Skip to content

fix: Do not add padding in Client-Side CAB tokens. #1728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 22, 2025
Merged

fix: Do not add padding in Client-Side CAB tokens. #1728

merged 4 commits into from
Apr 22, 2025

Conversation

huangjiahua
Copy link
Contributor

@huangjiahua huangjiahua commented Apr 1, 2025
edited
Loading

There are early adopters reporting that the padding at the end of the Client-Side CAB tokens can break some use cases including using URL-encoded token in URL. While we have other solutions to resolve this issue, we think it's better to remove the padding in the client library to stay consistent with other types of tokens.

@huangjiahua huangjiahua requested review from a team as code owners April 1, 2025 18:27
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Apr 1, 2025
@nbayati nbayati requested a review from lqiu96 April 7, 2025 18:32
@huangjiahua huangjiahua changed the title Do not add padding in Client-Side CAB tokens. fix: Do not add padding in Client-Side CAB tokens. Apr 7, 2025
@huangjiahua
fix: Do not add padding in Client-Side CAB tokens.
0be74eb 
Change-Id: I1dc0dfeb7e29e902ad3442cae28d10383816f58b
@huangjiahua
Add unit test assertions to verify the generated token has no padding.
0dd70a0 
Change-Id: I7b948a13a075d7afeac19f96b9372f23b60d4eda
@huangjiahua huangjiahua requested a review from nbayati April 11, 2025 17:53
lqiu96
lqiu96 reviewed Apr 14, 2025
View reviewed changes
.../com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java
@@ -745,6 +745,9 @@ public void generateToken_withAvailablityCondition_success() throws Exception {
CabToken cabToken = parseCabToken(token);
assertEquals("accessToken", cabToken.intermediateToken);

// Verifies the encrypted restriction has no padding
assertFalse(cabToken.encryptedRestriction.contains(String.valueOf("=")));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qq, does the Base64.Encoder keep the = by default? I was assuming that it was keeping something like additional spaces at the end. Would the test case make more sense to ensure that the token value doesn't end with spaces? If so, do you have an example/ mock token that runs into these padding issues?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

= is used to pad the base64 encoding output if the input length in bytes is not a multiple of 3. This is the default behavior for Base64.Encoder if withoutPadding is not used. The base64 encoded restriction of this test case includes the padding at the end.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, thanks! Can you just add a small comment above in the test to explain that padding adds = for values not in multiple of 3 (just for future maintainers who don't know this/ aren't familiar with padding)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

@product-auto-label product-auto-label bot added size: s Pull request size is small. and removed size: xs Pull request size is extra small. labels Apr 14, 2025
lqiu96
lqiu96 approved these changes Apr 15, 2025
View reviewed changes
Copy link
Contributor

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@huangjiahua
Add comment to explain why padding is removed.
03154a1 
Change-Id: I0882e0c5d99310b179ace493b937669520626263
@lqiu96 lqiu96 requested a review from zhumin8 April 15, 2025 17:06
@lqiu96
Copy link
Contributor

lqiu96 commented Apr 15, 2025

@zhumin8 Could you also take a look and approve?

@lqiu96
Copy link
Contributor

lqiu96 commented Apr 15, 2025

@huangjiahua FYI, I think we have a lint issue. Can you run with mvn format?

