allenday / gcp-popgen

Population Genetics on Google Cloud Platform
1 stars 3 forks source link

Bump htsjdk from 2.20.3 to 3.0.1 #15

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps htsjdk from 2.20.3 to 3.0.1.

Release notes

Sourced from htsjdk's releases.

3.0.1

Fix for a long standing vulnerability around temporary directory creation which could expose data to malicious users with access to a shared system. See for more information #1617

Compatibility note:

The previous implementation of IOUtil.createTempDir() could accept a prefix with a complete file path: IOUtil.createTempDir("path/to/my/tempdir/prefix", ""). The new implementation will now throw in that case. You can use Files.createTemporaryDirectory(path, prefix) for those use cases instead.

4a4024a97 Fix temporary directory hijacking or temporary directory information disclosure (#1621) 9fd0ecf21 Disable codecov until we can fix the uploader (#1622) 347c0ac57 Fix EdgeReadIterator (#1616) d15a5bacb Added ULTIMA and ELEMENT as valid value for RG-PL according to SAM spec. (#1619)

3.0.0

Htsjdk 3.0.0: Revenge of the Simple Allele

This is the first htsjdk with a major version increase in a long time. We bumped it to indicate there are some breaking changes that will potentially require downstream code changes. Notably, Allele became an interface instead of a concrete class. SimpleAllele may be used as a replacement if you have classes which previously subclassed allele.

New Plugin Infrastructure: 6a60de7c2 Move API marker annotations into new annotation package. (#1558) 7ac95d5f7 Plugin framework and interfaces for versioned file format codecs (#1525) d40fe5412 Beta implementation of Bundles. (#1546)

CRAM 489c4192d Support CRAM reference regions. (#1605) 22aec6782 Fix decoding of CRAM Scores read feature during normalization. (#1592) 6507249a4 Make the CRAM MD5 failure message more user friendly. (#1607) b5af659e6 Fix restoration of read base feature code. #1379 (#1590) e63c34a92 Ignore TC, TN on CRAM read (#1578)

BAM/SAM 1449dec45 Support loading of CSI from URLs/streams. #1507 (#1595) a38c78d6c Add an option to SAMFileWriter to disable checking of ordering of rec… (#1599) 51aa6ed2b Validate that SAM header tag keys are exactly 2 characters long (#1561) fbd9e96d5 Deprecate OTHER as a PL value (#1552) d5f7e106b Adding PL Tag 'DNBSEQ' as the Platform/Technology for BGI/MGI (#1547)

Misc Improvements f461401e3 Silence AsciiLineReader warning when creating a FASTA sequence index (#1559) 8f82871c1 Update explain samflags script to python3 (#1585) 4ba4c0678 Update to new version of the snappy library which will work with M1 macs (#1580) e92706452 add predicate to GFF3Codec to give a chance to filter out some unused attributes (#1575) c647764b0 Some long reads tests using PacBio data. (#1564) 57c3f03eb remove hardcoded .idx (#1568) a94a32512 Add file extension to missing index error message #1512 (#1567) 74b827b67 Improve error message in IntervalTree (#1545) 7719274fe Htsget POST request support (#1529)

VCF: aac46ee6d Added GVCF mode for VariantContext type determination (#1544) d72d73b01 Add context to exception when the vcf file is invalid #1565 (#1566)

... (truncated)

Commits
  • 4a4024a Fix temporary directory hijacking or temporary directory information disclosu...
  • 9fd0ecf Disable codecov until we can fix the uploader (#1622)
  • 347c0ac Fix EdgeReadIterator (#1616)
  • d15a5ba Added ULTIMA and ELEMENT as valid value for RG-PL according to SAM spec. (#1619)
  • 489c419 Support CRAM reference regions. (#1605)
  • f461401 Silence AsciiLineReader warning when creating a FASTA sequence index (#1559)
  • 1449dec Support loading of CSI from URLs/streams. #1507 (#1595)
  • 22aec67 Fix decoding of CRAM Scores read feature during normalization. (#1592)
  • 70e4259 Remove unnecessary println in test (#1602)
  • 6507249 Make the CRAM MD5 failure message more user friendly. (#1607)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/allenday/gcp-popgen/network/alerts).