navicore/navi-xml
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Update dependency sbt/sbt to v1.8.3 #26

Merged
renovate[bot] merged 1 commit from renovate/sbt-sbt-1.x into master 2023-06-01 00:50:44 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate[bot] commented 2023-06-01 00:19:53 +00:00 (Migrated from github.com)
Copy link

Mend Renovate

This PR contains the following updates:

Package Update Change
sbt/sbt patch 1.8.2 -> 1.8.3

Release Notes

sbt/sbt

v1.8.3: 1.8.3

Compare Source

Security fix
IO.withTemporaryFile fix

sbt 1.8.3 fixes sbt.io.IO.withTemporaryFile etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using java.io.File.createTempFile, which does not set strict file permissions, as opposed to the NIO-equivalent that does.

This means that on a shared Unix-like systems, build user or plugin's use of sbt.io.IO.withTemporaryFile etc would have exposed the information to other users.

This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota (@​eed3si9n) in io#​344/zinc#​1185.

Other updates

sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well.

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [sbt/sbt](https://togithub.com/sbt/sbt) | patch | `1.8.2` -> `1.8.3` | --- ### Release Notes <details> <summary>sbt/sbt</summary> ### [`v1.8.3`](https://togithub.com/sbt/sbt/releases/tag/v1.8.3): 1.8.3 [Compare Source](https://togithub.com/sbt/sbt/compare/v1.8.2...v1.8.3) ##### Security fix - Fixes `sbt.io.IO.withTemporaryFile` not limiting access on Unix-like systems in [io#&#8203;344][io344]/[zinc#&#8203;1185][zinc1185] by [@&#8203;eed3si9n][@&#8203;eed3si9n] ##### IO.withTemporaryFile fix sbt 1.8.3 fixes `sbt.io.IO.withTemporaryFile` etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using `java.io.File.createTempFile`, which does not set strict file permissions, as opposed to the NIO-equivalent that does. This means that on a shared Unix-like systems, build user or plugin's use of `sbt.io.IO.withTemporaryFile` etc would have exposed the information to other users. This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota ([@&#8203;eed3si9n][@&#8203;eed3si9n]) in [io#&#8203;344][io344]/[zinc#&#8203;1185][zinc1185]. ##### Other updates sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well. - Fixes Zinc incremental compilation looping infinitely [zinc#&#8203;1182][zinc1182] by [@&#8203;CarstonSchilds][@&#8203;CarstonSchilds] - Fixes spurious whitespace in the runner script by [@&#8203;keynmol][@&#8203;keynmol] in [#&#8203;7134][7134] - Fixes NullPointerError under `-Vdebug` by [@&#8203;som-snytt][@&#8203;som-snytt] in [zinc#&#8203;1141][zinc1141] - Avoids deprecated `java.net.URL` constructor by [@&#8203;xuwei-k][@&#8203;xuwei-k] in [io#&#8203;341][io341] - Updates to Swoval 2.1.10 by [@&#8203;eatkins][@&#8203;eatkins] in [io#&#8203;343][io343] - Notifies `ClassFileManager` from `IncOptions` in `Incremental.prune` by [@&#8203;lrytz] in [zinc1148][zinc1148] - Adds `FileFilter.nothing` and `FileFilter.everything` by [@&#8203;mdedetrich][@&#8203;mdedetrich] in [io#&#8203;340][io340] [@&#8203;eed3si9n]: https://togithub.com/eed3si9n [@&#8203;Nirvikalpa108]: https://togithub.com/Nirvikalpa108 [@&#8203;adpi2]: https://togithub.com/adpi2 [@&#8203;er1c]: https://togithub.com/er1c [@&#8203;eatkins]: https://togithub.com/eatkins [@&#8203;dwijnand]: https://togithub.com/dwijnand [@&#8203;ckipp01]: https://togithub.com/ckipp01 [@&#8203;mdedetrich]: https://togithub.com/mdedetrich [@&#8203;xuwei-k]: https://togithub.com/xuwei-k [@&#8203;nrinaudo]: https://togithub.com/nrinaudo [@&#8203;CarstonSchilds]: https://togithub.com/CarstonSchilds [@&#8203;som-snytt]: https://togithub.com/som-snytt [@&#8203;lrytz]: https://togithub.com/lrytz [@&#8203;dragos]: https://togithub.com/dragos [@&#8203;keynmol]: https://togithub.com/keynmol [@&#8203;mzuehlke]: https://togithub.com/mzuehlke [@&#8203;yoshinorin]: https://togithub.com/yoshinorin [@&#8203;liang3zy22]: https://togithub.com/liang3zy22 [@&#8203;adriaanm]: https://togithub.com/adriaanm [7096]: https://togithub.com/sbt/sbt/pull/7096 [7215]: ttps://github.com/sbt/sbt/pull/7215 [7191]: https://togithub.com/sbt/sbt/pull/7191 [7228]: https://togithub.com/sbt/sbt/pull/7228 [7134]: https://togithub.com/sbt/sbt/pull/7134 [7165]: https://togithub.com/sbt/sbt/pull/7165 [7154]: https://togithub.com/sbt/sbt/pull/7154 [7227]: https://togithub.com/sbt/sbt/pull/7227 [7171]: https://togithub.com/sbt/sbt/pull/7171 [7234]: https://togithub.com/sbt/sbt/pull/7234 [zinc1182]: https://togithub.com/sbt/zinc/pull/1182 [zinc1141]: https://togithub.com/sbt/zinc/pull/1141 [zinc1148]: https://togithub.com/sbt/zinc/pull/1148 [lm410]: https://togithub.com/sbt/librarymanagement/pull/410 [lm411]: https://togithub.com/sbt/librarymanagement/pull/411 [lm413]: https://togithub.com/sbt/librarymanagement/pull/413 [lm415]: https://togithub.com/sbt/librarymanagement/pull/415 [io340]: https://togithub.com/sbt/io/pull/340 [io341]: https://togithub.com/sbt/io/pull/341 [io343]: https://togithub.com/sbt/io/pull/343 [coursier2633]: https://togithub.com/coursier/coursier/pull/2633 [io344]: https://togithub.com/sbt/io/pull/344 [zinc1185]: https://togithub.com/sbt/zinc/pull/1185 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/navicore/navi-xml). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMDUuMiIsInVwZGF0ZWRJblZlciI6IjM1LjEwNS4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
navicore/navi-xml!26
No description provided.