0abc5f6 only rm file if it exists (#18310)
f71fe5a Add message translation to GetSpec (#18130)
76acfb8 [low-code] Propagate options to InterpolatedRequestInputProvider (#18050)
b347829 upgrade commons-text to 1.10.0 (mitigates CVE 2022-42889) (#18275)
cf28f7a Add message migration to discover schema (#18205)
d6ce20f Fix broken link to config in .env comment (#18287)
2e0fae4 ๐ช ๐งน Splits the imageBlock component in two. (#17479)
39c5512 Update docs for local webapp development with basic auth (#18288)
e3ff75f ๐ New Source: Whisky Hunter API [low-code CDK] (#17918)
067e36d Source Stripe: update stream schema for payment_intents stream (#18228)
7fcadf4 Remove airbyte-queue (#18250)
f5de64d fix issues running connector dependency report on PRs from forks (#18269)
94dfe73 ๐ New Source: Gutendex API [low-code CDK] (#18075)
ec52a63 remove file that should be gitignored
c5336ce use basic auth username and password from .env (#18273)
4e236b5 Add Geography support to RouterService (#17902)
e232ffa Skip basic auth for Octavia integration tests (#18270)
This version upgrades the Apache Commons Text library from 1.9 to 1.10.0, because 1.9 was affected by CVE 2022-42889. We are doing this out of an abundance of caution, but we do not intend to back-release older versions because we aren't affected by the vulnerable behavior. Specifically:
- Our direct usages of commons-text either do not use the vulnerable class (
StringSubstitutor) or are pinned to an unaffected version (destination-s3is using commons-text 1.4, via an older hadoop-common dependency) - Other than that hadoop-common dependency, all of our transitive dependencies on commons-text are limited to test code. Runtime code has no vulnerable transitive dependencies on commons-text.
Instructions
- SQUASH MERGE this PR - this is necessary to ensure the automated Create Release action is triggered.
- Double check that the Create Release action was triggered and ran successfully on the commit to master (this should only take a few seconds).
- If the Create Release action failed due to a transient issue, retry the action. If it failed due to a non-transient issue, create a release manually by following the below instructions.