v0.4.1

What's Changed

Exciting New Features 🎉

• Update to cp-kafka:7.3.2 in test extention by @big-andy-coates in #268
• Serde tester and docs by @big-andy-coates in #280

Dependency Updates

• Bump io.github.gradle-nexus:publish-plugin from 1.2.0 to 1.3.0 by @dependabot in #261
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.16.0 to 6.17.0 by @dependabot in #260
• Bump gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin from 2.12.0 to 2.12.2 by @dependabot in #262
• Bump org.mockito:mockito-junit-jupiter from 5.1.1 to 5.2.0 by @dependabot in #263
• Bump amazoncorretto from 19 to 20 in /test-service by @dependabot in #271
• Bump com.github.spotbugs.snom:spotbugs-gradle-plugin from 5.0.13 to 5.0.14 by @dependabot in #273
• Bump pl.allegro.tech.build.axion-release from 1.14.4 to 1.15.0 by @dependabot in #278
• Bump com.bmuschko.docker-remote-api from 9.2.1 to 9.3.0 by @dependabot in #275
• Bump org.slf4j:slf4j-api from 2.0.6 to 2.0.7 by @dependabot in #277
• Bump amazoncorretto from ac2d30e to 3abed63 in /test-service by @dependabot in #285
• Bump org.mockito:mockito-junit-jupiter from 5.2.0 to 5.3.0 by @dependabot in #293
• Bump com.gradle.publish:plugin-publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #294
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.17.0 to 6.18.0 by @dependabot in #296
• Bump com.bmuschko.docker-remote-api from 9.3.0 to 9.3.1 by @dependabot in #295
• Bump testContainersVersion from 1.17.6 to 1.18.0 by @dependabot in #297
• Bump org.junit-pioneer:junit-pioneer from 2.0.0 to 2.0.1 by @dependabot in #298
• Bump creekVersion from 0.4.1-SNAPSHOT to 0.4.1 by @dependabot in #300

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

Dependency Updates

• Bump amazoncorretto from a197d79 to ec346fa in /test-service by @dependabot in #258
• Bump io.github.gradle-nexus:publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #257
• Bump log4jVersion from 2.19.0 to 2.20.0 by @dependabot in #255
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.15.0 to 6.16.0 by @dependabot in #256
• Bump creekVersion from 0.3.3-SNAPSHOT to 0.4.0 by @dependabot in #264

Full Changelog: v0.3.2...v0.4.0

v0.3.2

What's Changed

Dependency Updates

• Bump org.mockito:mockito-junit-jupiter from 5.1.0 to 5.1.1 by @dependabot in #234
• Bump org.junit-pioneer:junit-pioneer from 1.9.1 to 2.0.0 by @dependabot in #245
• Update Kafka dependencies to 3.4.0 by @big-andy-coates in #238
• Bump pl.allegro.tech.build.axion-release from 1.14.3 to 1.14.4 by @dependabot in #244
• Bump com.bmuschko.docker-remote-api from 9.0.1 to 9.2.1 by @dependabot in #242
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.14.0 to 6.15.0 by @dependabot in #240
• Bump creekVersion from 0.3.2-SNAPSHOT to 0.3.2 by @dependabot in #246

Full Changelog: v0.3.1...v0.3.2

v0.3.1

What's Changed

Dependency Updates

• Bump junitVersion from 5.9.1 to 5.9.2 by @dependabot in #214
• Bump kafkaVersion from 3.3.0 to 3.3.2 by @dependabot in #224
• Bump amazoncorretto from 7b1c0e0 to 848e933 in /test-service by @dependabot in #220
• Bump Jackson version from 2.13.3 to 2.14.1 by @big-andy-coates in #219
• Bump spotless-plugin-gradle from 6.12.1 to 6.13.0 by @dependabot in #222
• Bumps mockito-junit-jupiter fro… by @big-andy-coates in #225
• Bump jacksonVersion from 2.14.1 to 2.14.2 by @dependabot in #228
• Bump spotless-plugin-gradle from 6.13.0 to 6.14.0 by @dependabot in #227
• Bump mockito-junit-jupiter from 5.0.0 to 5.1.0 by @dependabot in #226
• Bump amazoncorretto from 848e933 to a197d79 in /test-service by @dependabot in #231
• Bump creekVersion from 0.3.1-SNAPSHOT to 0.3.1 by @dependabot in #232

