1.0.0 release #20
1.0.0 release #20
Conversation
|
Build failing now is fine as it depenends on PacketWrapper: legacy support pull-request |
.travis.yml
Outdated
| # Build project, installing to local repo (skip testing and javadoc generation (if those exist)) | ||
| install: mvn clean install -DskipTests=true -Dmaven.javadoc.skip=true -B -V | ||
| install: | ||
| # Temporarily: |
There was a problem hiding this comment.
Should be resolved before releasing
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058
…build Fix PacketWrapper dependent build
Patch fake-entity-lib to cleanup some mess
Bumps httpclient from 4.5.12 to 4.5.13. Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [lombok](https://github.com/rzwitserloot/lombok) from 1.18.12 to 1.18.16. - [Release notes](https://github.com/rzwitserloot/lombok/releases) - [Changelog](https://github.com/rzwitserloot/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.12...v1.18.16) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…4ad798b42f028 [Snyk] Security upgrade org.apache.httpcomponents:httpclient from 4.5.12 to 4.5.13
…/org.apache.httpcomponents-httpclient-4.5.13 Bump httpclient from 4.5.12 to 4.5.13
…ectlombok-lombok-1.18.16
Bumps [fastutil](https://github.com/vigna/fastutil) from 8.4.1 to 8.4.4. - [Release notes](https://github.com/vigna/fastutil/releases) - [Changelog](https://github.com/vigna/fastutil/blob/master/CHANGES) - [Commits](vigna/fastutil@8.4.1...8.4.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…/it.unimi.dsi-fastutil-8.4.4
Bumps `version.mockito` from 3.5.11 to 3.6.28. Updates `mockito-core` from 3.5.11 to 3.6.28 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.5.11...v3.6.28) Updates `mockito-junit-jupiter` from 3.5.11 to 3.6.28 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v3.5.11...v3.6.28) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…ectlombok-lombok-1.18.16
…/version.mockito-3.6.28
…ectlombok-lombok-1.18.16
…/org.projectlombok-lombok-1.18.16 Bump lombok from 1.18.12 to 1.18.16
…7490da1287d59 [Snyk] Security upgrade org.apache.httpcomponents:httpclient from 4.5.12 to 4.5.13
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…velopment/actions/checkout-2.4.0 build(deps): bump actions/checkout from 2.3.5 to 2.4.0
Bumps [annotations](https://github.com/JetBrains/java-annotations) from 22.0.0 to 23.0.0. - [Release notes](https://github.com/JetBrains/java-annotations/releases) - [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md) - [Commits](JetBrains/java-annotations@22.0.0...23.0.0) --- updated-dependencies: - dependency-name: org.jetbrains:annotations dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…/org.jetbrains-annotations-23.0.0 build(deps): bump annotations from 22.0.0 to 23.0.0
Bumps `version.mockito` from 4.0.0 to 4.1.0. Updates `mockito-core` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.0.0...v4.1.0) Updates `mockito-junit-jupiter` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.mockito-4.1.0 build(deps-dev): bump version.mockito from 4.0.0 to 4.1.0
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7. - [Release notes](https://github.com/actions/cache/releases) - [Commits](actions/cache@v2.1.6...v2.1.7) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…velopment/actions/cache-2.1.7 build(deps): bump actions/cache from 2.1.6 to 2.1.7
Bumps `version.junit` from 5.8.1 to 5.8.2. Updates `junit-jupiter-api` from 5.8.1 to 5.8.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit-framework@r5.8.1...r5.8.2) Updates `junit-jupiter-engine` from 5.8.1 to 5.8.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit-framework@r5.8.1...r5.8.2) Updates `junit-jupiter-params` from 5.8.1 to 5.8.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit-framework@r5.8.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-api dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.junit.jupiter:junit-jupiter-params dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.junit-5.8.2 build(deps-dev): bump version.junit from 5.8.1 to 5.8.2
Bumps `version.junit.platform` from 1.8.1 to 1.8.2. Updates `junit-platform-launcher` from 1.8.1 to 1.8.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/commits) Updates `junit-platform-runner` from 1.8.1 to 1.8.2 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/commits) --- updated-dependencies: - dependency-name: org.junit.platform:junit-platform-launcher dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.junit.platform:junit-platform-runner dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.junit.platform-1.8.2 build(deps-dev): bump version.junit.platform from 1.8.1 to 1.8.2
Bumps `version.mockito` from 4.1.0 to 4.2.0. Updates `mockito-core` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.1.0...v4.2.0) Updates `mockito-junit-jupiter` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.mockito-4.2.0 build(deps-dev): bump version.mockito from 4.1.0 to 4.2.0
Bumps `version.mockito` from 4.2.0 to 4.4.0. Updates `mockito-core` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.2.0...v4.4.0) Updates `mockito-junit-jupiter` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.2.0...v4.4.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.mockito-4.4.0
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| </build> | ||
|
|
||
| <dependencies> | ||
| <dependency> |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/ru.progrm-jarvis.minecraft/minecraft-commons@1.0.0-SNAPSHOT
4 Critical, 1 Severe, 3 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
- lookup()
- lookup()
- build()
- Java 8 (or later) users should upgrade to release 2.16.0.
- Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
- Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
- replace()
- substitute()
- initialize()
- doConfigure()
- Java 8 (or later) users should upgrade to release 2.16.0.
- Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
- Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
pkg:maven/com.google.guava/guava@17.0
SEVERE Vulnerabilities (1)
[CVE-2018-10237] Deserialization of Untrusted Data
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CVSS Score: 5.9
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
MODERATE Vulnerabilities (1)
[CVE-2020-8908] A temp directory creation vulnerability exists in all versions of Guava, allowin...
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CVSS Score: 3.3
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9
CRITICAL Vulnerabilities (4)
OSSINDEX-6293-b378-c53a
CWE-502: Deserialization of Untrusted Data
The component 'Log4j' is vulnerable to CWE-502.The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.[For version 2.0-beta9., For version 2.0-rc1., For version 2.0-rc2., From version 2.0.0 up to and including 2.14.1.]
CVSS Score: 10
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2021-44228
[CVE-2021-44228] Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and pa...
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to "true" or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".
===================================================
The following information is provided by Sonatype Nexus Intelligence. Nexus Intelligence is the only security research service that performs "secondary expansion" to determine if newly discovered vulnerabilities are also present in other components.
Learn more about Nexus Intelligence -- https://www.sonatype.com/products/intelligence
Explanation
The log4j-core package is vulnerable to Deserialization of Untrusted data. The vulnerable methods allow the JNDI Java interface to be used to request resources from arbitrary URIs using the LDAP and LDAPS protocols. This leads to Java objects contained within the resource to be deserialized and processed. Applications that use the log4j-core library to log events and utilize application data in log messages may inadvertently allow user input to be included inside their log messages. Remote attackers can leverage this behavior to fetch a malicious resource under their control. This would lead to malicious Java code being deserialized and executed in the context of the vulnerable application and may lead to Remote Code Execution (RCE).
Advisory Deviation Notice: The Sonatype security research team discovered that the root cause of the vulnerability is in org.apache.logging.log4j:log4j-core, and is not in org.apache.logging.log4j:log4j-api as the GitHub advisory states. The research team has also discovered that the vulnerable code was introduced in version 2.0-beta9 up to 2.12.2, and 2.13.0 up to 2.15.0, and not all versions before 2.15.0 as the GitHub advisory states. The 1.x branch is not affected by this vulnerability.
Vulnerable File(s) and Function(s):
org/apache/logging/log4j/core/net/JndiManager.class
org/apache/logging/log4j/core/lookup/JndiLookup.class
org/apache/logging/log4j/core/appender/mom/JmsAppender$Builder.class
Detection
The application is vulnerable by using this component and including formatted message substitutions in their application's logged messages where formatted message lookups are enabled. Note that this is the default behavior in all versions prior to 2.15.0.
Reference: GHSA-jfh8-c2jp-5v3q
Recommendation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.
Project Recommendations
Reference: https://logging.apache.org/log4j/2.x/security.html
CVSS Score: 10
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2017-5645
[CVE-2017-5645] Deserialization of Untrusted Data
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVSS Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45105
[CVE-2021-45105] Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not prot...
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
===================================================
The following information is provided by Sonatype Nexus Intelligence. Nexus Intelligence is the only security research service that performs "secondary expansion" to determine if newly discovered vulnerabilities are also present in other components.
