eclipse-ee4j / grizzly

Grizzly
https://eclipse-ee4j.github.io/grizzly
Other
149 stars 70 forks source link

Bump junit from 4.13 to 4.13.1 #2105

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 4 years ago

Bumps junit from 4.13 to 4.13.1.

Release notes

Sourced from junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

Changelog

Sourced from junit's changelog.

Summary of changes in version 4.13.1

Rules

Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later

A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published security advisory for details.

Test Runners

[Pull request #1669:](junit-team/junit#1669) Make FrameworkField constructor public

Prior to this change, custom runners could make FrameworkMethod instances, but not FrameworkField instances. This small change allows for both now, because FrameworkField's constructor has been promoted from package-private to public.

Commits
  • 1b683f4 [maven-release-plugin] prepare release r4.13.1
  • ce6ce3a Draft 4.13.1 release notes
  • c29dd82 Change version to 4.13.1-SNAPSHOT
  • 1d17486 Add a link to assertThrows in exception testing
  • 543905d Use separate line for annotation in Javadoc
  • 510e906 Add sub headlines to class Javadoc
  • 610155b Merge pull request from GHSA-269g-pwp5-87pp
  • b6cfd1e Explicitly wrap float parameter for consistency (#1671)
  • a5d205c Fix GitHub link in FAQ (#1672)
  • 3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (#1660)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/eclipse-ee4j/grizzly/network/alerts).
MattGill98 commented 3 years ago

@arjantijms Looks like a legit change, but dependabot hasn't signed an ECA 😆 What would we normally do here? Shall I close this and open my own PR?

arjantijms commented 3 years ago

@MattGill98 I'm not 100% certain either. I've seen it go both ways. I'll ask again on the PMC list to be sure.

dependabot[bot] commented 2 years ago

Looks like junit:junit is up-to-date now, so this is no longer needed.