Skip to content

Releases: exasol/release-droid

2.0.0 Fix vulnerabilities

Choose a tag to compare

@github-actions github-actions released this 11 Jun 11:31
e59c1fd

This release updates dependencies and you need Java 21 to run release droid.

Security

  • #295: Fixed dependency check vulnerability findings
  • #299: Fixed dependency check vulnerability findings
  • #302: Fixed vulnerability CVE-2023-4759 in org.eclipse.jgit:org.eclipse.jgit
  • #304: Fixed vulnerability CVE-2023-4043 by updating transitive dependency org.eclipse.parsson:parsson
  • #307: Fixed vulnerability CVE-2024-47554 in commons-io:commons-io
  • #311: Fixed failing dependency check

Dependency Updates

Compile Dependency Updates

  • Updated com.atlassian.jira:jira-rest-java-client-core:5.2.4 to 7.0.1
  • Updated com.exasol:error-reporting-java:1.0.1 to 1.0.2
  • Updated com.fasterxml.jackson.core:jackson-databind:2.14.2 to 2.22.0
  • Added com.infradna.tool:bridge-method-annotation:1.31
  • Updated commons-cli:commons-cli:1.5.0 to 1.11.0
  • Updated io.atlassian.fugue:fugue:5.0.0 to 6.1.4
  • Updated jakarta.json:jakarta.json-api:2.1.1 to 2.1.3
  • Updated org.apache.maven:maven-model:3.9.1 to 3.9.16
  • Removed org.codehaus.jettison:jettison:1.5.4
  • Updated org.commonmark:commonmark:0.21.0 to 0.28.0
  • Updated org.eclipse.jgit:org.eclipse.jgit:6.5.0.202303070854-r to 7.7.0.202606012155-r
  • Added org.eclipse.parsson:parsson:1.1.9
  • Updated org.eclipse:yasson:3.0.2 to 3.0.4
  • Updated org.fusesource.jansi:jansi:2.4.0 to 2.4.3
  • Updated org.kohsuke:github-api:1.314 to 1.330
  • Updated org.yaml:snakeyaml:2.0 to 2.6

Runtime Dependency Updates

  • Removed org.springframework:spring-beans:5.3.25

Test Dependency Updates

  • Updated com.exasol:maven-project-version-getter:1.2.0 to 1.2.2
  • Updated nl.jqno.equalsverifier:equalsverifier:3.14.1 to 4.5
  • Updated org.hamcrest:hamcrest:2.2 to 3.0
  • Updated org.junit.jupiter:junit-jupiter:5.9.2 to 6.1.0
  • Removed org.mockito:mockito-core:5.2.0
  • Updated org.mockito:mockito-junit-jupiter:5.2.0 to 5.23.0

Plugin Dependency Updates

  • Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.2 to 0.4.4
  • Updated com.exasol:error-code-crawler-maven-plugin:1.2.2 to 2.0.7
  • Updated com.exasol:project-keeper-maven-plugin:2.9.6 to 5.6.2
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.1
  • Added io.github.git-commit-id:git-commit-id-maven-plugin:10.0.0
  • Removed io.github.zlika:reproducible-build-maven-plugin:0.16
  • Added org.apache.maven.plugins:maven-artifact-plugin:3.6.1
  • Updated org.apache.maven.plugins:maven-assembly-plugin:3.3.0 to 3.8.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.15.0
  • Added org.apache.maven.plugins:maven-dependency-plugin:3.10.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:2.8.2 to 3.1.0
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.2.1 to 3.6.2
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M6 to 3.5.5
  • Updated org.apache.maven.plugins:maven-install-plugin:2.5.2 to 3.1.0
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.5.0
  • Updated org.apache.maven.plugins:maven-resources-plugin:3.2.0 to 3.3.0
  • Updated org.apache.maven.plugins:maven-site-plugin:3.12.0 to 3.12.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M6 to 3.5.5
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.2.0
  • Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.7.3
  • Updated org.codehaus.mojo:versions-maven-plugin:2.14.2 to 2.21.0
  • Updated org.itsallcode:openfasttrace-maven-plugin:1.6.1 to 1.6.2
  • Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.14
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 5.5.0.6356

1.5.1: Fixed Report

Choose a tag to compare

@ckunki ckunki released this 23 Mar 12:27
1cb4f8a

Summary

This release fixes RD's output to report successful validation only once. The changes requested by issue #290 failed to remove the duplicate message.

