)]}' { "log": [ { "commit": "4d90f53f2d360e622f0d6e3006dedcec497b1d38", "tree": "7a99cae5bb4282532d47ad3ec87dcdc85d90d364", "parents": [ "43c0cee2e3ccfadfa5bcb46b53d33d26f942fce5" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Fri Apr 24 17:02:34 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 24 09:02:34 2026 -0700" }, "message": "Update dependency com.github.dasniko:testcontainers-keycloak to v4.2.1 (#4283)" }, { "commit": "43c0cee2e3ccfadfa5bcb46b53d33d26f942fce5", "tree": "f9ea3c4627bafc355bb428cbce8795d8364b834c", "parents": [ "cf93e09924e2587be4c07b12d0524323bb9bfff3" ], "author": { "name": "Selvamohan Neethiraj", "email": "sneethir@apache.org", "time": "Fri Apr 24 09:18:26 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 24 09:18:26 2026 -0400" }, "message": "Added Integration Tests to validate auto-upgrade of Graalvm version by Renovate-bot (#4275) (#4277)\n\n* Ranger IT for Policy Conditions that invokes GraalVM script engine (#4275)\n\n* modified method names for the integration test for PolicyCondition (#4275)\n\n* modified policy name associated with the integration tests for PolicyCondition (#4275)\n\n* Updated IT to validate graalvm script execution with attribute-based access control policies (#4275)\n\n* Updated code based on spotlessApply (#4275)" }, { "commit": "cf93e09924e2587be4c07b12d0524323bb9bfff3", "tree": "520c5911c6adb1da3959e32ffb665d11540c7bac", "parents": [ "e3cdc5c67ae5444f418911d3a1e6031d54523981" ], "author": { "name": "Adnan Hemani", "email": "adnan.h@berkeley.edu", "time": "Thu Apr 23 14:36:24 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 14:36:24 2026 -0700" }, "message": "Cut CHANGELOG over, Add 1.4.0 Documentation Pages (#4264)\n\n* Cut CHANGELOG, Add 1.4.0 Documentation Pages\n\n* typo\n\n* typo 2\n\n* additional manual steps\n\n* another pass over CHANGELOG\n\n* another pass on CHANGELOG" }, { "commit": "e3cdc5c67ae5444f418911d3a1e6031d54523981", "tree": "d0f513e3e623d38adc3d57c0b1d17ee6faad0c70", "parents": [ "676c04db57da2677ef068abb439ce42d5287e8d6" ], "author": { "name": "Adnan Hemani", "email": "adnan.h@berkeley.edu", "time": "Thu Apr 23 12:20:48 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 12:20:48 2026 -0700" }, "message": "Fix Website Instructions for Releasing Documentation (#4280)" }, { "commit": "676c04db57da2677ef068abb439ce42d5287e8d6", "tree": "3b88e89eee43e679a70927cba135bb9f8dd325db", "parents": [ "96452fcafe4ca79093edac4a7922a43dceda9780" ], "author": { "name": "Yufei Gu", "email": "yufei@apache.org", "time": "Wed Apr 22 20:43:55 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 20:43:55 2026 -0700" }, "message": "Regtests: harden MinIO client download and fail fast when setup breaks (#4279)" }, { "commit": "96452fcafe4ca79093edac4a7922a43dceda9780", "tree": "c53d9c0c7e902b4ae9a6d83613e3a3db9107bd25", "parents": [ "bce7b238373abf101047d5451788720e7a1ed99d" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Thu Apr 23 04:29:36 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 22:29:36 2026 -0500" }, "message": "Update dependency pre-commit to v4.6.0 (#4266)" }, { "commit": "bce7b238373abf101047d5451788720e7a1ed99d", "tree": "06bd7bf262493f69bb0194d4215804a9bd23f693", "parents": [ "5478b68fa0024533af56ae1b472d562f1a989a41" ], "author": { "name": "Yufei Gu", "email": "yufei@apache.org", "time": "Wed Apr 22 15:58:34 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 15:58:34 2026 -0700" }, "message": "Service: Self-annotate DefaultPolarisAuthorizerFactory and move to service module (#4267)" }, { "commit": "5478b68fa0024533af56ae1b472d562f1a989a41", "tree": "a3e451478ef08d785bf14819527d112ec0945ab5", "parents": [ "de255b20ba9ef03118e583faff61a498f22a53fc" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Wed Apr 22 15:46:50 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 15:46:50 2026 +0200" }, "message": "NoSQL: filter ACL entries by direction in loadGrants (#4222)\n\nFixes #4219.\n\nThe NoSQL persistence layer stores both directional entry flavors in a single ACL document: reverse (\u0027r/\u0027) entries where the entity is the grantee, and directed (\u0027d/\u0027) entries where it is the securable. When loading grants for a specific perspective (grantee or securable), both flavors were returned, causing entities like `catalog_admin` — which appear as both grantee and securable — to produce incorrect grant records and trigger \"Unexpected entity type \u0027CATALOG_ROLE\u0027\" errors." }, { "commit": "de255b20ba9ef03118e583faff61a498f22a53fc", "tree": "4c76a226c59bf5c36ef93cd0e42f52d0b2d73cc1", "parents": [ "0a6d7e677d4684985049e45957af3f161196551e" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Wed Apr 22 08:29:54 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 08:29:54 2026 -0500" }, "message": "Fix spark jupyter guide (#4271)" }, { "commit": "0a6d7e677d4684985049e45957af3f161196551e", "tree": "dbd2552e08e2471b3c743419b8bedac3cc55ede9", "parents": [ "7334a4dc4123db1b68942029a9139dca6442b49b" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Wed Apr 22 08:29:32 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 08:29:32 2026 -0500" }, "message": "CLI: Optimize generate_clients.py with dirs pruning (#4243)" }, { "commit": "7334a4dc4123db1b68942029a9139dca6442b49b", "tree": "c7d9f0465bbf76ca5b7a68dab6b6a51c8b290e23", "parents": [ "1dff5f53ca3aa76cd929912f2cb9b2f15be747fa" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 22 07:14:03 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 08:14:03 2026 +0200" }, "message": "Update dependency org.agrona:agrona to v2.4.1 (#4268)" }, { "commit": "1dff5f53ca3aa76cd929912f2cb9b2f15be747fa", "tree": "3bd6018f50a6a10425037a849aa87091755e2774", "parents": [ "ae03ac67c6dd2c801c7682e920081051bce8ad65" ], "author": { "name": "Selvamohan Neethiraj", "email": "sneethir@infotekies.com", "time": "Wed Apr 22 01:34:46 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 22:34:46 2026 -0700" }, "message": "Implement Apache Ranger Authorization Plugin (#3928)" }, { "commit": "ae03ac67c6dd2c801c7682e920081051bce8ad65", "tree": "dde9d8ea58d7ed1308d759178190ad825fe36952", "parents": [ "16e67977364942ee7d18679ba89b02dbe4116627" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 22 02:47:19 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 20:47:19 2026 -0500" }, "message": "Update dependency mypy to \u003e\u003d1.20, \u003c\u003d1.20.2 (#4265)" }, { "commit": "16e67977364942ee7d18679ba89b02dbe4116627", "tree": "6725dff1644f104d2816ef83705e10cdc75ca280", "parents": [ "b57b43f07b7b4ef8ead564294a7bdb5d57aef918" ], "author": { "name": "Prashant Singh", "email": "35593236+singhpk234@users.noreply.github.com", "time": "Tue Apr 21 14:53:14 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 14:53:14 2026 -0700" }, "message": "JDBC: Replace coarse-grained synchronized methods with per-realm locking (#4054)\n\n* JDBC: Replace caching with on-demand creation of stateless persistence objects\n\nJdbcBasePersistenceImpl and AtomicOperationMetaStoreManager are stateless\n(all fields are final and set at construction). Caching them behind locks\nwas unnecessary. This change creates them on demand per call, eliminating\nsynchronization for the common request path.\n\nOnly genuinely stateful objects remain cached:\n- InMemoryEntityCache (shared Caffeine cache across requests)\n- Schema version per realm (stable, loaded from DB once)\n- Bootstrap verification status per realm (memoized to avoid repeated DB hits)\n\n* JDBC: Add per-realm ReadWriteLock and cache DatasourceOperations\n\n- Add per-realm fair ReadWriteLock: read lock for request-path methods\n (getOrCreateSession, getOrCreateEntityCache), write lock for purge.\n Purge is now atomic relative to requests for that realm.\n- Cache DatasourceOperations with double-checked locking — avoids\n per-request DB connection for DatabaseType inference.\n- Add synchronized to purgeRealms for bootstrap/purge mutual exclusion.\n- Requests for different realms never contend with each other.\n\n* Fix purge of non-bootstrapped realms returning success instead of failure\n\nThe refactored purgeRealms no longer calls getOrCreateMetaStoreManager\n(which checked bootstrap status). Add an explicit check for the root\nprincipal before purging — non-bootstrapped realms now return\nENTITY_NOT_FOUND instead of silently succeeding.\n\n* Simplify locking: remove per-realm ReadWriteLock, use synchronized purge\n\nPer review feedback: JDBC persistence objects are stateless and purge runs\nin Admin CLI (separate JVM), so per-realm ReadWriteLock is unnecessary.\nConcurrentHashMap.computeIfAbsent is already atomic for entity cache.\n\n* Make Random instance static in DatasourceOperations\n\nAvoids creating a new Random per instance; a single shared static\ninstance gives better entropy and avoids unnecessary allocation.\n\n* Replace DCL caching with CDI-managed DatasourceOperations\n\nUse a @Produces @ApplicationScoped method in JdbcMetaStoreManagerFactory\nto let CDI manage the DatasourceOperations singleton, eliminating the\nmanual volatile + double-checked locking pattern.\n\n* Cleanup: make entityCacheMap private, producer static, explicit fallbackOnDne plumbing\n\n- Make entityCacheMap private (was package-private by oversight)\n- Make produceDatasourceOperations static since it doesn\u0027t access instance state\n- Thread fallbackOnDne as explicit parameter through createSession/getOrLoadSchemaVersion\n instead of reading config inside computeIfAbsent lambda. Bootstrap and purge\n hardcode true; normal request path reads from realm config at entry point.\n\n* Fix ContextNotActiveException in event listener flush on background threads\n\nReplace @Inject RealmConfig (request-scoped) with @Inject RealmConfigurationSource\n(application-scoped) to avoid ContextNotActiveException when getOrCreateSession\nis called from non-request-scoped contexts like the InMemoryBufferEventListener\nflush running on Mutiny worker threads.\n\n* chore: retrigger CI" }, { "commit": "b57b43f07b7b4ef8ead564294a7bdb5d57aef918", "tree": "e4fdec1a23fd4d41a973eae3f0f5a1af225ebbc4", "parents": [ "d349a90e60e38dd21bf774fe4d055639715cd7c2" ], "author": { "name": "Yufei Gu", "email": "yufei@apache.org", "time": "Tue Apr 21 09:25:13 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 09:25:13 2026 -0700" }, "message": "Simplify Spark configuration with credential vending (#4218)" }, { "commit": "d349a90e60e38dd21bf774fe4d055639715cd7c2", "tree": "4f4b10dba45900c5200b463947c41a1e903732a4", "parents": [ "4d2b25a9a89e52bef5da1a2f0ef1e8cb4d429fbf" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Tue Apr 21 09:48:33 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 09:48:33 2026 +0200" }, "message": "Silence deprecated-for-removal warning in `PolarisEventListenerOldConfigurationTest` (#4254)" }, { "commit": "4d2b25a9a89e52bef5da1a2f0ef1e8cb4d429fbf", "tree": "315ca8c83d803fc50c7724d74d31d3103cc53155", "parents": [ "523fe9e43721306a6e3f9def48d9160b239d45dd" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Tue Apr 21 09:48:24 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 09:48:24 2026 +0200" }, "message": "Fix deprecation warning in RelationalJdbcIdempotencyStorePostgresIT (#4253)\n\nReplace deprecated `PostgreSQLContainer` type." }, { "commit": "523fe9e43721306a6e3f9def48d9160b239d45dd", "tree": "054f6da8699ea226a8d5152348b444955e96f5d9", "parents": [ "31738932fd37ab8379417823c6d6f7025c72beb5" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Tue Apr 21 09:48:16 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 09:48:16 2026 +0200" }, "message": "NoSQL: fix compilation warning (#4252)\n\nFixes this compilation warning:\n```\nwarning: unknown enum constant Include.NON_DEFAULT\n reason: class file for com.fasterxml.jackson.annotation.JsonInclude$Include not found\n```" }, { "commit": "31738932fd37ab8379417823c6d6f7025c72beb5", "tree": "cd57fc5bbc51e5994867c33ea3acba703634e71a", "parents": [ "23b45f9a0197d87afe3cc0898a37e8834fabf07f" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Tue Apr 21 06:10:24 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 07:10:24 2026 +0200" }, "message": "Update dependency io.smallrye.config:smallrye-config-core to v3.17.2 (#4258)" }, { "commit": "23b45f9a0197d87afe3cc0898a37e8834fabf07f", "tree": "9b748171086e84c9cecbdd4cf8d055f9e793aacb", "parents": [ "aaea9a32af658e286e2876bac024d285f6b666ba" ], "author": { "name": "Nándor Kollár", "email": "nandorKollar@users.noreply.github.com", "time": "Tue Apr 21 00:10:54 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 15:10:54 2026 -0700" }, "message": "Create PolarisEvent only when event type is enabled by at least one event listener (#4064)\n\n* Create PolarisEvent only when event type is enabled by at least one event listener\n\n* Fix dispatcher: channel for each even type\n\n* Test event listeners\n\n* AwsCloudWatchEventListener shouldn\u0027t listen only for a certain event