Learn more about Nexus Intelligence -- https://www.sonatype.com/products/intelligence
Explanation
The log4j-core package is vulnerable to Denial of Service (DoS) due to Uncontrolled Recursion. The methods and classes listed below allow for recursive evaluation of lookups with user-supplied inputs. Remote attackers with control over Thread Context Map data can supply specially-crafted inputs containing a recursive lookup. This will result in the process terminating when the logging configuration uses a non-default Pattern Layout with a Context Lookup, leading to a DoS condition.
Vulnerable File(s) and Function(s):
org/apache/logging/log4j/core/lookup/StrSubstitutor.class
org/apache/logging/log4j/core/config/AbstractConfiguration.class
Note: The Attack Complexity of this vulnerability is still being discussed with the maintainers. We have deemed it High at this time due to the specific configuration necessary for the vulnerability to be exploited.
Detection
The application is vulnerable by using this component when the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId})
Reference: https://logging.apache.org/log4j/2.x/security.html
Recommendation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Mitigating controls from the project advisory:
Implement one of the following mitigation techniques:
Java 8 (or later) users should upgrade to release 2.17.0.
Alternatively, this can be mitigated in configuration:
In PatternLayout in the logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC).
Otherwise, in the configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.
Reference: https://logging.apache.org/log4j/2.x/security.html
Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.
CVSS Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MODERATE Vulnerabilities (2)
CVE-2020-9488
[CVE-2020-9488] Improper validation of certificate with host mismatch in Apache Log4j SMTP appen...
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
CVSS Score: 3.7
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-45046
[CVE-2021-45046] It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was i...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property
log4j2.noFormatMsgLookuptotruedo NOT mitigate this specific vulnerability. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (<2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).
===================================================
The following information is provided by Sonatype Nexus Intelligence. Nexus Intelligence is the only security research service that performs "secondary expansion" to determine if newly discovered vulnerabilities are also present in other components.
Learn more about Nexus Intelligence -- https://www.sonatype.com/products/intelligence
Explanation
The log4j-core package is vulnerable to the Use of an Externally-Controlled Format String. The format() method in the MessagePatternConverter and MessagePatternConverter$LookupMessagePatternConverter classes allow JNDI LDAP lookups to be made to remote hosts by default while logging application events. If the data retrieved is used to control the input data utilized in Thread Context Maps or Context Lookups, an attacker with control over a logged value may craft a malicious JNDI lookup string that causes log4j to crash. This may result in undefined behavior in applications utilizing log4j-core, and can lead to a Denial of Service (DoS) condition.
Note: This vulnerability is a follow-up to CVE-2021-44228 to address the DoS attack vector.
Detection
The application is vulnerable by using this component.
Recommendation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.
Mitigating controls from the project advisory:
Reference: https://logging.apache.org/log4j/2.x/security.html
CVSS Score: 3.7
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Bumps `version.junit.platform` from 1.8.2 to 1.9.0. Updates `junit-platform-launcher` from 1.8.2 to 1.9.0 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/commits) Updates `junit-platform-runner` from 1.8.2 to 1.9.0 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/commits) --- updated-dependencies: - dependency-name: org.junit.platform:junit-platform-launcher dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.junit.platform:junit-platform-runner dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/version.junit.platform-1.9.0 build(deps-dev): bump version.junit.platform from 1.8.2 to 1.9.0
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.2.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v2.1.7...v3.2.2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…velopment/actions/cache-3.2.2 build(deps): bump actions/cache from 2.1.7 to 3.2.2
Bumps [ProtocolLib](https://github.com/dmulloy2/ProtocolLib) from 4.7.0 to 4.8.0. - [Release notes](https://github.com/dmulloy2/ProtocolLib/releases) - [Commits](dmulloy2/ProtocolLib@4.7.0...4.8.0) --- updated-dependencies: - dependency-name: com.comphenix.protocol:ProtocolLib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.5.1. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2...v3.5.1) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.4.0...v3.3.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fastutil](https://github.com/vigna/fastutil) from 8.5.6 to 8.5.11. - [Release notes](https://github.com/vigna/fastutil/releases) - [Changelog](https://github.com/vigna/fastutil/blob/master/CHANGES) - [Commits](vigna/fastutil@8.5.6...8.5.11) --- updated-dependencies: - dependency-name: it.unimi.dsi:fastutil dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…pment/actions/setup-java-3.5.1' into dependency-updates
…unimi.dsi-fastutil-8.5.11' into dependency-updates
…pment/actions/checkout-3.3.0' into dependency-updates
Initial release of minecraft-utils