Known security vulnerabilities in dependencies

At the time of release the following known security vulnerabilities existing in dependencies of the released Creek jars:

Jackson core's Uncontrolled Resource Consumption

See sonatype-2022-6438.

At the time of writing, this is marked with High priority. However, if you
read up on this vulnerability, this is also about parsing
data from untrustworthy source.

This is not an issue for Creek, as all data being deserialized is from a trusted source, i.e. you, the
user, running Creek system tests written in YAML.

There is already a fix in Jackson. Creek will update to 2.15.0
of Jackson when it is released.

Kafka Stream's divide by zero

See sonatype-2019-0422

This seems to be a vulnerability detected by SonaType OSS Index scanning a PR that fixed a potential divide-by-zero issue. The PR was never merged, hence the vulnerability report. However, from the PR comments it looks as though this issue is unlikely, or even impossible, to be hit.

An issue has been raised to track a potential fix.
Creek will be updated should a fix become available.

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

Exciting New Features 🎉

• Set Kafka startup and shutdown timeouts by @big-andy-coates in #192
• Security Scorecards integration by @big-andy-coates in #200

Dependency Updates

• Bump junit-pioneer from 1.7.1 to 1.8.0 by @dependabot in #185
• Bump plugin-publish-plugin from 1.0.0 to 1.1.0 by @dependabot in #184
• Bump junit-pioneer from 1.8.0 to 1.9.1 by @dependabot in #188
• Bump jacksonVersion from 2.14.0 to 2.14.1 by @dependabot in #187
• Bump com.bmuschko.docker-remote-api from 8.1.0 to 9.0.1 by @dependabot in #190
• Bump slf4j-api from 2.0.3 to 2.0.5 by @dependabot in #189
• Bump pl.allegro.tech.build.axion-release from 1.14.2 to 1.14.3 by @dependabot in #191
• Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #193
• Bump com.bmuschko.docker-remote-api from 9.0.1 to 9.1.0 by @dependabot in #195
• Bump testContainersVersion from 1.17.5 to 1.17.6 by @dependabot in #196
• Bump mockito-junit-jupiter from 4.8.1 to 4.11.0 by @dependabot in #194
• Bump slf4j-api from 2.0.5 to 2.0.6 by @dependabot in #198
• Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by @dependabot in #202
• Bump spotless-plugin-gradle from 6.11.0 to 6.12.0 by @big-andy-coates in #201
• Bump amazoncorretto from 11 to 19 in /test-service by @dependabot in #206
• Bump amazoncorretto from 11 to 19 in /test-service by @dependabot in #207
• Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #210
• Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #211

Less Exciting Things

• Downgrade docker-remote-api from 9.1.0 to 9.0.1 by @big-andy-coates in #208

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

Exciting New Features 🎉

• System test: Implement resource descriptor validation by @big-andy-coates in #107
• Support topic creation by @big-andy-coates in #117
• Expose Kafka producer and consumer from clients extension by @big-andy-coates in #129
• UUID support by @big-andy-coates in #134
• Track record location to improve error messages. by @big-andy-coates in #137
• Topic expectations by @big-andy-coates in #154
• Fail if consumed records are out of order by @big-andy-coates in #158
• Add options to control verify timeouts by @big-andy-coates in #160
• Validate topics are valid targets for inputs/expectations. by @big-andy-coates in #163
• Support different Kafka client versions by @big-andy-coates in #165
• Switch streams-test to be JPMS module by @big-andy-coates in #171

