v0.4.1

What's Changed

Dependency Updates

• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.16.0 to 6.17.0 by @dependabot in #239
• Bump io.github.gradle-nexus:publish-plugin from 1.2.0 to 1.3.0 by @dependabot in #241
• Bump gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin from 2.12.0 to 2.12.2 by @dependabot in #238
• Bump org.mockito:mockito-junit-jupiter from 5.1.1 to 5.2.0 by @dependabot in #240
• Bump amazoncorretto from 19 to 20 in /test-service by @dependabot in #261
• Bump pl.allegro.tech.build.axion-release from 1.14.4 to 1.15.0 by @dependabot in #257
• Bump org.slf4j:slf4j-api from 2.0.6 to 2.0.7 by @dependabot in #260
• Bump com.github.spotbugs.snom:spotbugs-gradle-plugin from 5.0.13 to 5.0.14 by @dependabot in #259
• Bump com.bmuschko.docker-remote-api from 9.2.1 to 9.3.0 by @dependabot in #254
• Bump com.gradle.publish:plugin-publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #263
• Bump org.mockito:mockito-junit-jupiter from 5.2.0 to 5.3.0 by @dependabot in #265
• Bump info.picocli:picocli from 4.7.1 to 4.7.3 by @dependabot in #262
• Bump com.bmuschko.docker-remote-api from 9.3.0 to 9.3.1 by @dependabot in #266
• Bump org.junit-pioneer:junit-pioneer from 2.0.0 to 2.0.1 by @dependabot in #267
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.17.0 to 6.18.0 by @dependabot in #264
• Bump org.mockito:mockito-junit-jupiter from 5.3.0 to 5.3.1 by @dependabot in #270
• Bump creekVersion from 0.4.1-SNAPSHOT to 0.4.1 by @dependabot in #269
• Bump org.testcontainers:testcontainers from 1.17.6 to 1.18.0 by @dependabot in #268

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

Exciting New Features 🎉

• Support debug-only env by @big-andy-coates in #236

Bug Fixes 🎉

• Ensure Docker container logs are captured on error by @big-andy-coates in #235

Dependency Updates

• Bump log4jVersion from 2.19.0 to 2.20.0 by @dependabot in #234
• Bump io.github.gradle-nexus:publish-plugin from 1.1.0 to 1.2.0 by @dependabot in #230
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.15.0 to 6.16.0 by @dependabot in #231
• Bump creekVersion from 0.3.3-SNAPSHOT to 0.4.0 by @dependabot in #243

Full Changelog: v0.3.2...v0.4.0

v0.3.2

What's Changed

Dependency Updates

• Bump com.bmuschko.docker-remote-api from 9.0.1 to 9.2.0 by @dependabot in #218
• Bump org.mockito:mockito-junit-jupiter from 5.1.0 to 5.1.1 by @dependabot in #219
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.14.0 to 6.15.0 by @dependabot in #223
• Bump com.bmuschko.docker-remote-api from 9.2.0 to 9.2.1 by @dependabot in #224
• Bump org.junit-pioneer:junit-pioneer from 1.9.1 to 2.0.0 by @dependabot in #225
• Bump pl.allegro.tech.build.axion-release from 1.14.3 to 1.14.4 by @dependabot in #226
• Bump creekVersion from 0.3.2-SNAPSHOT to 0.3.2 by @dependabot in #227

Full Changelog: v0.3.1...v0.3.2

v0.3.1

What's Changed

Exciting New Features 🎉

• Install FindSecBugs by @big-andy-coates in #213

Dependency Updates

• Bump junitVersion from 5.9.1 to 5.9.2 by @dependabot in #204
• Bump jacksonVersion from 2.14.1 to 2.14.2 by @dependabot in #209
• Bump picocli from 4.7.0 to 4.7.1 by @dependabot in #212
• Bump spotless-plugin-gradle from 6.12.1 to 6.14.0 by @dependabot in #210
• Bump mockito-junit-jupiter from 4.11.0 to 5.1.0 by @dependabot in #211
• Bump creekVersion from 0.3.1-SNAPSHOT to 0.3.1 by @dependabot in #216
• Bump amazoncorretto from 7b1c0e0 to a197d79 in /test-service by @dependabot in #214

Known security vulnerabilities in dependencies

At the time of release the following known security vulnerabilities existing in dependencies of the released Creek jars:

Snake YAML's Deserialization of Untrusted Data

See CVE-2022-1471 & GHSA-mjmj-j48q-9wg2.

At the time of writing, this was marked with High / Critical priority. However, if you read up on the
vulnerability,
you'll see the vulnerability is that the deserializer allows instantiation or arbitrary types, and this
can lead to remote code execution if you're parsing YAML from an untrustworthy source, e.g. text submitted
from a form on a website.