@huangjiahua
Run mvn format.
b16cfde 
Change-Id: I8e3c59c42fceeaf593fa08e85b40754d57e71a45
@lqiu96 lqiu96 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@lqiu96 lqiu96 merged commit 8a75ccd into googleapis:main Apr 22, 2025
20 of 21 checks passed
@release-please release-please bot mentioned this pull request Apr 22, 2025
Merged
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request May 5, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
2ca9140 
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
| org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle
| minor | `11.7.1` -> `11.8.0` |
| [app.cash.tempest:tempest-bom](https://github.com/cashapp/tempest) |
dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2025.03.17.133301-6c83654` -> `2025.05.02.195945-d393c44` |
|
[com.mysql:mysql-connector-j](http://dev.mysql.com/doc/connector-j/en/)
([source](https://github.com/mysql/mysql-connector-j)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `8.3.0` -> `8.4.0` |
| [com.google.guava:guava-bom](https://github.com/google/guava)
([source](http://svn.sonatype.org/spice/trunk/oss/oss-parent-9)) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`33.4.0-jre` -> `33.4.8-jre` |
|
[com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.54.1` -> `2.55.3` |
|
[com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.53.1` -> `2.54.3` |
|
[com.google.apis:google-api-services-storage](http://nexus.sonatype.org/oss-repository-hosting.html)
([source](http://svn.sonatype.org/spice/tags/oss-parent-7)) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`v1-rev20250312-2.0.0` -> `v1-rev20250424-2.0.0` |
|
[com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`6.90.0` -> `6.92.0` |
|
[com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`3.22.0` -> `3.22.2` |
|
[com.google.apis:google-api-services-cloudkms](http://nexus.sonatype.org/oss-repository-hosting.html)
([source](http://svn.sonatype.org/spice/tags/oss-parent-7)) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`v1-rev20250227-2.0.0` -> `v1-rev20250414-2.0.0` |
|
[com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.27.1` -> `2.28.0` |
|
[com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.53.1` -> `2.54.3` |
| [com.google.api:gax](https://github.com/googleapis/sdk-platform-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.63.1` -> `2.64.3` |
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://github.com/google/error-prone)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `2.37.0` -> `2.38.0` |
|
[com.google.protobuf:protoc](https://developers.google.com/protocol-buffers/)
([source](https://github.com/protocolbuffers/protobuf)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `3.25.6` -> `3.25.7` |
|
[com.google.protobuf:protobuf-java](https://developers.google.com/protocol-buffers/)
([source](https://github.com/protocolbuffers/protobuf)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `3.25.6` -> `3.25.7` |
|
[com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`2.18.3` -> `2.19.0` |
|
[com.google.http-client:google-http-client-jackson2](https://github.com/googleapis/google-http-java-client)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.46.3` -> `1.47.0` |
|
[com.google.http-client:google-http-client](https://github.com/googleapis/google-http-java-client)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.46.3` -> `1.47.0` |
|
[com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.33.1` -> `1.34.0` |
|
[com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.33.1` -> `1.34.0` |
|
[com.github.docker-java:docker-java-transport-httpclient5](https://github.com/docker-java/docker-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.4.2` -> `3.5.0` |
|
[com.github.docker-java:docker-java-transport](https://github.com/docker-java/docker-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.4.2` -> `3.5.0` |
|
[com.github.docker-java:docker-java-core](https://github.com/docker-java/docker-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.4.2` -> `3.5.0` |
|
[com.github.docker-java:docker-java-api](https://github.com/docker-java/docker-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.4.2` -> `3.5.0` |
|
[com.github.docker-java:docker-java](https://github.com/docker-java/docker-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.4.2` -> `3.5.0` |
|
[com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin)
| plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.16.0` ->
`2.17.0` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`1.48.1` -> `1.48.2` |
| [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`1.48.1` -> `1.48.2` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.34` |
| [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.34` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.34` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.34` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.35` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.35` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.22` -> `2.31.35` |
| [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` ->
`1.12.783` |
| [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` ->
`1.12.783` |
|
[com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` ->
`1.12.783` |
| [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava)
([source](https://github.com/aws/aws-sdk-java)) | dependencies |
misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` ->
`1.12.783` |

---

### Release Notes

<details>
<summary>mysql/mysql-connector-j (com.mysql:mysql-connector-j)</summary>

###
[`v8.4.0`](mysql/mysql-connector-j@8.3.0...8.4.0)

[Compare
Source](mysql/mysql-connector-j@8.3.0...8.4.0)

</details>

<details>
<summary>googleapis/sdk-platform-java
(com.google.api.grpc:proto-google-common-protos)</summary>

###
[`v2.55.1`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2551-2025-03-12)

##### Dependencies

- revert "deps: update arrow.version to v18.2.0"
([#&#8203;3694](googleapis/sdk-platform-java#3694))
([2725744](googleapis/sdk-platform-java@2725744))

###
[`v2.55.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2550-2025-03-12)

##### Features

- generate showcase using docker image
([#&#8203;3568](googleapis/sdk-platform-java#3568))
([3857e3f](googleapis/sdk-platform-java@3857e3f))
- next release from main branch is 2.55.0
([#&#8203;3668](googleapis/sdk-platform-java#3668))
([1eda55f](googleapis/sdk-platform-java@1eda55f))

##### Bug Fixes

- remove call credentials from call options if DirectPath
([#&#8203;3670](googleapis/sdk-platform-java#3670))
([5ede29c](googleapis/sdk-platform-java@5ede29c))

##### Dependencies

- update arrow.version to v18.2.0
([#&#8203;3675](googleapis/sdk-platform-java#3675))
([5a555e5](googleapis/sdk-platform-java@5a555e5))

</details>

<details>
<summary>googleapis/java-spanner
(com.google.cloud:google-cloud-spanner)</summary>