Dependency Updates

• Bump com.diffplug.spotless from 6.5.1 to 6.5.2 by @dependabot in #60
• Bump spotbugs-annotations from 4.6.0 to 4.7.0 by @dependabot in #59
• Bump com.diffplug.spotless from 6.5.2 to 6.6.1 by @dependabot in #66
• Bump org.javamodularity.moduleplugin from 1.8.10 to 1.8.11 by @dependabot in #67
• Bump pl.allegro.tech.build.axion-release from 1.13.6 to 1.13.9 by @dependabot in #69
• Bump junit-pioneer from 1.7.0 to 1.7.1 by @dependabot in #72
• Bump mockito-junit-jupiter from 4.5.1 to 4.6.0 by @dependabot in #71
• Bump mockito-junit-jupiter from 4.6.0 to 4.6.1 by @dependabot in #73
• Bump com.diffplug.spotless from 6.6.1 to 6.7.0 by @dependabot in #75
• Bump pl.allegro.tech.build.axion-release from 1.13.9 to 1.13.14 by @dependabot in #77
• Bump com.diffplug.spotless from 6.7.0 to 6.7.2 by @dependabot in #78
• Bump com.diffplug.spotless from 6.7.2 to 6.8.0 by @dependabot in #90
• Bump com.github.spotbugs from 5.0.6 to 5.0.9 by @dependabot in #87
• Bump testcontainers from 1.17.2 to 1.17.3 by @dependabot in #89
• Bump log4jVersion from 2.17.2 to 2.18.0 by @dependabot in #86
• Bump spotbugs-annotations from 4.7.0 to 4.7.1 by @dependabot in #88
• Bump com.diffplug.spotless from 6.8.0 to 6.9.1 by @dependabot in #98
• Bump org.javamodularity.moduleplugin from 1.8.11 to 1.8.12 by @dependabot in #96
• Bump pl.allegro.tech.build.axion-release from 1.13.14 to 1.14.0 by @dependabot in #97
• Bump junitVersion from 5.8.2 to 5.9.0 by @dependabot in #94
• Bump com.bmuschko.docker-remote-api from 7.4.0 to 8.0.0 by @dependabot in #99
• Bump com.github.spotbugs from 5.0.9 to 5.0.10 by @dependabot in #101
• Bump mockito-junit-jupiter from 4.6.1 to 4.7.0 by @dependabot in #100
• Bump spotbugs-annotations from 4.7.1 to 4.7.2 by @dependabot in #104
• Bump com.github.spotbugs from 5.0.10 to 5.0.12 by @dependabot in #109
• Bump com.diffplug.spotless from 6.9.1 to 6.10.0 by @dependabot in #102
• Bump mockito-junit-jupiter from 4.7.0 to 4.8.0 by @dependabot in #115
• Bump pl.allegro.tech.build.axion-release from 1.14.0 to 1.14.1 by @dependabot in #122
• Bump com.diffplug.spotless from 6.10.0 to 6.11.0 by @dependabot in #121
• Bump junitVersion from 5.9.0 to 5.9.1 by @dependabot in #131
• Bump com.bmuschko.docker-remote-api from 8.0.0 to 8.1.0 by @dependabot in #130
• Bump actions/checkout from 2 to 3 by @dependabot in #141
• Bump testContainersVersion from 1.17.3 to 1.17.4 by @dependabot in #142
• Bump pl.allegro.tech.build.axion-release from 1.14.1 to 1.14.2 by @dependabot in #143
• Bump testContainersVersion from 1.17.4 to 1.17.5 by @dependabot in #155
• Bump mockito-junit-jupiter from 4.8.0 to 4.8.1 by @dependabot in #166
• Bump spotbugs-annotations from 4.7.2 to 4.7.3 by @dependabot in #167
• Bump com.github.spotbugs from 5.0.12 to 5.0.13 by @dependabot in #172

Less Exciting Things

• Add version workflow and exclude Kafka from version updates by @big-andy-coates in #61

Full Changelog: v0.1.30...v0.2.0