This is not an issue for Creek, as all YAML being deserialized is from a trusted source, i.e. you, the
user, running Creek system tests written in YAML.

SnakeYaml isn't used directly by Creek. Creek makes use of it via Jackson. Fixing this (none) issue in Creek is not currently possible.

Jackson core's Uncontrolled Resource Consumption

See sonatype-2022-6438.

At the time of writing, this is marked with High priority. However, if you
read up on this vulnerability, this is also about parsing
data from untrustworthy source.

This is not an issue for Creek, as all data being deserialized is from a trusted source, i.e. you, the
user, running Creek system tests written in YAML.

There is already a fix in Jackson. Creek will update to 2.15.0
of Jackson when it is released.

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

Exciting New Features 🎉

• Prefix container logging with service instance name by @big-andy-coates in #179
• Graceful shutdown of Docker containers by @big-andy-coates in #180
• Support custom mounts and environment variables by @big-andy-coates in #194

Dependency Updates

• Bump plugin-publish-plugin from 1.0.0 to 1.1.0 by @dependabot in #170
• Bump junit-pioneer from 1.7.1 to 1.8.0 by @dependabot in #171
• Bump slf4j-api from 2.0.3 to 2.0.5 by @dependabot in #178
• Bump junit-pioneer from 1.8.0 to 1.9.1 by @dependabot in #177
• Bump jacksonVersion from 2.14.0 to 2.14.1 by @dependabot in #175
• Bump mockito-junit-jupiter from 4.8.1 to 4.9.0 by @dependabot in #174
• Bump mockito-junit-jupiter from 4.9.0 to 4.10.0 by @dependabot in #185
• Bump testcontainers from 1.17.5 to 1.17.6 by @dependabot in #184
• Bump slf4j-api from 2.0.5 to 2.0.6 by @dependabot in #187
• Bump pl.allegro.tech.build.axion-release from 1.14.2 to 1.14.3 by @dependabot in #186
• Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by @dependabot in #190
• Bump mockito-junit-jupiter from 4.10.0 to 4.11.0 by @dependabot in #192
• Bump com.bmuschko.docker-remote-api from 8.1.0 to 9.1.0 by @dependabot in #191
• Bump spotless-plugin-gradle from 6.11.0 to 6.12.1 by @big-andy-coates in #195
• Bump amazoncorretto from 11 to 19 by @big-andy-coates in #197
• Downgrade docker-remote-api from 9.1.0 to 9.0.1 by @big-andy-coates in #198
• Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #202
• Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #203

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

Exciting New Features 🎉

• XML results writer by @big-andy-coates in #126
• Expose LocationAware type to extensions by @big-andy-coates in #130
• More useful error messages by @big-andy-coates in #141
• Print out summary of failures at end of test run. by @big-andy-coates in #142
• Add suite options by @big-andy-coates in #146
• Add an error at the suite level to capture start up issues by @big-andy-coates in #148