###
[`v6.92.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6920-2025-04-29)

##### Features

- \[Internal] client-side metrics for afe latency and connectivity error
([#&#8203;3819](googleapis/java-spanner#3819))
([a8dba0a](googleapis/java-spanner@a8dba0a))
- Support begin with AbortedException for manager interface
([#&#8203;3835](googleapis/java-spanner#3835))
([5783116](googleapis/java-spanner@5783116))

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.56.2
([11bfd90](googleapis/java-spanner@11bfd90))

##### Dependencies

- Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2
([#&#8203;3836](googleapis/java-spanner#3836))
([2ee7f97](googleapis/java-spanner@2ee7f97))

###
[`v6.91.1`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6911-2025-04-21)

##### Bug Fixes

- SkipHint in the internal parser skipped too much
([#&#8203;3827](googleapis/java-spanner#3827))
([fbf7b4c](googleapis/java-spanner@fbf7b4c))

###
[`v6.91.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6910-2025-04-17)

##### Features

- \[Internal] open telemetry built in metrics for GRPC
([#&#8203;3709](googleapis/java-spanner#3709))
([cd76c73](googleapis/java-spanner@cd76c73))
- Add java sample for the pre-splitting feature
([#&#8203;3713](googleapis/java-spanner#3713))
([e97b92e](googleapis/java-spanner@e97b92e))
- Add TransactionMutationLimitExceededException as cause to
SpannerBatchUpdateException
([#&#8203;3723](googleapis/java-spanner#3723))
([4cf5261](googleapis/java-spanner@4cf5261))
- Built in metrics for afe latency and connectivity error
([#&#8203;3724](googleapis/java-spanner#3724))
([e13a2f9](googleapis/java-spanner@e13a2f9))
- Support unnamed parameters
([#&#8203;3820](googleapis/java-spanner#3820))
([1afd815](googleapis/java-spanner@1afd815))

##### Bug Fixes

- Add default implementations for Interval methods in
AbstractStructReader
([#&#8203;3722](googleapis/java-spanner#3722))
([97f4544](googleapis/java-spanner@97f4544))
- Set transaction isolation level had no effect
([#&#8203;3718](googleapis/java-spanner#3718))
([b382999](googleapis/java-spanner@b382999))

##### Performance Improvements

- Cache the key used for OTEL traces and metrics
([#&#8203;3814](googleapis/java-spanner#3814))
([c5a2045](googleapis/java-spanner@c5a2045))
- Optimize parsing in Connection API
([#&#8203;3800](googleapis/java-spanner#3800))
([a2780ed](googleapis/java-spanner@a2780ed))
- Qualify statements without removing comments
([#&#8203;3810](googleapis/java-spanner#3810))
([d358cb9](googleapis/java-spanner@d358cb9))
- Remove all calls to getSqlWithoutComments
([#&#8203;3822](googleapis/java-spanner#3822))
([0e1e14c](googleapis/java-spanner@0e1e14c))

</details>

<details>
<summary>googleapis/java-logging
(com.google.cloud:google-cloud-logging)</summary>

###
[`v3.22.2`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3222-2025-04-25)

##### Dependencies

- Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2
([#&#8203;1796](googleapis/java-logging#1796))
([1f88271](googleapis/java-logging@1f88271))

###
[`v3.22.1`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3221-2025-04-25)

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.56.2
([7cce5b5](googleapis/java-logging@7cce5b5))

</details>

<details>
<summary>googleapis/java-datastore
(com.google.cloud:google-cloud-datastore)</summary>

###
[`v2.28.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2280-2025-04-29)

##### Features

- Java datastore gapic upgrade
([#&#8203;1824](googleapis/java-datastore#1824))
([a296d43](googleapis/java-datastore@a296d43))

###
[`v2.27.2`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2272-2025-04-25)

##### Bug Fixes

- **deps:** Update the Java code generator (gapic-generator-java) to
2.56.2
([1210f32](googleapis/java-datastore@1210f32))

##### Dependencies

- Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2
([#&#8203;1823](googleapis/java-datastore#1823))
([4d2026c](googleapis/java-datastore@4d2026c))

</details>

<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>

###
[`v2.38.0`](https://github.com/google/error-prone/releases/tag/v2.38.0):
Error Prone 2.38.0

New checks:

