search

OpenAF / openaf

A Java & Javascript based "swiss-army knife" scripting DevOps tool for different automation challenges with minimal requirements and footprint, extensible through packages (opacks).
https://openaf.io
Apache License 2.0
11 stars 6 forks source link

chore(deps): bump dnsjava:dnsjava from 3.6.1 to 3.6.2 #1101

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps dnsjava:dnsjava from 3.6.1 to 3.6.2.

Release notes

Sourced from dnsjava:dnsjava's releases.

v3.6.2

Changelog

Sourced from dnsjava:dnsjava's changelog.

09/21/2024

07/28/2024

  • 3.6.1 released
  • Properly fix LookupSession doesn't cache CNAMEs (#316)
  • Move JEP-418 SPI to Java 18 to support EOL workflows (#329)

07/21/2024

  • 3.6.0 released
  • Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw) Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@​bellebaum) and Martin Schanzenbach (@​schanzen) for reporting and assisting me with this issue.
  • Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf) Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
  • Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr) NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
  • Fix running all DNSSEC on the specified executor
  • Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
  • Add A/AAAA record constructor with IP address byte array
  • Validate DS record digest lengths (#250)
  • Fix NPE in SimpleResolver on invalid responses (#277)
  • Add support for JEP 418: Internet-Address Resolution SPI (#290)
  • Full JPMS support (#246)
  • Pluggable I/O for SimpleResolver (@​chrisruffalo, #253)
  • UDP port leak in SimpleResolver (#318)
  • Fix clean shutdown in app containers when never used (#319)
  • Fix concurrency issue in I/O clients (#315, #323)
  • LookupSession doesn't cache CNAMEs (#316)
  • SimpleResolver can fail with UPDATE response (#322)
  • Replace synchronization in Zone with locks (#305, based on work from @​srijeet0406 in #306)

11/11/2023

  • 3.5.3 released
  • Fix CNAME in LookupSession (#279)
  • Fix Name constructor failing with max length, relative name and root origin (#289, @​MMauro94)
  • Add config option for Resolver I/O timeout (#273, @​vmarian2)
  • Extend I/O logging
  • Prevent exception during TCP I/O with missing or truncated length prefix
  • Use internal base64 codec for Android compatibility (#271)
  • Fix multi-message TSIG stream verification for pre-RFC8945

... (truncated)

Commits
  • 81148ca Release v3.6.2
  • 6c519f2 Fix compiling on Java 8
  • 2885bdd Update example to include current and next IANA trust anchor
  • 8f8f91e Allow loading cache from InputStream
  • 1984e36 Additional test for #334
  • 6e1786e 334, added test case demonstrating SOA replace.
  • fd05465 Zone now constructs successfully even when the input records include a SOA wi...
  • 5af97d6 Added comment
  • 7a2a599 Add new IANA Trust Anchor
  • dcffe8c Return to -snapshot
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
nmaguiar commented 1 month ago

@dependabot rebase

dependabot[bot] commented 1 month ago

Looks like dnsjava:dnsjava is up-to-date now, so this is no longer needed.