Features

  • #293: Ensured validation success is reported only once

Dependency Updates

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.9.4 to 2.9.6

1.5.0: Minor Improvements

Choose a tag to compare

@ckunki ckunki released this 21 Mar 09:02
71296ee

Summary

RD now only considers successful runs for estimating the duration of GitHub workflows such as creating a release.

On option -g release RD now additionally first validates the project and continues release only if validation didn't show any failures.

Additionally this release fixes and improves the Release Guide added in version 1.4.0.

  • Moved "edit draft release" to the bottom of the release guide, as this action usually comes last because it needs to wait until RD has created the draft release on github.
  • Add code name to proposed release summary in release guide
  • Enable users to configure the prefix for announcements in file .release-droid/credentials, e.g. "I just released"

Last not least the dependency to org.json:json has been replaced by jakarta.json:jakarta.json-api and org.eclipse.yasson and this release updates dependencies to fix the following vulnerabilities:

Features

  • #272: Changed duration estimate to consider only successful workflow runs
  • #240: Changed RD to always validate the current project before attempting to release
  • #280: Optimized Release Guide
  • #288: Upgraded dependencies to fix vulnerabilities
  • #290: Ensured RD reports validation success only once

Bugfixes

  • #281: Fixed display of shortest common prefix for projects with multiple error codes.

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1
  • Updated com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1 to 2.14.2
  • Added jakarta.json:jakarta.json-api:2.1.1
  • Updated org.apache.maven:maven-model:3.8.6 to 3.9.1
  • Updated org.codehaus.jettison:jettison:1.5.1 to 1.5.4
  • Updated org.commonmark:commonmark:0.19.0 to 0.21.0
  • Updated org.eclipse.jgit:org.eclipse.jgit:6.3.0.202209071007-r to 6.5.0.202303070854-r
  • Added org.eclipse:yasson:3.0.2
  • Removed org.json:json:20220924
  • Updated org.kohsuke:github-api:1.313 to 1.314
  • Updated org.yaml:snakeyaml:1.33 to 2.0

Runtime Dependency Updates

  • Updated org.springframework:spring-beans:5.3.23 to 5.3.25

Test Dependency Updates

  • Updated nl.jqno.equalsverifier:equalsverifier:3.10.1 to 3.14.1
  • Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
  • Updated org.mockito:mockito-core:4.8.0 to 5.2.0
  • Updated org.mockito:mockito-junit-jupiter:4.8.0 to 5.2.0

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.2.1 to 1.2.2
  • Updated com.exasol:project-keeper-maven-plugin:2.9.1 to 2.9.4
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.2.1
  • Updated org.codehaus.mojo:versions-maven-plugin:2.13.0 to 2.14.2
  • Updated org.itsallcode:openfasttrace-maven-plugin:1.5.0 to 1.6.1

1.4.0: Release Guide

Choose a tag to compare

@ckunki ckunki released this 07 Dec 07:58
aa62af6

Summary

Added option to generate a release guide guiding the user through the release process, see details in the User Guide.

Improved warning message for unspecified release platforms.

If user misspells the key release-platforms then RD complained about missing specification of release platforms but was not able to identify a misspelled key, e.g. platforms in the reported issue for repository small-json-files-test-fixture.

The improved warning message is now

E-RD-20: No release platform specified. Please specify at least one release platform either on command line or with key 'release-platforms' in file 'release_config.yml' and re-run the Release Droid.

Bug #278 was caused by dependency jira-rest-java-client-core using an older version of slf4j-api:1.7.30 while there was a direct dependency to the implementation slf4j-simple:2.0.3 and could be fixed by downgrading dependency to slf4j implementation to version slf4j-simple:1.7.36.

