Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the minorandpatch group in /backend with 2 updates #2348

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 29, 2024

Bumps the minorandpatch group in /backend with 2 updates: org.flywaydb:flyway-database-postgresql and org.tukaani:xz.

Updates org.flywaydb:flyway-database-postgresql from 10.16.0 to 10.17.0

Updates org.tukaani:xz from 1.9 to 1.10

Changelog

Sourced from org.tukaani:xz's changelog.

1.10 (2024-07-29)

  • Licensing change: From version 1.10 onwards, XZ for Java is under the BSD Zero Clause License (0BSD). 1.9 and older are in the public domain and obviously remain so; the change only affects the new releases.

    0BSD is an extremely permissive license which doesn't require retaining or reproducing copyright or license notices when distributing the code, thus in practice there is extremely little difference to public domain.

  • Mark copyright and license information in the source package so that it is compliant to the REUSE Specification version 3.2.

  • Improve LZMAInputStream.enableRelaxedEndCondition():

    • Error detection is slightly better.

    • The input position will always be at the end of the stream after successful decompression.

  • Support .lzma files that have both a known uncompressed size and the end marker. Such files are uncommon but valid. The same issue was fixed in XZ Utils 5.2.6 in 2022.

  • Add ARM64 and RISC-V BCJ filters.

  • Speed optimizations:

    • Delta filter
    • LZMA/LZMA2 decoder
    • LZMA/LZMA2 encoder (partially Java >= 9 only)
    • CRC64 (Java >= 9 only)
  • Changes that affect API/ABI compatibility:

    • Change XZOutputStream constructors to not call the method public void updateFilters(FilterOptions[] filterOptions).

    • In SeekableXZInputStream, change the method public void seekToBlock(int blockNumber) to not call the method public long getBlockPos(int blockNumber).

    • Make the filter options classes final:

      • ARM64Options
      • ARMOptions
      • ARMThumbOptions
      • DeltaOptions

... (truncated)

Commits
  • 0f5ee02 Bump the version number to 1.10
  • 4cd5a8b Update NEWS.md for 1.10
  • 21edbdf README.md: Add a section about reproducible builds
  • 372dc48 README.md: Use a subheading for old build environments
  • 5ec1e8e build.xml: Add Build-Jdk-Spec to MANIFEST.MF
  • 2103742 build.xml: Make MANIFEST.MF friendlier to reproducible builds
  • d18a12a build.xml: Use <macrodef> to make JARs of the demo programs
  • 39b7371 build.xml: Add SOURCE_DATE_EPOCH support
  • 5689e64 build.xml: Change the "pom" target to use unversioned filename
  • 7f4ccd6 Simplify building with OpenJDK 8
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minorandpatch group in /backend with 2 updates: org.flywaydb:flyway-database-postgresql and [org.tukaani:xz](https://github.com/tukaani-project/xz-java).


Updates `org.flywaydb:flyway-database-postgresql` from 10.16.0 to 10.17.0

Updates `org.tukaani:xz` from 1.9 to 1.10
- [Release notes](https://github.com/tukaani-project/xz-java/releases)
- [Changelog](https://github.com/tukaani-project/xz-java/blob/master/NEWS.md)
- [Commits](tukaani-project/xz-java@v1.9...v1.10)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-database-postgresql
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minorandpatch
- dependency-name: org.tukaani:xz
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minorandpatch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java labels Jul 29, 2024
@anna-parker
Copy link
Contributor

@dependabot rebase

Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 2, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Aug 2, 2024
@dependabot dependabot bot deleted the dependabot/gradle/backend/minorandpatch-b8d47a04c3 branch August 2, 2024 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant