dependabot[bot]
|
2641901240
|
build(deps): bump io.mockk:mockk from 1.13.4 to 1.13.5 (#48)
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.4 to 1.13.5.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/v1.13.4...1.13.5)
---
updated-dependencies:
- dependency-name: io.mockk:mockk
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-04-20 17:54:51 +08:00 |
|
dependabot[bot]
|
0070b400bb
|
build(deps): bump org.jetbrains.dokka:javadoc-plugin (#40)
Bumps [org.jetbrains.dokka:javadoc-plugin](https://github.com/Kotlin/dokka) from 1.7.20 to 1.8.10.
- [Release notes](https://github.com/Kotlin/dokka/releases)
- [Commits](https://github.com/Kotlin/dokka/commits)
---
updated-dependencies:
- dependency-name: org.jetbrains.dokka:javadoc-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-04-12 18:57:09 +08:00 |
|
dependabot[bot]
|
73e20ab737
|
build(deps): bump ch.qos.logback:logback-classic from 1.4.5 to 1.4.6 (#44)
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.4.5...v_1.4.6)
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-04-12 18:56:57 +08:00 |
|
dependabot[bot]
|
03d24fbfe3
|
build(deps): bump org.jetbrains.kotlin:kotlin-reflect (#45)
Bumps [org.jetbrains.kotlin:kotlin-reflect](https://github.com/JetBrains/kotlin) from 1.8.10 to 1.8.20.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.8.20/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.8.10...v1.8.20)
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-reflect
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-04-12 18:56:36 +08:00 |
|
dependabot[bot]
|
53e47353e8
|
build(deps): bump kotlin plugin from 1.8.10 to 1.8.20 (#46)
Bumps [jvm](https://github.com/JetBrains/kotlin) from 1.8.10 to 1.8.20.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.8.20/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.8.10...v1.8.20)
---
updated-dependencies:
- dependency-name: jvm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-04-12 18:56:23 +08:00 |
|
dependabot[bot]
|
81a97ee8e3
|
build(deps): bump org.jetbrains.dokka from 1.7.20 to 1.8.10 (#41)
Bumps [org.jetbrains.dokka](https://github.com/Kotlin/dokka) from 1.7.20 to 1.8.10.
- [Release notes](https://github.com/Kotlin/dokka/releases)
- [Commits](https://github.com/Kotlin/dokka/commits)
---
updated-dependencies:
- dependency-name: org.jetbrains.dokka
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-03-31 13:57:26 +08:00 |
|
dependabot[bot]
|
dbcbc88e1b
|
build(deps): bump io.mockk:mockk from 1.13.2 to 1.13.4 (#38)
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.2 to 1.13.4.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.2...v1.13.4)
---
updated-dependencies:
- dependency-name: io.mockk:mockk
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-03-23 21:29:01 +08:00 |
|
dependabot[bot]
|
f233a25323
|
build(deps): bump org.slf4j:slf4j-api from 2.0.6 to 2.0.7 (#43)
Bumps [org.slf4j:slf4j-api](https://github.com/qos-ch/slf4j) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/commits)
---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-03-23 21:28:20 +08:00 |
|
dependabot[bot]
|
2c91884db8
|
build(deps): bump org.mockito:mockito-core from 5.1.1 to 5.2.0 (#42)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.1.1 to 5.2.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.1.1...v5.2.0)
---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-03-23 21:26:44 +08:00 |
|
|
|
6b92b7e377
|
build(publish): 增加 self-git Maven 仓库.
目前 Gitea 的构件仓库已经完善到基本可用的程度, 决定将 extension 和 meta 模块也一同发布到 self-git 中.
|
2023-02-25 17:14:03 +08:00 |
|
|
|
375b815659
|
build(deps): extension 模块不再引入 Slf4j-api 依赖.
考虑到发布的频率, 决定不再为 extension 引入 slf4j-api 依赖;
不过还是建议开发者使用 Slf4j-api 打印日志, 这样可以将日志整合在一起, 方便排查问题.
|
2023-02-25 17:11:27 +08:00 |
|
|
|
f26d642320
|
build(gradle): 将 extension 模块的构建插件改为 java-library
先前由于不了解 Gradle 的插件划分而使用了 kotlin-jvm 插件, 现在将其修正, 改用 java-library 插件.
|
2023-02-24 15:55:58 +08:00 |
|
|
|
2db0b78962
|
style(extension): 为 getBotToken 设置 SuppressWarnings 用于忽略无关的弃用警告.
根据文档说明, 弃用仅针对重写方法, 对方法的使用并无大碍.
|
2023-02-24 15:53:32 +08:00 |
|
|
|
8b76a9aa9b
|
release: 发布 0.6.0 版本.
|
2023-02-21 23:46:48 +08:00 |
|
|
|
bbc3288535
|
ci(github-action): 启用 API 二进制兼容性验证. (#37)
使用二进制兼容验证, 可以快速了解 API 是否出现修改, 这个功能有利于防止无意中修改 API.
引入该过程后, 需谨慎检查 api 列表,
以确保改动是必须的. 当 api 出现改动时, 需按照改动类型分配合适的版本号(遵循 SemVer 规范).
|
2023-02-21 23:22:40 +08:00 |
|
dependabot[bot]
|
45ad734c7b
|
build(deps): bump org.junit.jupiter:junit-jupiter-engine (#34)
Bumps [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.9.0 to 5.9.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.9.0...r5.9.2)
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter-engine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 18:52:21 +08:00 |
|
dependabot[bot]
|
1eaed8ce6f
|
build(deps): bump org.mockito:mockito-core from 4.8.0 to 5.1.1 (#35)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 4.8.0 to 5.1.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.8.0...v5.1.1)
---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 18:42:42 +08:00 |
|
dependabot[bot]
|
a624fcd37d
|
build(deps): bump com.google.code.gson:gson from 2.9.0 to 2.10.1 (#36)
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.9.0 to 2.10.1.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.9.0...gson-parent-2.10.1)
---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 18:38:18 +08:00 |
|
dependabot[bot]
|
59aa83c93e
|
build(deps): bump org.junit.jupiter:junit-jupiter-api (#33)
Bumps [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit5) from 5.9.0 to 5.9.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.9.0...r5.9.2)
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter-api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 18:36:02 +08:00 |
|
|
|
3ea0f4eacb
|
feat(metrics): 指标信息增加 bot_id label.
由于 bot_name 不能作为机器人的唯一标识, 因此增加 bot_id 为监控平台提供唯一标识.
|
2023-02-21 18:32:35 +08:00 |
|
|
|
d3e18d80ca
|
ci(github-action): 移除针对子模块的依赖项更新.
根据目前的效果来看, 即使不指定子模块的路径, dependabot 也会检查子模块的依赖项更新情况, 因此尝试移除子模块配置.
|
2023-02-21 16:00:08 +08:00 |
|
|
|
1e0eebbd7e
|
build(deps): 更新日志相关依赖(Slf4j 2.0.6, Logback-classic 1.4.5, Kotlin-logging 3.0.5).
Slf4j: 2.0.3 -> 2.0.6
Logback-classic: 1.4.4 -> 1.4.5
Kotlin-logging: 3.0.2 -> 3.0.5
|
2023-02-21 15:51:28 +08:00 |
|
dependabot[bot]
|
6f3c1ec592
|
build(deps): bump org.junit.jupiter:junit-jupiter-api (#19)
Bumps [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit5) from 5.9.0 to 5.9.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.9.0...r5.9.2)
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter-api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 15:29:54 +08:00 |
|
dependabot[bot]
|
c013dafdd7
|
build(deps): bump io.mockk:mockk from 1.13.2 to 1.13.4 in /scalabot-app (#26)
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.2 to 1.13.4.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.2...v1.13.4)
---
updated-dependencies:
- dependency-name: io.mockk:mockk
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 15:08:06 +08:00 |
|
dependabot[bot]
|
e0bfd8796c
|
build(deps): bump org.jetbrains.kotlin:kotlin-reflect in /scalabot-app (#29)
Bumps [org.jetbrains.kotlin:kotlin-reflect](https://github.com/JetBrains/kotlin) from 1.6.20 to 1.8.10.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.8.10/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.6.20...v1.8.10)
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-reflect
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 15:07:45 +08:00 |
|
dependabot[bot]
|
67d561c0ab
|
build(deps): bump org.jetbrains.kotlinx.kover from 0.5.1 to 0.6.1 (#32)
Bumps [org.jetbrains.kotlinx.kover](https://github.com/Kotlin/kotlinx-kover) from 0.5.1 to 0.6.1.
- [Release notes](https://github.com/Kotlin/kotlinx-kover/releases)
- [Changelog](https://github.com/Kotlin/kotlinx-kover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Kotlin/kotlinx-kover/compare/v0.5.1...v0.6.1)
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlinx.kover
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 12:53:54 +08:00 |
|
|
|
63687da0bb
|
build(dependencies): 更新 binary-compatibility-validator 插件(0.11.1 -> 0.13.0).
更新后插件将支持 Kotlin 1.8.10 版本.
|
2023-02-21 12:44:06 +08:00 |
|
dependabot[bot]
|
cd76249c33
|
build(deps): bump gradle/gradle-build-action from 2.2.1 to 2.4.0 (#23)
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2.2.1 to 2.4.0.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.2.1...v2.4.0)
---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 11:24:23 +08:00 |
|
dependabot[bot]
|
5a8afd1549
|
build(deps): bump docker/build-push-action from 3 to 4 (#18)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2023-02-21 11:21:09 +08:00 |
|
|
|
651569dc8f
|
ci(github-action): 增加 Dependabot 配置文件.
使用 Dependabot 来自动检查依赖新版本, 减轻工作量.
|
2023-02-21 10:51:30 +08:00 |
|
|
|
bf2ea9a367
|
refactor(launch): 在启动时输出 JVM 和 Kotlin 的版本号.
在日志中添加版本信息, 方便在反馈问题时可以了解出现问题所使用的环境.
|
2023-02-19 16:12:15 +08:00 |
|
|
|
540fe84f26
|
build(dependencies): 更新 Kotlin 版本(1.7.10 -> 1.8.10).
更新 Kotlin 版本, 支持新的平台优化.
|
2023-02-19 16:09:52 +08:00 |
|
|
|
712378b3ff
|
build(dependencies): 更新 telegrambots 依赖项.
将 telegrambots 依赖项更新至 6.5.0, 支持新版 Api;
已确认 telegrambots 6.5.0 版本升级了jackson-databind 版本,
因此移除 jackson-databind 的显性依赖声明.
|
2023-02-08 10:12:33 +08:00 |
|
|
|
961382fb56
|
build(dependencies): 更新 TelegramBots 依赖项的版本号.
将 TelegramBots 依赖版本升级至 6.3.0, 支持新的 Telegram Bot API.
|
2022-12-16 01:15:09 +08:00 |
|
|
|
34d9ece6d7
|
feat(logging): 支持通过参数控制日志输出级别.
通过添加新的 -D 参数 `scalabot.log.level`, 使得用户可以根据需要, 调整日志输出级别, 通过日志来自行(或协助开发者)排查问题,
对于与网络有关的 Debug 级别日志, 则由 `scalabot.log.network.verbose` 参数进行控制;
另外, 由于开发过程中可通过该参数修改日志级别, 因此移除 `logback-test.xml` 文件.
|
2022-11-11 18:17:05 +08:00 |
|
|
|
30a2cb34d5
|
refactor(launch): 将 AppPaths 从 Launcher 解耦.
解耦后有助于后续改进, 以及单元测试的编写.
|
2022-11-07 11:16:41 +08:00 |
|
|
|
c94e0476b5
|
refactor(metrics): 为指标增加 namespace 名称.
遵循 OpenMetrics 规范指南, 为运行指标添加 namespace 名称, 防止指标混乱.
