Andreas Dangel
f147c76577
Update gems - use pmdtester 1.5.4
2023-05-28 09:04:46 +02:00
Andreas Dangel
ae766de203
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/38
Fixes https://github.com/pmd/pmd/security/dependabot/39
Fixes https://github.com/pmd/pmd/security/dependabot/40
2023-04-28 10:28:17 +02:00
Andreas Dangel
11e2a8687e
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/37
Fixes CVE-2023-28120
Fixes https://github.com/advisories/GHSA-pj73-v5mw-pm9j
2023-03-17 10:40:15 +01:00
Andreas Dangel
c3b1317a77
Update gems
2023-02-02 09:37:17 +01:00
Andreas Dangel
9d92528587
Update bundler
2023-01-25 08:56:17 +01:00
Andreas Dangel
6b2f1be14e
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/35
Fixes CVE-2023-22796
Fixes https://github.com/advisories/GHSA-j6gc-792m-qgm2
Fixes https://github.com/pmd/pmd/security/dependabot/36
Fixes https://github.com/advisories/GHSA-636f-xm5j-pj9m
2023-01-25 08:48:34 +01:00
Andreas Dangel
89b947bec5
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/34
Fixes CVE-2022-46648
Fixes https://github.com/advisories/GHSA-pfpr-3463-c6jh
2023-01-10 12:21:27 +01:00
Andreas Dangel
9f5bd42d43
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/31
Fixes CVE-2022-23476
Fixes https://github.com/advisories/GHSA-qv4q-mr5r-qprj
2022-12-08 11:41:02 +01:00
Andreas Dangel
edcfe21131
Update pmdtester and other gems
2022-11-25 15:15:10 +01:00
Andreas Dangel
f54ca8b364
Update gems
2022-10-20 15:53:51 +02:00
Andreas Dangel
241e1e140a
Bump pmdtester from 1.5.1 to 1.5.2
2022-10-20 15:53:32 +02:00
Andreas Dangel
0dcff72455
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/26
Fixes https://github.com/advisories/GHSA-4qw4-jpp4-8gvp
2022-09-24 17:52:56 +02:00
Andreas Dangel
4308aafe92
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/22
TZInfo relative path traversal vulnerability allows loading of arbitrary files
CVE-2022-31163
https://github.com/advisories/GHSA-5cm2-9h8c-rvfx
2022-07-22 14:14:12 +02:00
Andreas Dangel
dc512e8a04
[ci] Update gems
...
- update pmdtester from 1.5.0 to 1.5.1
- update nokogiri from 1.13.5 to 1.13.6
- update activesupport from 6.0.4.8 to 6.0.5
2022-05-12 17:33:54 +02:00
Andreas Dangel
d3880443f7
[ci] Update gems
...
- update pmtester from 1.4.1 to 1.5.0
- update nokogiri from 1.13.4 to 1.13.5
2022-05-06 15:05:20 +02:00
Andreas Dangel
4eb2471939
Update gems
...
Fixes Command injection in ruby-git
(https://github.com/pmd/pmd/security/dependabot/21 )
2022-04-29 12:01:29 +02:00
Andreas Dangel
d09a48ad5f
Update regression-tester and other gems
...
pmd-tester 1.4.1
nokogiri 1.13.4
Fixes the following security alerts:
- Out-of-bounds Write in zlib affects Nokogiri
- XML Injection in Xerces Java affects Nokogiri
- Inefficient Regular Expression Complexity in Nokogiri
- Denial of Service (DoS) in Nokogiri on JRuby
2022-04-12 12:17:01 +02:00
Andreas Dangel
0081e61cfd
Update pmdtester to 1.4.0
2022-03-24 16:46:42 +01:00
Andreas Dangel
b1f85585d4
Revert "REVERT ME - Use pmtester from pmd/pmd-regression-tester#103"
...
This reverts commit 67928910df25574ec41821b60d352e5f32bfe971.
2022-03-24 16:18:51 +01:00
Andreas Dangel
67928910df
REVERT ME - Use pmtester from pmd/pmd-regression-tester#103
...
