You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by "dependabot[bot] (via GitHub)" <gi...@apache.org> on 2023/04/11 13:33:41 UTC
[GitHub] [dubbo] dependabot[bot] opened a new pull request, #12069: Bump nacos-client from 2.1.2 to 2.2.2
dependabot[bot] opened a new pull request, #12069:
URL: https://github.com/apache/dubbo/pull/12069
Bumps [nacos-client](https://github.com/alibaba/nacos) from 2.1.2 to 2.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/alibaba/nacos/releases">nacos-client's releases</a>.</em></p>
<blockquote>
<h2>2.2.2 (Apr 11, 2023)</h2>
<p>Nacos recently released versions 2.2.0.1 and 2.2.1, which have made major changes to the default authentication plugin to remove the some default values of authentication plugin. For details, see <a href="https://nacos.io/zh-cn/blog/announcement-token-secret-key.html">Risk Description</a> and <a href="https://nacos.io/zh-cn/blog/2.2.1-release.html">2.2.1 release</a>.</p>
<p>But Nacos default console ui relies on <code>token.secret.key</code> by default, after removing the default value of <code>token.secret.key</code>, many new users who use the latest version image by default have a large number of startup failures. The situation has a great impact on the usability of users.</p>
<p>Therefore, version 2.2.2 is mainly optimized for this problem.</p>
<h2>Enhancement&Refactor</h2>
<p><a href="https://redirect.github.com/alibaba/nacos/issues/10153">#10153</a> Close console login page when auth.enabled is false.
<a href="https://redirect.github.com/alibaba/nacos/issues/10276">#10276</a> Default close openssl for client.</p>
<h2>BugFix</h2>
<p><a href="https://redirect.github.com/alibaba/nacos/issues/10208">#10208</a> Remove DefaultSettingPropertySource.java.</p>
<h2>2.2.1 (Mar 17th, 2023)</h2>
<p>This version is mainly <strong>Specially, Remove default value of <code>token.secret.key</code> and <code>server.identity</code>.</strong> Detail see: <a href="https://nacos.io/zh-cn/blog/announcement-token-secret-key.html">announcement</a>.</p>
<p>And this version upgrade many dependencies such as spring-boot, Grpc, jraft and so on.</p>
<p>What's more, This version add a beta feature, make the grpc request support TLS, and fix some bugs and enhance some usage problems.</p>
<p>Detail see:</p>
<h2>feature</h2>
<p><a href="https://redirect.github.com/alibaba/nacos/issues/9276">#9276</a> Add search config by content.
<a href="https://redirect.github.com/alibaba/nacos/issues/9703">#9703</a> add catalog v2 API to support list instances which is un-enabled.
<a href="https://redirect.github.com/alibaba/nacos/issues/9710">#9710</a> Support prometheus-sd basic auth.
<a href="https://redirect.github.com/alibaba/nacos/issues/9888">#9888</a> Beta support Grpc TLS feature.
<a href="https://redirect.github.com/alibaba/nacos/issues/10062">#10062</a> Naming support aliyun STS auth.</p>
<h2>Enhancement&Refactor</h2>
<p><a href="https://redirect.github.com/alibaba/nacos/issues/9510">#9510</a> Add sql log print function.
<a href="https://redirect.github.com/alibaba/nacos/issues/9646">#9646</a> Replace concatenated strings with placeholders.
<a href="https://redirect.github.com/alibaba/nacos/issues/9708">#9708</a> Clean expired and invalid connections for HTTP client.
<a href="https://redirect.github.com/alibaba/nacos/issues/9783">#9783</a> Handle public namespaceId as default namespaceId for publish and query config for V2 http api.
<a href="https://redirect.github.com/alibaba/nacos/issues/9837">#9837</a> Enhance Grpc connected time when cluster started to load snapshot quickly.
<a href="https://redirect.github.com/alibaba/nacos/issues/9859">#9859</a> Refactor default auth plugin, use custom JWT instead of jjwt.
<a href="https://redirect.github.com/alibaba/nacos/issues/9860">#9860</a> Adapt logback 1.4.5 by SPI.
<a href="https://redirect.github.com/alibaba/nacos/issues/9885">#9885</a> Add prometheus api exception handling.
<a href="https://redirect.github.com/alibaba/nacos/issues/9949">#9949</a> Use Grpc replace all Http request between servers.
<a href="https://redirect.github.com/alibaba/nacos/issues/9951">#9951</a> Judge the message whether <code>null</code> for metadata processor.
<a href="https://redirect.github.com/alibaba/nacos/issues/10084">#10084</a> Client use Async appender to print log.
<a href="https://redirect.github.com/alibaba/nacos/issues/10108">#10108</a> Remove identity default value.</p>
<h2>BugFix</h2>
<p><a href="https://redirect.github.com/alibaba/nacos/issues/9621">#9621</a> Fix Config Client server check always up problem.
<a href="https://redirect.github.com/alibaba/nacos/issues/9728">#9728</a> Fix prometheus http sd only return public namespace problem.
<a href="https://redirect.github.com/alibaba/nacos/issues/9732">#9732</a> Fix namespace v2 api auth not work problem.