-
[`AddNullMarkedToPackageInfo`](https://errorprone.info/bugpattern/AddNullMarkedToPackageInfo):
adds
[`@org.jspecify.annotations.NullMarked`](https://jspecify.dev/docs/api/org/jspecify/annotations/NullMarked.html)
annotation to package-info files
- [`IntLiteralCast`](https://errorprone.info/bugpattern/IntLiteralCast):
Suggests a literal of the desired type instead of casting an int literal
to a long, float, or double
-
[`MisleadingEmptyVarargs`](https://errorprone.info/bugpattern/MisleadingEmptyVarargs):
Discourages calling varargs methods that expect at least one argument
with no arguments, like Mockito's `thenThrow`
-
[`PreconditionsExpensiveString`](https://errorprone.info/bugpattern/PreconditionsExpensiveString):
Discourages expensive string formatting in Guava `Preconditions` checks
- [`SelfSet`](https://errorprone.info/bugpattern/SelfSet): Detects
mistakes like `proto.setFoo(proto.getFoo())`
-
[`UnnecessaryCopy`](https://errorprone.info/bugpattern/UnnecessaryCopy):
detect unnecessary copies of proto Lists and Maps.

Closed issues:
[#&#8203;4924](google/error-prone#4924),
[#&#8203;4897](google/error-prone#4897),
[#&#8203;4995](google/error-prone#4995)

Full changelog:
google/error-prone@v2.37.0...v2.38.0

</details>

<details>
<summary>googleapis/google-http-java-client
(com.google.http-client:google-http-client-jackson2)</summary>

###
[`v1.47.0`](https://github.com/googleapis/google-http-java-client/blob/HEAD/CHANGELOG.md#1470-2025-04-28)

##### Features

- Next release from main branch is 1.47.0
([#&#8203;2087](googleapis/google-http-java-client#2087))
([f89cc4c](googleapis/google-http-java-client@f89cc4c))

##### Bug Fixes

- Encode + sign in url with %2B
([#&#8203;2094](googleapis/google-http-java-client#2094))
([1f8aca7](googleapis/google-http-java-client@1f8aca7))

##### Dependencies

- Update github/codeql-action action to v3.28.16
([#&#8203;2057](googleapis/google-http-java-client#2057))
([4fc3e3a](googleapis/google-http-java-client@4fc3e3a))

</details>

<details>
<summary>googleapis/google-auth-library-java
(com.google.auth:google-auth-library-oauth2-http)</summary>

###
[`v1.34.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1340-2025-04-29)

##### Features

- Implement X509 certificate provider
([#&#8203;1722](googleapis/google-auth-library-java#1722))
([4340684](googleapis/google-auth-library-java@4340684))
- Next release from main branch is 1.34.0
([#&#8203;1698](googleapis/google-auth-library-java#1698))
([fe43815](googleapis/google-auth-library-java@fe43815))
- Next release from main branch is 1.34.0
([#&#8203;1702](googleapis/google-auth-library-java#1702))
([4507cf9](googleapis/google-auth-library-java@4507cf9))

##### Bug Fixes

- Do not add padding in Client-Side CAB tokens.
([#&#8203;1728](googleapis/google-auth-library-java#1728))
([8a75ccd](googleapis/google-auth-library-java@8a75ccd))

</details>

<details>
<summary>docker-java/docker-java
(com.github.docker-java:docker-java-transport-httpclient5)</summary>

###
[`v3.5.0`](https://github.com/docker-java/docker-java/releases/tag/3.5.0)

[Compare
Source](docker-java/docker-java@3.4.2...3.5.0)

##### Breaking changes

- Fix InspectContainerResponse data types to be able to hold an int64
[@&#8203;eddumelendez](https://github.com/eddumelendez)
([#&#8203;2392](docker-java/docker-java#2392))
- Add some missed options to UpdateContainerCmd
[@&#8203;MillQK](https://github.com/MillQK)
([#&#8203;2389](docker-java/docker-java#2389))

##### 📈 Enhancements

- Add setters for security options and runtimes
[@&#8203;LarsSven](https://github.com/LarsSven)
([#&#8203;2384](docker-java/docker-java#2384))

##### 🐛 Bug Fixes

- Fix possible CME while replacing properties
[@&#8203;eddumelendez](https://github.com/eddumelendez)
([#&#8203;2416](docker-java/docker-java#2416))

