glefloch
Repos
58
Followers
31
Following
138

Quarkus: Supersonic Subatomic Java.

1
0

Quarkus quickstart code

0
0

This repo contains a sample project to play with actions

0
0

Mockk Quarkus Extension

10
3

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

0
0

Events

Update Gradle Wrapper from 7.5.1 to 7.6.

Signed-off-by: gradle-update-robot gradle-update-robot@regolo.cc

Created at 21 hours ago
pull request closed
Update Gradle Wrapper from 7.5.1 to 7.6

Update Gradle Wrapper from 7.5.1 to 7.6.

Read the release notes: https://docs.gradle.org/7.6/release-notes.html


The checksums of the Wrapper JAR and the distribution binary have been successfully verified.

  • Gradle release: 7.6
  • Distribution (-bin) zip checksum: 7ba68c54029790ab444b39d7e293d3236b2632631fb5f2e012bb28b4ff669e4b
  • Wrapper JAR Checksum: c5a643cf80162e665cc228f7b16f343fef868e47d3a4836f62e18b7e17ac018a

You can find the reference checksum values at https://gradle.org/release-checksums/


🤖 This PR has been created by the Update Gradle Wrapper action.

If something doesn't look right with this PR please file an issue here.

Created at 21 hours ago
create branch
glefloch create branch bump/gradle-7.6
Created at 1 day ago
pull request opened
Bump Gradle to version 7.6

This bumps gradle to 7.6 with java 19 support !

Created at 1 day ago
glefloch delete branch dependabot/maven/quarkus.version-2.14.2.Final
Created at 2 days ago

Bump quarkus.version from 2.14.1.Final to 2.14.2.Final

Bumps quarkus.version from 2.14.1.Final to 2.14.2.Final.

Updates quarkus-bom from 2.14.1.Final to 2.14.2.Final

Updates quarkus-maven-plugin from 2.14.1.Final to 2.14.2.Final


updated-dependencies:

  • dependency-name: io.quarkus:quarkus-bom dependency-type: direct:production update-type: version-update:semver-patch
  • dependency-name: io.quarkus:quarkus-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #167 from quarkiverse/dependabot/maven/quarkus.version-2.14.2.Final

Created at 2 days ago
pull request closed
Bump quarkus.version from 2.14.1.Final to 2.14.2.Final

Bumps quarkus.version from 2.14.1.Final to 2.14.2.Final. Updates quarkus-bom from 2.14.1.Final to 2.14.2.Final

Updates quarkus-maven-plugin from 2.14.1.Final to 2.14.2.Final

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 2 days ago
issue comment
Bump jackson-bom from 2.14.0 to 2.14.1

@gsmet i don't think something is broken, this looks like a flaky test. I will add this to my todo list

Created at 4 days ago

Add skipProject option

Signed-off-by: adam siklosi adam-siklosi@users.noreply.github.com

Created at 6 days ago
pull request closed
Add skipProject option

#77

As far as I see currently you have two options to use the plugin:

1.) Apply it on the root project --> Cannot skip subprojects 2.) Apply it on subprojects separately --> Produces a bom file per subproject. You need to combine those files manually later using cyclonedx-cli merge -> so why use the plugin at all --> Combining subprojects bom results cause duplications and huge files

This PR adds an option to skip the root and subprojects.

Created at 6 days ago

build(deps): bump cyclonedx-core-java from 7.2.1 to 7.3.0

Bumps cyclonedx-core-java from 7.2.1 to 7.3.0.


updated-dependencies:

  • dependency-name: org.cyclonedx:cyclonedx-core-java dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Created at 6 days ago
pull request closed
build(deps): bump cyclonedx-core-java from 7.2.1 to 7.3.0

Bumps cyclonedx-core-java from 7.2.1 to 7.3.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 6 days ago
glefloch delete branch dependabot/maven/quarkus.version-2.14.1.Final
Created at 1 week ago

Bump quarkus.version from 2.14.0.Final to 2.14.1.Final

Bumps quarkus.version from 2.14.0.Final to 2.14.1.Final.

Updates quarkus-bom from 2.14.0.Final to 2.14.1.Final

Updates quarkus-maven-plugin from 2.14.0.Final to 2.14.1.Final


updated-dependencies:

  • dependency-name: io.quarkus:quarkus-bom dependency-type: direct:production update-type: version-update:semver-patch
  • dependency-name: io.quarkus:quarkus-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #166 from quarkiverse/dependabot/maven/quarkus.version-2.14.1.Final

Created at 1 week ago
pull request closed
Bump quarkus.version from 2.14.0.Final to 2.14.1.Final

Bumps quarkus.version from 2.14.0.Final to 2.14.1.Final. Updates quarkus-bom from 2.14.0.Final to 2.14.1.Final

Updates quarkus-maven-plugin from 2.14.0.Final to 2.14.1.Final

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 1 week ago
Bump mockk from 1.12.4 to 1.13.2

@dependabot close

Created at 1 week ago
glefloch delete branch dependabot/maven/io.quarkiverse-quarkiverse-parent-11
Created at 1 week ago

Bump quarkiverse-parent from 10 to 11

Bumps quarkiverse-parent from 10 to 11.


updated-dependencies:

  • dependency-name: io.quarkiverse:quarkiverse-parent dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #164 from quarkiverse/dependabot/maven/io.quarkiverse-quarkiverse-parent-11

Bump quarkiverse-parent from 10 to 11

Created at 1 week ago
pull request opened
Bump mockk to 1.13.2

bumps mockk component

Created at 1 week ago
create branch
glefloch create branch bump/mockk-1.13.2
Created at 1 week ago
glefloch delete branch fix/230
Created at 1 week ago
pull request closed
Keep first track of dependency

close #230

Created at 1 week ago
A component's dependencies are lost if it's depended on by multiple components

Hi team,

I noticed that there is a bug in CycloneDxTask.buildDependencyGraph.

private Map<String, org.cyclonedx.model.Dependency> buildDependencyGraph(Map<String, org.cyclonedx.model.Dependency> dependenciesSoFar, ResolvedDependency resolvedDependency, ResolvedArtifact jarArtifact) {
    String dependencyPurl = generatePackageUrl(jarArtifact);
    org.cyclonedx.model.Dependency dependency = new org.cyclonedx.model.Dependency(dependencyPurl);
    if (dependenciesSoFar.put(dependencyPurl, dependency) != null){  // NOTICE HERE
        return dependenciesSoFar;
    }
    for (ResolvedDependency childDependency : resolvedDependency.getChildren()) {
        ResolvedArtifact childJarArtifact = getJarArtifact(childDependency);
        if (childJarArtifact != null) {
            dependency.addDependency(new org.cyclonedx.model.Dependency(generatePackageUrl(childJarArtifact)));
            buildDependencyGraph(dependenciesSoFar, childDependency, childJarArtifact);
        }
    }
    return dependenciesSoFar;
}

if the map dependenciesSoFar already contains the key dependencyPurl, dependenciesSoFar.put() will replace the old value with the new one which has no dependencies. And then it returns immediately so the dependencies of the new org.cyclonedx.model.Dependency object in the map will never be updated.

This can be easily reproduced by a project with dependencies as follows since the two components all depends on io.quarkus:quarkus-jackson:

dependencies {
    implementation("io.quarkus:quarkus-resteasy-jackson")
    implementation("io.quarkus:quarkus-rest-client-jackson")
}

And it can be fixed just like this:

    if (dependenciesSoFar.containsKey(dependencyPurl)){
        return dependenciesSoFar;
    }
    dependenciesSoFar.put(dependencyPurl, dependency);

Hope this can help you.

Regards

Created at 1 week ago