
<!---
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-->
<h1 id="apache-yetus--0140-release-notes">Apache Yetus  0.14.0 Release Notes</h1>

<p>These release notes cover new developer and user-facing incompatibilities, important issues, features, and major improvements.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1057">YETUS-1057</a></td>
          <td><em>Major</em></td>
          <td><strong>Remove findbugs support</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>Support for FindBugs has been removed as SpotBugs has completely replaced it.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1122">YETUS-1122</a></td>
          <td><em>Major</em></td>
          <td><strong>pylint: provide option to ignore 'bad-option-value'</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>pylint will no longer flag options that are unsupported by the running version of pylint by default.  The <code>--pylint-ignore-bad-option-value</code> has been added to control this behavior.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1121">YETUS-1121</a></td>
          <td><em>Major</em></td>
          <td><strong>Rewrite shelldocs</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p><code>shelldocs</code> errors now go to stderr. Previously they went to stdout.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1119">YETUS-1119</a></td>
          <td><em>Major</em></td>
          <td><strong>Update dependencies</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>Utilities within the Docker container have been upgraded, including several to major versions.  There will likely be incompatible changes as a result.</p>

<p>List:</p>

<ul>
  <li>bats 1.2.1 -&gt; 1.4.1</li>
  <li>buf 0.21.0 -&gt; 0.56.0</li>
  <li>bundler 2.1.4 -&gt; 2.2.7</li>
  <li>checkmake now set at 8915bd409</li>
  <li>codespell pre-2.0 -&gt; 2.1.0</li>
  <li>golangci-lint 1.31.0 -&gt; 1.42.1</li>
  <li>hadolint 1.18.0 -&gt; 2.7.0</li>
  <li>jshint 2.12.0 -&gt; 2.13.1</li>
  <li>markdownlint-cli 0.23.2 -&gt; 0.28.1</li>
  <li>pylint 2.5.3 -&gt; 2.11.1</li>
  <li>rake 13.0.1 -&gt; 13.0.3</li>
  <li>rubocop 0.90.0 -&gt; 1.21.0</li>
  <li>shellcheck 0.7.1 -&gt; 0.7.2</li>
  <li>spotbugs 4.2.2 -&gt; 4.4.1</li>
  <li>yamllint 1.24.2 -&gt; 1.26.3</li>
</ul>

<p>Anything not mentioned is either unchanged or the latest top of tree</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1127">YETUS-1127</a></td>
          <td><em>Major</em></td>
          <td><strong>exclusions rework</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->

<p>Users:</p>

<p>Exclusion support has been modified to be slightly incompatible with previous releases:</p>

<ul>
  <li>By default, <code>.yetus/excludes.txt</code> was supposed to have been read. However in previous releases it was ignored unless manually specified.</li>
  <li><code>--excludes</code> has been restricted such that only files within the source repository, especially when running in <code>--docker</code> mode</li>
  <li>During a PR, the working set of changed files will now be completely recalculated, not just have additional files excluded.</li>
  <li>The <code>asflicense</code> plug-in will now honor the global excludes file unless <code>--asflicense-rat-globalexcludes=false</code> is passed.</li>
  <li>As a reminder, the excludes file needs to be regular expressions, not file globs. Therefore <code>.*</code> is the 'match everything' string.</li>
  <li>Several bugs with exclusion in various plug-ins have been simplified/cleaned up and should result in fewer corner-case issues.</li>
</ul>

