name: org.eclipse.jetty.http2:http2-server dependency-version: 9.4.53.v20231009 dependency-type: direct:development dependency-group: maven ... Signed-off-by: dependabot[bot] <support@github.com>
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
0ai-Cyberviser is a new contributor to projects/async-http-client. The PR must be approved by known contributors before it can be merged. The past contributors are: hunsche, henryrneh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several infrastructure and dependency management improvements, as well as the addition of a new fuzzing project. The most notable changes are the introduction of automated dependency updates with Dependabot, security policy documentation, the addition of the Hancock fuzzing project, and various dependency version updates across multiple Java fuzzing projects.
Infrastructure and Automation Improvements:
.github/dependabot.ymlto enable automated weekly dependency updates for GitHub Actions, Python, npm, Go, and Ruby ecosystems across relevant directories.codeql-analysis.ymlworkflow to use the latest v3 CodeQL actions, added a scheduled weekly run, and cleaned up configuration. [1] [2]Security and Policy:
SECURITY.mdfile outlining the security vulnerability reporting process, response expectations, and project scope for security issues.New Fuzzing Project:
Dockerfile,build.sh, andproject.yamlconfiguration, enabling automated fuzzing for the Hancock repository. [1] [2] [3]Dependency Version Updates (Java Fuzzing Projects):
Fuzzing-SNAPSHOTor older versions to specific released versions in the following projects:apache-cxfapache-tikaasync-http-client[1] [2]avroeclipse-equinoxhadoophtmlunitjetty[1] [2]