Dependency Updates

• Bump com.diffplug.spotless from 6.5.1 to 6.5.2 by @dependabot in #40
• Bump spotbugs-annotations from 4.6.0 to 4.7.0 by @dependabot in #41
• Bump com.diffplug.spotless from 6.5.2 to 6.6.1 by @dependabot in #43
• Bump jacksonVersion from 2.13.2 to 2.13.3 by @dependabot in #42
• Bump org.javamodularity.moduleplugin from 1.8.10 to 1.8.11 by @dependabot in #49
• Bump pl.allegro.tech.build.axion-release from 1.13.6 to 1.13.9 by @dependabot in #51
• Bump junit-pioneer from 1.7.0 to 1.7.1 by @dependabot in #54
• Bump mockito-junit-jupiter from 4.5.1 to 4.6.1 by @dependabot in #57
• Bump pl.allegro.tech.build.axion-release from 1.13.9 to 1.13.14 by @dependabot in #58
• Bump com.diffplug.spotless from 6.6.1 to 6.7.0 by @dependabot in #59
• Bump com.bmuschko.docker-remote-api from 7.0.0 to 7.4.0 by @dependabot in #75
• Bump com.diffplug.spotless from 6.7.0 to 6.7.2 by @dependabot in #74
• Bump spotbugs-annotations from 4.7.0 to 4.7.1 by @dependabot in #83
• Bump com.github.spotbugs from 5.0.6 to 5.0.9 by @dependabot in #88
• Bump log4jVersion from 2.17.2 to 2.18.0 by @dependabot in #86
• Bump com.diffplug.spotless from 6.7.2 to 6.8.0 by @dependabot in #85
• Bump testcontainers from 1.17.2 to 1.17.3 by @dependabot in #87
• Bump pl.allegro.tech.build.axion-release from 1.13.14 to 1.14.0 by @dependabot in #93
• Bump org.javamodularity.moduleplugin from 1.8.11 to 1.8.12 by @dependabot in #94
• Bump com.diffplug.spotless from 6.8.0 to 6.9.1 by @dependabot in #95
• Bump junitVersion from 5.8.2 to 5.9.0 by @dependabot in #91
• Bump com.bmuschko.docker-remote-api from 7.4.0 to 8.0.0 by @dependabot in #97
• Bump mockito-junit-jupiter from 4.6.1 to 4.7.0 by @dependabot in #96
• Bump com.github.spotbugs from 5.0.9 to 5.0.10 by @dependabot in #99
• Bump slf4j-api from 1.7.36 to 2.0.0 by @dependabot in #98
• Bump com.diffplug.spotless from 6.9.1 to 6.10.0 by @dependabot in #100
• Bump spotbugs-annotations from 4.7.1 to 4.7.2 by @dependabot in #103
• Bump com.github.spotbugs from 5.0.10 to 5.0.12 by @dependabot in #104
• Bump jacksonVersion from 2.13.3 to 2.13.4 by @dependabot in #101
• Bump mockito-junit-jupiter from 4.7.0 to 4.8.0 by @dependabot in #112
• Bump slf4j-api from 2.0.0 to 2.0.1 by @dependabot in #116
• Bump pl.allegro.tech.build.axion-release from 1.14.0 to 1.14.1 by @dependabot in #117
• Bump com.diffplug.spotless from 6.10.0 to 6.11.0 by @dependabot in #118
• Bump com.bmuschko.docker-remote-api from 8.0.0 to 8.1.0 by @dependabot in #122
• Bump junitVersion from 5.9.0 to 5.9.1 by @dependabot in #121
• Bump slf4j-api from 2.0.1 to 2.0.2 by @dependabot in #123
• Bump slf4j-api from 2.0.2 to 2.0.3 by @dependabot in #132
• Bump pl.allegro.tech.build.axion-release from 1.14.1 to 1.14.2 by @dependabot in #133
• slf4j by @big-andy-coates in #137
• Bump actions/checkout from 2 to 3.1.0 by @dependabot in #143
• Bump testcontainers from 1.17.3 to 1.17.5 by @dependabot in #144
• Bump spotbugs-annotations from 4.7.2 to 4.7.3 by @dependabot in #152
• Bump com.github.spotbugs from 5.0.12 to 5.0.13 by @dependabot in #153
• Bump mockito-junit-jupiter from 4.8.0 to 4.8.1 by @dependabot in #154
• Bump picocli from 4.6.3 to 4.7.0 by @dependabot in #162

Less Exciting Things

• Snapshot builds by @big-andy-coates in #34
• Recursively load test packages by @big-andy-coates in #35
• Test executor to load test cases by @big-andy-coates in #39
• Spotbugs to exclude test-only modules by @big-andy-coates in #45
• Drop Seed type by @big-andy-coates in #46
• Drop BaseRef by @big-andy-coates in #47
• Flip API by @big-andy-coates in #48
• Build occasionally by @big-andy-coates in #52
• Minor text corrections by @big-andy-coates in #56
• Add start of test service by @big-andy-coates in #61
• Test lifecycle listeners by @big-andy-coates in #63
• Define API for suites & tests exposed to extensions by @big-andy-coates in #65
• Add Component Discovery and wire in stub services under test by @big-andy-coates in #66
• Start services in docker containers by @big-andy-coates in #67
• Add service instances before extension beforeSuite method is called by @big-andy-coates in #70
• Restructure testsuite services and add interface to modify service instances by @big-andy-coates in #71
• Support service instances having environment variables and exposed ports by @big-andy-coates in #72
• More generic service container by @big-andy-coates in #73
• Support starting 3rd-party service instances from extensions by @big-andy-coates in #77
• Add ServiceCollection.get() and ConfigurableServiceInstance by @big-andy-coates in #84
• Add test util serviceDefinitions() by @big-andy-coates in #89
• Validate descriptors by @big-andy-coates in #90
• Plug in ResourceInitializer by @big-andy-coates in #106
• Restructure test environment api by @big-andy-coates in #107
• Functional test covering shared resources by @big-andy-coates in #108
• Update to wildcard ResourceHandler by @big-andy-coates in #109
• Support initializing service extensions by @big-andy-coates in #110
• Remove validate call from ResourceHandler. by @big-andy-coates in #111
• Support d...