<p>Developers:</p>

<ul>
  <li><code>yetus_file_to_array</code> has been modified to additionally strip out lines that contain spaces in addition to empty lines and lines that begin with a comment.</li>
  <li>The private function <code>find_changed_dirs</code> and the <code>CHANGED_DIRS</code> variable has been removed. It has always been broken and nothing was known to use it.</li>
</ul>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1139">YETUS-1139</a></td>
          <td><em>Major</em></td>
          <td><strong>Option to limit docker build output</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>A new option to send the output of docker build to a log.  This option is automatically enabled on Travis CI as it kills jobs that send too much data to console (~30k).</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1141">YETUS-1141</a></td>
          <td><em>Major</em></td>
          <td><strong>Write container images to ghcr.io</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<p>Container images are now available at ghcr.io/apache/yetus and ghcr.io./apache/yetus-base.  The Dockerhub source will continue to be updated for the time being, however only the x86 image will be available.  Users should migrate to the Github repository as the Dockerhub images will likely be removed in the future.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1138">YETUS-1138</a></td>
          <td><em>Major</em></td>
          <td><strong>Better support for multiple architectures</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<p>The various Dockerfiles should now be much more compatible with various chipets.  In addition to x86, arm64 container images are now published on the ghcr.io registry, enabling easier access for machines like Apple's M1.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1152">YETUS-1152</a></td>
          <td><em>Major</em></td>
          <td><strong>Upgrade buf</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>As of this release, <code>test-patch</code> only supports buf v0.34.0 and higher.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-557">YETUS-557</a></td>
          <td><em>Major</em></td>
          <td><strong>Investigate switching to jdk.javadoc.doclet</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>The audience annotations doclet code now requires JDK 11+.  Additionally, the default Apache Yetus container no longer has JDK 8.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1156">YETUS-1156</a></td>
          <td><em>Major</em></td>
          <td><strong>[April 2022] Update Dependencies</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>More updates to versions:</p>

<ul>
  <li>ansiblelint 5.2.1 -&gt; 5.5.0</li>
  <li>buf 1.0.0-rc10 -&gt; 1.3.1</li>
  <li>bundler 2.2.27 -&gt; 2.3.10</li>
  <li>checkmake is now 0.2.1</li>
  <li>detect-secrets IBM 0.13 -&gt; Yelp 1.2.0</li>
  <li>golangcilint 1.42.1 -&gt; 1.45.2</li>
  <li>hadolint 2.8.0 -&gt; 2.10.0</li>
  <li>jshint 2.13.1 -&gt; 2.13.4</li>
  <li>markdownlint-cli 0.28.1 -&gt; 0.31.1</li>
  <li>maven 3.8.4 -&gt; 3.8.5</li>
  <li>pylint 2.11.1 -&gt;2.13.4</li>
  <li>rake 13.0.3 -&gt; 13.0.6</li>
  <li>rubocop 1.21.0 -&gt; 1.26.1</li>
  <li>shellcheck 0.7.2 -&gt; 0.8.0</li>
  <li>spotbugs 4.4.1 -&gt; 4.6.0</li>
</ul>

<p>As usual, versions not mentioned were either unchanged or latest top of tree.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1132">YETUS-1132</a></td>
          <td><em>Blocker</em></td>
          <td><strong>EOL JDK8 Support</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>JDK8 support for audience annotations has been removed.  JDK11 or higher is required.</p>

<p>The Apache Yetus container now has JDK11 as the base JDK.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1159">YETUS-1159</a></td>
          <td><em>Blocker</em></td>
          <td><strong>fixes for CVE-2022-24765</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->

<p>Users:</p>

<p>If precommit is running within a container, set <code>GIT_DIR</code> and <code>GIT_CEILING_DIRECTORIES</code> to provide some assistance with CVE-2022-24765.  If running outside of a container, there is an assumption that the user has a properly configured environment.</p>

<p>Developers:</p>

<p>This change now adds a new yetus_is_container function.  It should be noted that there is no guaranteed way to determine if a process is in a container (especially from within the container) but there are some parts of the environment that are able to be checked to provide at least a pretty good guess.</p>

<hr />

<ul>
  <li>
    <table class="table table-bordered table-striped">
      <tbody>
        <tr>
          <td><a href="https://issues.apache.org/jira/browse/YETUS-1030">YETUS-1030</a></td>
          <td><em>Major</em></td>
          <td><strong>Support linecomments in junit</strong></td>
        </tr>
      </tbody>
    </table>
  </li>
</ul>

<!-- markdown -->
<p>The JUnit report output has been changed to support two formats, one generated using line-level and the other being a full report with URLs. By default, line is the default with the exception of Circle CI.</p>

<p>Jenkins users should now be able to process the output with the WarningsNG plug-in to provide better feedback in the Jenkins UI.</p>

