Commit c212d25
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Upgrade: [dependabot] - bump software.amazon.lambda:powertools-logging from 1.18.0 to 1.19.0 (#265)
Bumps
[software.amazon.lambda:powertools-logging](https://github.com/aws-powertools/powertools-lambda-java)
from 1.18.0 to 1.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-powertools/powertools-lambda-java/releases">software.amazon.lambda:powertools-logging's
releases</a>.</em></p>
<blockquote>
<h2>v1.19.0</h2>
<h2>Summary</h2>
<p>This release includes important improvements regarding the project’s
security management. We addressed several CVEs and implemented OpenSSF
Scorecard reporting.</p>
<p>Additionally, we fixed bugs in the Parameters module and improved our
documentation and examples.</p>
<p>Thanks to <a
href="https://github.com/chrisclayson"><code>@chrisclayson</code></a>
and <a
href="https://github.com/jasoniharris"><code>@jasoniharris</code></a>
for reporting and fixing those bugs.</p>
<h2>Security Posture</h2>
<p>We introduced the <a href="https://github.com/ossf/scorecard/">Open
Source Security Foundation (OSSF) Scorecard project</a> to generate
security health metrics, proactive security alerts, and attest we've
been following <a
href="https://bestpractices.coreinfrastructure.org/en/criteria">OSSF
Best Practices</a>.</p>
<p>Thanks to this new reporting mechanism visible to the open-source
community, we addressed multiple CVEs across the project, in particular
<code>log4j</code> and <code>jackson-databind</code> related
findings.</p>
<h2>Changes</h2>
<ul>
<li>chore(deps): Update deps for jackson (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1793">#1793</a>)
by <a href="https://github.com/sthulb"><code>@sthulb</code></a></li>
<li>build(deps): bump log4j.version from 2.22.1 to 2.24.3 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1777">#1777</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>chore(deps): update JSII to 1.108 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1791">#1791</a>)
by <a href="https://github.com/sthulb"><code>@sthulb</code></a></li>
<li>build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1789">#1789</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>chore: Update netty version (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1768">#1768</a>)
by <a href="https://github.com/sthulb"><code>@sthulb</code></a></li>
<li>chore: Set versions of transitive dependencies (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1767">#1767</a>)
by <a href="https://github.com/sthulb"><code>@sthulb</code></a></li>
<li>chore: update Jackson in examples (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1766">#1766</a>)
by <a href="https://github.com/sthulb"><code>@sthulb</code></a></li>
<li>build(deps): bump org.apache.maven.plugins:maven-jar-plugin from
3.4.1 to 3.4.2 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1731">#1731</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.xray.recorder.version from 2.15.3 to 2.18.1
(<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1726">#1726</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.26.29 to 2.27.12 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1724">#1724</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>fix: Allow empty responses as well as null response in AppConfig (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1673">#1673</a>)
by <a
href="https://github.com/chrisclayson"><code>@chrisclayson</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.27.2 to 2.27.7 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1715">#1715</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.26.29 to 2.27.2 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1714">#1714</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.25.26 to 2.26.29 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1713">#1713</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.26.25 to 2.26.29 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1712">#1712</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>chore: deprecate java1.8 al1 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1706">#1706</a>)
by <a
href="https://github.com/jeromevdl"><code>@jeromevdl</code></a></li>
<li>chore: java 1.8 AL1 is deprecated, fix E2E tests (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1692">#1692</a>)
by <a
href="https://github.com/jeromevdl"><code>@jeromevdl</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.26.21 to 2.26.25 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1703">#1703</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.26.3 to 2.26.21 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1697">#1697</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump jackson.version from 2.17.0 to 2.17.2 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1696">#1696</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump org.apache.commons:commons-lang3 from 3.13.0 to
3.14.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1694">#1694</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.1 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1691">#1691</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>docs: improve tracing doc for sdk instrumentation (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1687">#1687</a>)
by <a
href="https://github.com/jeromevdl"><code>@jeromevdl</code></a></li>
<li>docs: fix tracing links for xray (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1686">#1686</a>)
by <a
href="https://github.com/jeromevdl"><code>@jeromevdl</code></a></li>
<li>build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin
from 3.2.5 to 3.3.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1679">#1679</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.25.69 to 2.26.3 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1658">#1658</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from
4.7.3.6 to 4.8.5.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1657">#1657</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin
from 3.3.0 to 3.4.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1653">#1653</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.25.50 to 2.25.69 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1652">#1652</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump org.apache.maven.plugins:maven-source-plugin from
3.3.0 to 3.3.1 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1646">#1646</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1644">#1644</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.xray.recorder.version from 2.15.1 to 2.15.3
(<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1643">#1643</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump aws.sdk.version from 2.25.35 to 2.25.50 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/pull/1642">#1642</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-powertools/powertools-lambda-java/blob/main/CHANGELOG.md">software.amazon.lambda:powertools-logging's
changelog</a>.</em></p>
<blockquote>
<h2>[1.19.0] - 2025-03-07</h2>
<!-- raw HTML omitted -->
<h2>[1.19.0-SNAPSHOT] - 2025-02-25</h2>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/d5e1cc6d0b92285e063452393962d0cd3f541c74"><code>d5e1cc6</code></a>
Update release-drafter.yml (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1795">#1795</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/d28c9d92ab4e4ad9f36def9c85c78349bf670fd5"><code>d28c9d9</code></a>
chore:prep release 1.19.0 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1794">#1794</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/50fdeb32de2aa9b7f8e227a71e3e4eb4d87b48d8"><code>50fdeb3</code></a>
chore(deps): Update deps for jackson (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1793">#1793</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/2051f54842c3c25fa934fbee85079901347572c2"><code>2051f54</code></a>
build(deps): bump log4j.version from 2.22.1 to 2.24.3 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1777">#1777</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/6e22cfccc31cb3f66254cd489e44832431a78ccb"><code>6e22cfc</code></a>
chore(deps): update JSII to 1.108 (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1791">#1791</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/1587a99581580c1a65951ae6637aa0aad4d2dc37"><code>1587a99</code></a>
fix(ci): Add workflow_dispatch to build script (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1792">#1792</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/55017accec6cd6ecba2d9faa9ad8ee3d7e7c7e77"><code>55017ac</code></a>
build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1789">#1789</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/394ab0ccfc99488fafeea4497e4e6df79cb75047"><code>394ab0c</code></a>
fix(ci): add permissions to release workflow</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/d45fb55993ced9a6c8c76ab5d1ac33461bb46a28"><code>d45fb55</code></a>
chore:prep release 1.19.0-SNAPSHOT (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1773">#1773</a>)</li>
<li><a
href="https://github.com/aws-powertools/powertools-lambda-java/commit/dc65dbe5a72b4cffddbf3d210bb7bfa2ae0682f0"><code>dc65dbe</code></a>
chore(ci): Remove RELEASE variable (<a
href="https://redirect.github.com/aws-powertools/powertools-lambda-java/issues/1772">#1772</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-powertools/powertools-lambda-java/compare/v1.18.0...v1.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 1922d8c commit c212d25
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
119 | 119 | | |
120 | 120 | | |
121 | 121 | | |
122 | | - | |
| 122 | + | |
123 | 123 | | |
124 | 124 | | |
125 | 125 | | |
| |||
0 commit comments