BREAKING CHANGE: 运行指标名称变更,
如果用户启用了运行指标功能, 请注意修改使用指标的名称.
|
2022-10-28 01:33:03 +08:00 |
|
|
|
6e5cd07c51
|
build(dependencies): 更新依赖项版本.
更新与日志和测试有关的依赖项版本.
|
2022-10-25 17:18:24 +08:00 |
|
|
|
d4b1438b0b
|
release: 发布 0.5.2 版本.
|
2022-10-20 16:04:27 +08:00 |
|
|
|
90110335f5
|
fix: 更新 jackson-databind 依赖版本以缓解 CVE-2022-42004 漏洞.
CVE-2022-42004 漏洞报告指出, 由于 jackson-databind 的有关错误, 导致对象序列化过程可能存在数据错误的问题,
目前 jackson-databind 已发布 2.13.4.2 版本以解决该问题, 由于引入 jackson-databind 的 telegrambots 库尚未发布针对该问题的修复版本,
故在本项目中引入新版依赖项, 以确保用户不受该问题影响.
该版本已在 TelegramBots 项目(版本 6.1.0)中进行测试, 测试通过.
------------------------------------------
https://devhub.checkmarx.com/cve-details/CVE-2022-42004/
|
2022-10-20 01:41:48 +08:00 |
|
|
|
9c32d26c0d
|
fix(dependencies): 更新 Commons-codec 依赖项的版本.
由于目前从 TelegramBots-Abilities 引入的 Commons-codec 存在 Base 32 和 64 的编解码漏洞,
考虑到需要防范潜在的安全问题, 因此决定更新 Commons-codec
的版本号.
----------------
参考链接:
https://devhub.checkmarx.com/cve-details/Cxeb68d52e-5509/
|
2022-09-19 14:32:40 +08:00 |
|
|
|
dfab6b14bd
|
build(compatibility): 新增 API 兼容性检查插件(尚未启用).
新增 Jetbrains 的二进制兼容性验证插件, 该插件可确保在兼容性出现更改时及时报告出来.
计划在下一次发布版本时启用.
|
2022-09-19 14:28:06 +08:00 |
|
|
|
437cee499a
|
build(dependencies): 更新依赖项版本.
更新版本有利于维持项目安全性.
|
2022-09-19 01:14:31 +08:00 |
|
|
|
4c30a1ac68
|
ci(github-action): 更改工作流名称.
后续可能会加上 Maven 的发布, 所以把名字和文件名都改一下, 防止出现歧义.
|
2022-08-25 16:11:10 +08:00 |
|
|
|
3932db11a1
|
release: 发布 0.5.1 版本.
|
2022-08-23 13:40:21 +08:00 |
|
|
|
d18c059498
|
ci(github-action): 显性声明允许工作流写入仓库.
安全起见, 仓库将设置工作流的 Github Token 默认不可写, 因此需要在该工作流添加权限声明, 以支持其创建 Release.
|
2022-08-23 13:40:20 +08:00 |
|
|
|
e6b581b8cd
|
ci(github-action): 移除容器镜像对 windows-amd64 的构建.
windows-amd64 的镜像构建依然不太不稳定, 因此移除 windows-amd64 平台的镜像构建.
|
2022-08-23 13:40:18 +08:00 |
|
|
|
26d7443c87
|
ci(github-action): 把 Gradle Wrapper 检查步骤加入到所有构建工作流中.
单独检查 Wrapper 并不能阻止其他工作流被恶意 jar 影响, 所以取消单独的检查工作流, 并将检查步骤插入到其他构建工作流中.
|
2022-08-23 13:40:17 +08:00 |
|
|
|
2bf4eb684e
|
ci(github-action): 延长镜像构建工作流的超时时间.
鉴于镜像构建可能会很慢, 因此将时间统一延长到 15 分钟.
|
2022-08-23 13:40:15 +08:00 |
|
|
|
5251b62733
|
ci(github-action): 修改开发版镜像构建工作流的名称和配置文件名.
为了与发布版镜像构建工作流区分开来, 防止弄混乱了.
|
2022-08-23 13:40:13 +08:00 |
|