##### Dependencies

- Bump com.google.guava:guava from 19.0 to 33.4.6-jre
[@&#8203;artragis](https://github.com/artragis)
([#&#8203;2300](docker-java/docker-java#2300))
- Bump org.awaitility:awaitility from 4.0.1 to 4.3.0
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2408](docker-java/docker-java#2408))
- Bump org.immutables:value from 2.8.2 to 2.10.1
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2220](docker-java/docker-java#2220))
- Bump org.apache.commons:commons-compress from 1.21 to 1.27.1
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2256](docker-java/docker-java#2256))
- Bump org.projectlombok:lombok from 1.18.22 to 1.18.38
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2210](docker-java/docker-java#2210))
- Bump com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from
2.10.3 to 2.18.3 [@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2281](docker-java/docker-java#2281))
- Bump jackson.version from 2.8.8 to 2.18.3
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2283](docker-java/docker-java#2283))
- Bump netty.version from 4.1.46.Final to 4.1.119.Final
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2302](docker-java/docker-java#2302))
- Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.80
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2254](docker-java/docker-java#2254))
- Bump commons-io:commons-io from 2.13.0 to 2.18.0
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2263](docker-java/docker-java#2263))
- Bump net.java.dev.jna:jna from 5.13.0 to 5.17.0
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2273](docker-java/docker-java#2273))
- Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.17.0
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2259](docker-java/docker-java#2259))
- Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.18.2 to
0.23.1 [@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2238](docker-java/docker-java#2238))
- Bump org.junit.jupiter:junit-jupiter from 5.10.0 to 5.12.1
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2241](docker-java/docker-java#2241))
- Bump junixsocket.version from 2.6.1 to 2.10.1
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2249](docker-java/docker-java#2249))
- Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.4.3
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2272](docker-java/docker-java#2272))
- Bump org.assertj:assertj-core from 3.24.2 to 3.27.3
[@&#8203;dependabot](https://github.com/dependabot)
([#&#8203;2291](docker-java/docker-java#2291))
- Upgrade Apache HttpClient to version 5.4
[@&#8203;ok2c](https://github.com/ok2c)
([#&#8203;2364](docker-java/docker-java#2364))

</details>

<details>
<summary>autonomousapps/dependency-analysis-android-gradle-plugin
(com.autonomousapps.dependency-analysis)</summary>

###
[`v2.17.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2170)

- \[Fix]: duplicate class warning doesn't warn about multiple
dependencies with same GAV.
- \[Fix]: ensure all capabilities are internally sorted; also
synthesized dependencies.
-   \[Fix]: ensure all dependencies are internally sorted.
- \[Fix]: ensure output of GraphViewTask is fully sorted (therefore
deterministic).
- \[Fix]: intermediate android res classes must have meaningful
hashCode() functions.
- \[Fix]: improve sorting of various build outputs to ensure
determinism.

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.48.2`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.2):
1.48.2

##### Components

##### Profiling

- 🐛 Bump ddprof-java to 1.24.0
([#&#8203;8717](DataDog/dd-trace-java#8717) -
[@&#8203;jbachorik](https://github.com/jbachorik))
- Add diagnostic counters for some failed unwinds by
[@&#8203;jbachorik](https://github.com/jbachorik) in
DataDog/java-profiler#202
- Add profiler counters for time spent in stack unwinding by
[@&#8203;bric3](https://github.com/bric3) in
DataDog/java-profiler#195
- Increase number of reserved frames (cherry-pick
[`6c0aff4`](DataDog/dd-trace-java@6c0aff4)) by
[@&#8203;MattAlp](https://github.com/MattAlp) in
DataDog/java-profiler#206
- Dwarf and JVMFlag related downports by
[@&#8203;jbachorik](https://github.com/jbachorik) in
DataDog/java-profiler#204

##### Tracer core

- 🐛 Turn off JDK socket support by default
([#&#8203;8716](DataDog/dd-trace-java#8716) -
[@&#8203;mcculls](https://github.com/mcculls))

##### Instrumentations

##### Akka instrumentation

- 🐛 Handle reentrant scope cleanup in Akka/Pekko actor
instrumentations
([#&#8203;8723](DataDog/dd-trace-java#8723) -
[@&#8203;mcculls](https://github.com/mcculls))

</details>

<details>
<summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary>

###
[`v1.12.783`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112783-2025-04-29)

[Compare
Source](aws/aws-sdk-java@1.12.782...1.12.783)

#### **Amazon S3**

-   ### Features
    -   Abort multipart download if object is modified during download.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 91d7374bcdee536ba58a6cd5ea2b1710688db2c0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhumin8 zhumin8 zhumin8 approved these changes

@lqiu96 lqiu96 lqiu96 approved these changes

@nbayati nbayati nbayati approved these changes

Assignees
No one assigned
Labels
size: s Pull request size is small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@huangjiahua @lqiu96 @zhumin8 @nbayati @yoshi-kokoro