fix: Add warnings to users about using credentials from external sources #2551
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sai-sunder-s
approved these changes
Jan 17, 2025
|
Please do not merge. |
zhumin8
added
the
do not merge
lqiu96
approved these changes
Jan 22, 2025
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Jan 24, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `26.0.1` -> `26.0.2` | | [io.grpc:grpc-stub](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-protobuf](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-netty](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:protoc-gen-grpc-java](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-api](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [com.google.api-client:google-api-client](https://github.com/googleapis/google-api-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.7.1` -> `2.7.2` | | [com.squareup.wire:wire-schema](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-runtime](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-reflector](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-moshi-adapter](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-grpc-client](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-gradle-plugin](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-bom](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | --- ### Release Notes <details> <summary>JetBrains/java-annotations (org.jetbrains:annotations)</summary> ### [`v26.0.2`](https://github.com/JetBrains/java-annotations/blob/HEAD/CHANGELOG.md#Version-2602) [Compare Source](JetBrains/java-annotations@26.0.1...26.0.2) - Fixed missing klibs for apple artifacts. </details> <details> <summary>googleapis/google-api-java-client (com.google.api-client:google-api-client)</summary> ### [`v2.7.2`](https://github.com/googleapis/google-api-java-client/blob/HEAD/CHANGELOG.md#272-2025-01-22) ##### Bug Fixes - Add warnings to users about using credentials from external sources ([#​2551](googleapis/google-api-java-client#2551)) ([3bb2879](googleapis/google-api-java-client@3bb2879)) </details> <details> <summary>square/wire (com.squareup.wire:wire-schema)</summary> ### [`v5.2.1`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-521) [Compare Source](square/wire@5.2.0...5.2.1) *2025-01-07* ##### JVM generation - Fix support for mutable messages in Wire's Kotlin Generator. ([#​3233](square/wire#3233) by \[Rahul Ravikumar]\[tikurahul]) ### [`v5.2.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-520) [Compare Source](square/wire@5.1.0...5.2.0) *2025-01-06* ##### Common - Enforce recursion limit when parsing nested groups. ([#​3119](square/wire#3119)) ##### CLI `wire-compiler` - It is now possible to set multiple targets. ([#​3106](square/wire#3106) & [#​3107](square/wire#3107)) - The option `opaque_types` introduced in `4.9.2` for the Wire Gradle plugin is now available on CLI. ([#​3147](square/wire#3147)) ##### JVM generation - [KotlinPoet has been updated to `2.0.0`](https://square.github.io/kotlinpoet/changelog/#version-200) which dramatically changes how generated Kotlin files are wrapped. This is neither a source nor a binary breaking changes. - A new `@WireEnclosingType` annotation is now applied to generated types so R8 doesn't prune too much. ([#​3123](square/wire#3123)) - Split the redact method into chunks when a type has more than 100 fields to avoid compilation error. ([#​3214](square/wire#3214) by \[Damian Wieczorek]\[damianw]) - Add support for mutable messages in Wire's Kotlin Generator. ([#​3217](square/wire#3217) by \[Rahul Ravikumar]\[tikurahul]) - You can opt-in by adding `mutableTypes = true` on your Kotlin target. This is unsafe and we do not recommend that you use it unless you have a sound use-case for it. - Wire is now using Palantir's JavaPoet instead of Square's JavaPoet. ##### Swift - Fix buffer overflow and data corruption when a type has more than 5 layers of nesting ([#​3203](square/wire#3203) by \[Eric Amorde]\[amorde]) ### [`v5.1.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-510) [Compare Source](square/wire@5.0.0...5.1.0) *2024-09-11* ##### Common - Support for Kotlin `2.0.20`. ([#​3093](square/wire#3093)) - `srcDir(String)` has been undeprecated. ([#​3039](square/wire#3039)) - Some loggings now happen at the debug level, instead of info. ([#​3041](square/wire#3041)) - Remove some unactionable warnings on Kotlin/JS ([#​3047](square/wire#3047)) - Propagate the deprecated flag on EnumType after pruning by wire-gradle-plugin ([#​3076](square/wire#3076) by \[Aaron Edwards]\[aaron-edwards]) - Introduce `ProtoReader32`, a specialization for Kotlin/JS ([#​3077](square/wire#3077)) This is an alternative to `ProtoReader`, which uses `Long` as a cursor. It originates as an optimization for Kotlin/JS, where `Long` cursors are prohibitively expensive. - Fix Gradle project isolation issue when reading a property ([#​3078](square/wire#3078) by \[Aurimas]\[liutikas]) - Change the recursion limit to match grpc's default ([#​3091](square/wire#3091)) ##### Kotlin - New enum option `enum_mode` to take precedence over the `enumMode` option added in `5.0.0-alpha02`. Use this if you want to migrate your enums granularly. ([#​2993](square/wire#2993)) - Don't throw if reading trailers fail ([#​3087](square/wire#3087)) ##### Swift - Avoid crash when parsing an empty repeated `[packed=true]` for fixed-length types. ([#​3044](square/wire#3044) by \[Sasha Weiss]\[sashaweiss-signal]) </details> <details> <summary>googleapis/google-auth-library-java (com.google.auth:google-auth-library-oauth2-http)</summary> ### [`v1.31.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1310-2025-01-22) ##### Features - ImpersonatedCredentials to support universe domain for idtoken and signblob ([#​1566](googleapis/google-auth-library-java#1566)) ([adc2ff3](googleapis/google-auth-library-java@adc2ff3)) - Support transport and binding-enforcement MDS parameters. ([#​1558](googleapis/google-auth-library-java#1558)) ([9828a8e](googleapis/google-auth-library-java@9828a8e)) ##### Documentation - Promote use of bill of materials in quickstart documentation ([#​1620](googleapis/google-auth-library-java#1620)) ([fc20d9c](googleapis/google-auth-library-java@fc20d9c)), closes [#​1552](googleapis/google-auth-library-java#1552) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.45.2`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.45.2): 1.45.2 ##### Components ##### Application Security Management (WAF) - 🐛 🍒 8258 - Prevents a NPE when there is no subscriber for user events ([#​8260](DataDog/dd-trace-java#8260) - [@​manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 12db0f59db2e6ebf55203c87fccab042d495106a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context: b/389124064