Features

  • #275: Generate a release guide.

Bug Fixes

  • #277: Made RD ignore Git tags with unsupported version pattern.
  • #266: Improved warning message for unspecified release platforms.
  • #278: Fixed slf4j error "failed to load class StaticLoggerBinder"

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:0.4.1 to 1.0.0
  • Added com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1
  • Updated org.eclipse.jgit:org.eclipse.jgit:6.2.0.202206071550-r to 6.3.0.202209071007-r
  • Updated org.json:json:20220320 to 20220924
  • Updated org.kohsuke:github-api:1.307 to 1.313

Runtime Dependency Updates

  • Updated org.springframework:spring-beans:5.3.22 to 5.3.23

Test Dependency Updates

  • Updated com.exasol:maven-project-version-getter:1.1.0 to 1.2.0
  • Updated org.junit.jupiter:junit-jupiter:5.9.0 to 5.9.1
  • Updated org.mockito:mockito-core:4.6.1 to 4.8.0
  • Updated org.mockito:mockito-junit-jupiter:4.6.1 to 4.8.0

Plugin Dependency Updates

  • Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.0 to 0.4.2
  • Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.1
  • Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.1
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.3.0
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.13.0

1.3.1: Fix vulnerabilities in dependencies

Choose a tag to compare

@ckunki ckunki released this 27 Sep 14:32
4462f12

Summary

This release fixes CVE-2022-38751 and CVE-2022-38752 in snakeyaml.

Features

  • #264: Added hint to enhance file release_config.yml for warning about unspecified language.

Bug Fixes

  • #267: Fixed vulnerabilities in dependencies.

Dependency Updates

Compile Dependency Updates

  • Added org.codehaus.jettison:jettison:1.5.1
  • Updated org.yaml:snakeyaml:1.31 to 1.33

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.7.0 to 2.8.0

1.3.0: Git Tags For Golang and Minor Improvements

Choose a tag to compare

@ckunki ckunki released this 06 Sep 13:31
139b186

Summary

With this release RD creates appropriate git tags for different types of go sources, see system design.

Features

  • #257: Create appropriate git tags for golang projects, too.
  • #260: Accept groupId in file pom.xml from parent, too.
  • #259: Deprecated release platform Jira to stop creating EXACOM tickets.

Dependency Updates

Compile Dependency Updates

  • Updated org.yaml:snakeyaml:1.30 to 1.31

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.6.2 to 2.7.0

1.2.0: Overall Estimation And Progress Display

Choose a tag to compare

@ckunki ckunki released this 24 Aug 11:58
09d5993

Summary

Release Droid now uses only a single progress display, aggregating the estimations for all configured release platforms and displaying the overall progress.

Features

  • #256: Aggregated estimation for all platforms

1.1.1: Fixed and Improved Output

Choose a tag to compare

@ckunki ckunki released this 18 Aug 06:56
371cbb0

Summary

Fixed display of HTML URL for github releases and supported colored messages even on windows console by using fusesource/jansi.

Features

  • #253: RD supports colored messages in windows console, too.

Bug Fixes

  • #252: RD was printing URL of previous workflow, RD prints URL of current workflow, now.

Dependency Updates

Compile Dependency Updates

  • Added org.fusesource.jansi:jansi:2.4.0

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.6.1 to 2.6.2

1.1.0: Support Multi-module Maven Projects with Additional Improvements

Choose a tag to compare

@ckunki ckunki released this 10 Aug 15:13
638396d

Summary

Support releases of project-keeper again, after PK has been turned into a multi-module maven project.

And a list of additional improvements:

  • Improved usability when displaying progress and status of current release.
  • Warn if file ~/.release-droid/credentials has not been found.
  • Optionally read project language from file release_config.yml.
  • Display link to draft release.
  • Support version numbers starting with letter "v".

Features

  • #228: Enabled to release multi-maven projects.
    Actually only the check for project-keeper-maven-plugin in the pom file has been removed.
  • #238: Added a warning in case file ~/.release-droid/credentials has not been found.
    Saving credentials in this file is expected to be the preferred use case.
  • #231: Enabled to configure project language in file release_config.yml.
  • #242: Display link to draft release, so users conveniently can review the github release and make it final.
  • #245: Added support for version numbers starting with letter "v".
  • #120: Improved display of status and progress.

