search

CourseOrchestra / celesta

DB migrations, SQL & testing for Java
https://courseorchestra.github.io/celesta/en
Apache License 2.0
75 stars 17 forks source link

Bump asciidoctor-maven-plugin from 2.2.2 to 2.2.3 #517

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps asciidoctor-maven-plugin from 2.2.2 to 2.2.3.

Release notes

Sourced from asciidoctor-maven-plugin's releases.

v2.2.3

V2.2.3 is fix release for several CVEs related to netty-codec-http. Special thanks to @​JanWesterkamp-iJUG for bringing the topic and the support provided.

Is important to note, that netty-codec-http is used ONLY for preview goals auto-refresh and http, and have no impact in normal conversion using process-asciidoc.

This release also includes some fixes ported from main branch listed below. As always, thanks to all contributors! Specially those taking time providing report issues and feedback đź‘Ť

Fixes

  • #610 Fixed default value for eruby which caused a failure when using erb templates. Thanks (@​mokdeve) for reporting.

Documentation

Build / Infrastructure

  • #620 Upgrade Asciidoctorj to v2.5.7 and jRuby to v9.3.8.0
  • #625 Bump Doxia to v1.12.0 and test with maven-site-plugin v3.12.1
  • #620 Bump netty-codec-http to v4.1.90.Final, fixes several CVEs
  • #622 Delete unused TravisCI configuration
  • #623 Bump Maven build plugins
  • #624 Bump GH 'checkout' and 'setup-java' to v3

Release Meta

Released on: 2023-03-18 Released by: @​abelsromero Soundtrack: Dimensions (Devin Townsend)

Changelog

Sourced from asciidoctor-maven-plugin's changelog.

== v2.2.3 (2023-03-18)

Bug Fixes::

  • Fixed default value for eruby which caused a fail when using erb templates (#610)

Build / Infrastructure::

  • Bump Doxia to v1.11.1 and maven-site-plugin in IT to 3.12.0 (#579)
  • Bump netty-codec-http to v4.1.77.Final (fix CVE-2021-21290) (#582)
  • Upgrade Asciidoctorj to v2.5.4 and jRuby to v9.3.4.0 (#584)
  • Upgrade Asciidoctorj to v2.5.5 (#591)
  • Upgrade build related Maven plugins to the latest versions (#606)
  • Upgrade Asciidoctorj to v2.5.7 (#604)
  • Bump netty-codec-http to v4.1.90.Final (fix several CVEs)
  • Delete unused TravisCI configuration (#622)
  • Bump Maven build plugins (#623)
  • Bump GH 'checkout' and 'setup-java' to v3 (#624)
  • Bump Doxia to v1.12.0 and maven-site-plugin in IT to 3.12.1 (#625)

Documentation::

Commits
  • 31078f6 [maven-release-plugin] prepare release asciidoctor-maven-plugin-2.2.3
  • 7154d78 Update properties in docs for v2.2.3 release (#626)
  • 4911ef3 Bump Doxia to v1.12.0 and maven-site-plugin in IT to 3.12.1 (#625)
  • 1b58db1 Bump GH actions checkout and setup-java to v3 (#624)
  • 31acf36 Bump build plugin dependencies (#623)
  • fd84281 Delete TravisCI configuration, now unused (#622)
  • 74c1013 Enable CI pipelines for 2.2.x branch PRs (#621)
  • 0c69ceb Bump netty-codec-http to latest v4.1.90.Final
  • 49e8301 Bump AsciidoctorJ to v2.5.7
  • b1042d2 Fixes conversion failure when using erb template
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)