search

eclipse-arrowhead / core-java-spring

Eclipse Public License 2.0
26 stars 51 forks source link

Bump sshd-core from 2.4.0 to 2.7.0 in /mscv #397

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps sshd-core from 2.4.0 to 2.7.0.

Changelog

Sourced from sshd-core's changelog.

Version 2.3.0 to 2.4.0

Version 2.4.0 to 2.5.0

Version 2.5.0 to 2.5.1

Version 2.5.1 to 2.6.0

Version 2.6.0 to 2.7.0

Version 2.7.0 to 2.8.0

Planned for next version

Major code re-factoring

Asynchronous API for making SSH global requests

A new API in Session is introduced for making SSH global requests and handling the reply asynchronously.

public GlobalRequestFuture request(Buffer buffer, String request, ReplyHandler replyHandler) throws IOException;

The Buffer is supposed to contain the full request, including the request name (for instance, "tcpip-forward"), the want-reply flag, and any additional data needed. There are several possible ways to use it.

  • want-reply=true and replyHandler != null: the methods sends the request and returns a future that is fulfilled when the request was actually sent. The future is fulfilled with an exception if sending the request failed, or with null if it was sent successfully. Once the reply is received, the handler is invoked with the SSH command (SSH_MSG_REQUEST_SUCCESS, SSH_MSG_REQUEST_FAILURE, or SSH_MSG_UNIMPLEMENTED) and the buffer received.
  • want-reply=true and replyHandler == null: the method sends the request and returns a future that is fulfilled with an exception if sending it failed, or if a SSH_MSG_REQUEST_FAILURE or SSH_MSG_UNIMPLEMENTED reply was received. Otherwise the future is fulfilled with the received Buffer once the reply has been received.
  • want-reply=false: the method sends the request and returns a future that is fulfilled when the request was actually sent. The future is fulfilled with an exception if sending the request failed, or with an empty buffer if it was sent successfully. If replyHandler != null, it is invoked with an empty buffer once the request was sent.

If the method throws an IOException, the request was not sent, and the handler will not be invoked.

Potential compatibility issues

Changes that may affect existing code

A new SFTP configuration property has been introduced that limits the maximum amount of data that can be sent in a single SSH_FXP_WRITE packet - default=256KB

... (truncated)

Commits
  • 2772c7c [maven-release-plugin] prepare release sshd-2.7.0
  • c5500e9 Add changelog for 2.7.0
  • 9a724be [SSHD-525] Server side implementation of posix-rename@openssh.com
  • 4dad0d7 [SSHD-1145] Deprecate ReflectionUtils#isClassAvailable and use ThreadUtils#re...
  • db7cbdc [SSHD-1158] Don't send channel EOF after having received channel CLOSE
  • 60b50f9 [SSHD-1141] DefaultClientKexExtensionHandler: ensure list is modifiable
  • 797d887 Updated Netty version to 4.1.63
  • 4bfeca3 Updated PMD version to 6.33.0
  • f7a2ae3 Updated Checkstyle version to 8.41.1
  • 0a3f5da Updated Spring Core version to 5.3.6
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/eclipse-arrowhead/core-java-spring/network/alerts).
borditamas commented 1 year ago

@mzsilak This alert is related to mscv. Could you please check that we can merge it or not? Thanks!