Documentation

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.maven:maven-model:3.8.5 to 3.8.6
  • Updated org.commonmark:commonmark:0.18.2 to 0.19.0

Runtime Dependency Updates

  • Updated org.springframework:spring-beans:5.3.21 to 5.3.22

Test Dependency Updates

  • Added nl.jqno.equalsverifier:equalsverifier:3.10.1
  • Updated org.junit.jupiter:junit-jupiter:5.8.2 to 5.9.0
  • Updated org.mockito:mockito-core:4.5.1 to 4.6.1
  • Updated org.mockito:mockito-junit-jupiter:4.5.1 to 4.6.1

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.1.2
  • Updated com.exasol:project-keeper-maven-plugin:2.4.6 to 2.6.1
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0

1.0.0: Support for multi maven module projects

Choose a tag to compare

@ckunki ckunki released this 04 Jul 13:53
99680da

Summary

This release adds support for multi maven module projects, prepends version (tag) to Github release title, fixes some bugs.

Features

  • #218: Added support for multi maven module projects
  • #229: Prepended version (tag) to Github release title

Bug Fixes

  • #223: Removed Spring Beans dependency with CVE-2022-22965
  • #222: Fixed executing the JAR by adding a manifest
  • #226: Fixed error when running Jira release
  • #233: Updated dependencies to fix vulnerability ID CVE-2022-22970. Excluded vulnerability ID sonatype-2020-0926 (= CVE-2020-8908) for ossindex-maven-plugin as release-droid does not use guava directly but only via jira-rest-java-client-core and currently there is no newer release of guava available, a potential later fix is tracked in ticket #234.

Dependency Updates

Compile Dependency Updates

  • Updated com.atlassian.jira:jira-rest-java-client-core:5.2.2 to 5.2.4
  • Updated io.atlassian.fugue:fugue:4.7.2 to 5.0.0
  • Updated org.apache.maven:maven-model:3.8.4 to 3.8.5
  • Updated org.commonmark:commonmark:0.18.0 to 0.18.2
  • Updated org.eclipse.jgit:org.eclipse.jgit:5.13.0.202109080827-r to 6.2.0.202206071550-r
  • Updated org.json:json:20210307 to 20220320
  • Updated org.kohsuke:github-api:1.301 to 1.307
  • Updated org.slf4j:slf4j-simple:1.7.32 to 1.7.36
  • Updated org.yaml:snakeyaml:1.29 to 1.30

Runtime Dependency Updates

  • Added org.springframework:spring-beans:5.3.21

Test Dependency Updates

  • Added com.exasol:maven-project-version-getter:1.1.0
  • Updated org.junit.jupiter:junit-jupiter:5.8.1 to 5.8.2
  • Updated org.mockito:mockito-core:4.1.0 to 4.5.1
  • Updated org.mockito:mockito-junit-jupiter:4.1.0 to 4.5.1

Plugin Dependency Updates

  • Added com.exasol:artifact-reference-checker-maven-plugin:0.4.0
  • Updated com.exasol:error-code-crawler-maven-plugin:0.7.1 to 1.1.1
  • Updated com.exasol:project-keeper-maven-plugin:1.3.4 to 2.4.6
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.14 to 0.15
  • Updated org.apache.maven.plugins:maven-clean-plugin:3.1.0 to 3.2.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.8.1 to 3.10.1
  • Added org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M6
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.2.0 to 3.2.2
  • Updated org.apache.maven.plugins:maven-site-plugin:3.9.1 to 3.12.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4 to 3.0.0-M6
  • Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
  • Updated org.codehaus.mojo:versions-maven-plugin:2.8.1 to 2.10.0
  • Updated org.itsallcode:openfasttrace-maven-plugin:1.2.0 to 1.5.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.7 to 0.8.8
  • Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
  • Updated org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0 to 3.2.0