<a href="https://redirect.github.com/alibaba/nacos/issues/9734">#9734</a> Fix http login url without default port problem.
<a href="https://redirect.github.com/alibaba/nacos/issues/9795">#9795</a> Fix export config failure problem for non admin user after opening auth.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/alibaba/nacos/commit/d2e16a3e420a23dce1801de95ef9a4b3f91b3e89"><code>d2e16a3</code></a> Fix dynamic change token to illegal value will use old token.</li>
<li><a href="https://github.com/alibaba/nacos/commit/50d313ba25bf2966b82f6c8eaeb07f8c4e9ef683"><code>50d313b</code></a> 取消默认openssl (<a href="https://redirect.github.com/alibaba/nacos/issues/10276">#10276</a>)</li>
<li><a href="https://github.com/alibaba/nacos/commit/6c4c41c8f358f177dfbdbeb099bed72435b1c578"><code>6c4c41c</code></a> Upgrade to 2.2.2</li>
<li><a href="https://github.com/alibaba/nacos/commit/953908754f5f0a4184712ec4c9a9d972625fcee2"><code>9539087</code></a> Don't stopping startup for illegal token.secret.key when auth.enabled is fals...</li>
<li><a href="https://github.com/alibaba/nacos/commit/e31f830217a333807880d80f171bde2ab585dea9"><code>e31f830</code></a> Don't stopping startup for illegal token.secret.key when auth.enabled is fals...</li>
<li><a href="https://github.com/alibaba/nacos/commit/0f43ea9f10558fe47b6a7e00576231a359f4bcda"><code>0f43ea9</code></a> Build console main.js. (<a href="https://redirect.github.com/alibaba/nacos/issues/10264">#10264</a>)</li>
<li><a href="https://github.com/alibaba/nacos/commit/9162c5121d075762c3f90987fec5d41c7a760fee"><code>9162c51</code></a> [fix]🐛nacos login page && notice config (<a href="https://redirect.github.com/alibaba/nacos/issues/10262">#10262</a>)</li>
<li><a href="https://github.com/alibaba/nacos/commit/3b0fda2f25b977e254fb7c4dc1b0b53852b22b26"><code>3b0fda2</code></a> [ISSUE#10153] Add auth state into /state api and add announcement api. (<a href="https://redirect.github.com/alibaba/nacos/issues/10203">#10203</a>)</li>
<li><a href="https://github.com/alibaba/nacos/commit/285d39a154e12d6d39e991639b16039f8d980fa5"><code>285d39a</code></a> [ISSUE#10208] Remove DefaultSettingPropertySource.java and add some unit test...</li>
<li><a href="https://github.com/alibaba/nacos/commit/cb0422ed743e77f11a555ef579f0009049a2db59"><code>cb0422e</code></a> Merge pull request <a href="https://redirect.github.com/alibaba/nacos/issues/10126">#10126</a> from alibaba/develop</li>
<li>Additional commits viewable in <a href="https://github.com/alibaba/nacos/compare/2.1.2...2.2.2">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] sonarcloud[bot] commented on pull request #12069: Bump nacos-client from 2.1.2 to 2.2.2
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #12069:
URL: https://github.com/apache/dubbo/pull/12069#issuecomment-1515982263
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_dubbo&pullRequest=12069)
[](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo&pullRequest=12069&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo&pullRequest=12069&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo&pullRequest=12069&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_dubbo&pullRequest=12069&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_dubbo&pullRequest=12069&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_dubbo&pullRequest=12069&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_dubbo&pullRequest=12069&metric=new_duplicated_lines_density&view=list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] codecov-commenter commented on pull request #12069: Bump nacos-client from 2.1.2 to 2.2.2
Posted by "codecov-commenter (via GitHub)" <gi...@apache.org>.
codecov-commenter commented on PR #12069:
URL: https://github.com/apache/dubbo/pull/12069#issuecomment-1515981249
## [Codecov](https://codecov.io/gh/apache/dubbo/pull/12069?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#12069](https://codecov.io/gh/apache/dubbo/pull/12069?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (a2358e5) into [3.2](https://codecov.io/gh/apache/dubbo/commit/2a86ae7d9756a827338a87c2dc32352d3afa826e?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2a86ae7) will **decrease** coverage by `2.52%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## 3.2 #12069 +/- ##
============================================
- Coverage 69.78% 67.26% -2.52%
+ Complexity 340 2 -338
============================================
Files 3397 1721 -1676
Lines 159184 68372 -90812
Branches 26531 9765 -16766
============================================
- Hits 111086 45991 -65095
+ Misses 38436 17964 -20472
+ Partials 9662 4417 -5245
```
[see 1965 files with indirect coverage changes](https://codecov.io/gh/apache/dubbo/pull/12069/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] AlbumenJ merged pull request #12069: Bump nacos-client from 2.1.2 to 2.2.2
Posted by "AlbumenJ (via GitHub)" <gi...@apache.org>.
AlbumenJ merged PR #12069:
URL: https://github.com/apache/dubbo/pull/12069
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org