And also make a change in core to run it
2022-03-18 15:51:15 +01:00
Andreas Dangel
c421e7e646
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/12
2022-03-10 10:58:16 +01:00
Andreas Dangel
691887af00
Update gems (nokogiri and others)
...
Fixes https://github.com/pmd/pmd/security/dependabot/11
Fixes https://github.com/pmd/pmd/security/dependabot/10
2022-02-26 10:39:00 +01:00
Andreas Dangel
ffe8893a3d
Update pmdtester from 1.2.0 to 1.3.0
2021-12-20 19:02:28 +01:00
Andreas Dangel
740968461a
Bump danger from 5.16.1 to 8.4.0
2021-10-15 22:37:23 +02:00
Andreas Dangel
c9077e19ea
Update gems
...
Fixes https://github.com/advisories/GHSA-2rr5-8q37-2w7h
2021-09-30 15:48:48 +02:00
Andreas Dangel
4a519be2d9
Update gems
...
Fixes CVE-2021-32740
Regular Expression Denial of Service in Addressable templates
https://github.com/advisories/GHSA-jxhc-q857-3j6g
2021-07-15 10:43:38 +02:00
Andreas Dangel
d79c2d1a0f
[ci] Bump pmd-regression-tester from 1.1.2 to 1.2.0
2021-06-20 18:43:17 +02:00
Andreas Dangel
0dab8818af
Update gems
2021-05-20 14:26:47 +02:00
Andreas Dangel
c2955e3aa9
Update gems
...
Fixes CVE-2021-28965
https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
2021-05-06 10:12:13 +02:00
Andreas Dangel
9937aed5dc
Update gems, use pmdtester 1.1.2
2021-04-23 11:51:52 +02:00
Andreas Dangel
bbec003287
Update gems
2021-04-01 12:01:18 +02:00
Andreas Dangel
9158c9f439
[ci] Update pmdtester to 1.1.1, disable debug
2021-01-16 10:12:32 +01:00
Andreas Dangel
5ed003c686
Update gems
...
CVE-2020-26247
https://github.com/advisories/GHSA-vr8q-g5c7-m54m
2021-01-07 15:28:06 +01:00
Andreas Dangel
5fffaa90f5
[ci] Update pmdtester to 1.1.0
2020-12-05 15:09:11 +01:00
Andreas Dangel
ff030d1d2d
[ci] Update regression tester
...
* Remove workaround for pre-downloading baseline
and add baseline-download-url option
* Remove unnecessary travis_wait
* Add error-recovery flag
2020-11-25 11:26:16 +01:00
Andreas Dangel
cac03fdb29
[ci] Switch back to pmd/pmd-regression-tester@master
2020-10-28 16:17:11 +01:00
Andreas Dangel
ff6e5278f3
[ci] Update pmd-tester, use auxclasspath
...
This will test pmd/pmd-regression-tester#72
checkstyle:
Add exclude patterns for checkstyle: after compilation,
testresources appear now under target/test-classes
and they don't need to be analyzed again.
Also exclude generated-sources.
2020-10-28 11:49:57 +01:00
Andreas Dangel
6277717dcf
Update gems
...
Fixes CVE-2020-14001 (kramdown)
2020-08-13 09:48:07 +02:00
Andreas Dangel
58d92add5f
Update gems
2020-07-31 14:08:28 +02:00
Andreas Dangel
bb97b693f2
Update pmd-regression-tester 1.0.1
2020-07-08 20:29:26 +02:00
Andreas Dangel
53c581b69a
Update pmd-regression-tester
2020-07-06 21:44:47 +02:00
Andreas Dangel
bc4a1d67eb
Update gems
2020-05-29 09:27:58 +02:00
Andreas Dangel
805d06a690
Update gems
2020-04-25 11:45:13 +02:00
Andreas Dangel
6c4b6b1649
fix:[ci] Danger is failing builds
...
Add Gemfile.lock to pin down the current versions
fixes #2040
2019-09-29 21:24:34 +02:00