type\n\n* fix style\n\nCo-authored-by: Oleg Soloviov \u003c40199597+olsoloviov@users.noreply.github.com\u003e\n\n* Add event categories\n\n* Address comments: refactor PolarisEventListeners and use CopyOnWriteArrayList in test\n\n* Replace latch to awaitability, add back listener to verify two listeners without config works\n\n* Improve doc\n\n* Simplify CATALOG_EVENTS\n\n* Refactor test\n\n* Fix typo\n\n* Double check that event type is enabled\n\n* Use EnumSet instead of BitSet\n\n* Fix doc format\n\n* Rename eventsByType to enabledEventTypes\n\n* Add new event listener features to changelog\n\n* Fix incorrect comment and doc\n\n---------\n\nCo-authored-by: Oleg Soloviov \u003c40199597+olsoloviov@users.noreply.github.com\u003e" }, { "commit": "aaea9a32af658e286e2876bac024d285f6b666ba", "tree": "7d40268ec701b54d32b6db7c5d028c11415562c8", "parents": [ "c9e1492f39ba2e9d85e901a4780adbe03afcb557" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 20:28:40 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 21:28:40 2026 +0200" }, "message": "Update dependency org.testcontainers:testcontainers-bom to v2.0.5 (#4256)" }, { "commit": "c9e1492f39ba2e9d85e901a4780adbe03afcb557", "tree": "751b8e910825864745ec8cb70a58c46f51944aea", "parents": [ "9618be68fb25bc6e4c924381d3ba9006a2e292ce" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 20:07:49 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 15:07:49 2026 -0400" }, "message": "Update cockroachdb/cockroach Docker tag to v26.1.3 (#4255)" }, { "commit": "9618be68fb25bc6e4c924381d3ba9006a2e292ce", "tree": "da31b2db8025598f16063535f5714bea770fcbe4", "parents": [ "ed1bbb2be28a4238b81281732a691ece6703aad1" ], "author": { "name": "Badrul Chowdhury", "email": "badrulchowdhury17@gmail.com", "time": "Mon Apr 20 12:01:55 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 19:01:55 2026 +0000" }, "message": "Replace deprecated getOrComputeIfAbsent() API calls (#3944)\n\n* Replace deprecated getOrComputeIfAbsent() API calls for org.junit.jupiter.api.extension with computeIfAbsent().\n\n* Added a note in CHANGELOG.md about forcing downstream projects to use JUnit 6" }, { "commit": "ed1bbb2be28a4238b81281732a691ece6703aad1", "tree": "f9768559e2626fbd3d11e7556fe717db087baed8", "parents": [ "9fe8fc97b32a0380fc97bb9e1ff59e948dd5bac7" ], "author": { "name": "Joy Haldar", "email": "joyno.23@gmail.com", "time": "Mon Apr 20 23:14:11 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 10:44:11 2026 -0700" }, "message": "Add BigQuery Metastore federation support (#4050)" }, { "commit": "9fe8fc97b32a0380fc97bb9e1ff59e948dd5bac7", "tree": "a4ce4f6d84cbfc5d7cea18a9d799f98d83af69c9", "parents": [ "84c2a20a22451ec4c1cff4004e8ad9cef2ae5890" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Mon Apr 20 16:40:53 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 16:40:53 2026 +0200" }, "message": "Use randomly picked port in RustfsContainer (#4242)\n\n... instead of a fixed port (9000), which frequently creates port conflicts on developer machines." }, { "commit": "84c2a20a22451ec4c1cff4004e8ad9cef2ae5890", "tree": "5cc497aae11d4d059cb7600af191a00ed12f715d", "parents": [ "473bd22c6be39e44a0b4a91e156b64e145c93005" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Mon Apr 20 08:04:19 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 08:04:19 2026 -0500" }, "message": "Fix text for host and port with profile update (#4244)" }, { "commit": "473bd22c6be39e44a0b4a91e156b64e145c93005", "tree": "9ddc5511b19729f0cc8fc7b4a0dd00c01fa12383", "parents": [ "3fb71739f0e777d3f80a78759905a81c9bec9c90" ], "author": { "name": "JB Onofré", "email": "jbonofre@apache.org", "time": "Mon Apr 20 07:34:23 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 07:34:23 2026 +0200" }, "message": "Add Polaris Community Meetings for 2026-04-02 and 2026-04-16 (#4241)" }, { "commit": "3fb71739f0e777d3f80a78759905a81c9bec9c90", "tree": "003a9c603d4d24c960ad6ac67914278439bfc3f0", "parents": [ "d602d9c111a9f1388d10ad477c0a3828d461e72e" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 06:04:25 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 07:04:25 2026 +0200" }, "message": "Update dependency org.apache.httpcomponents.client5:httpclient5 to v5.6.1 (#4246)" }, { "commit": "d602d9c111a9f1388d10ad477c0a3828d461e72e", "tree": "359ee68f8209488f1e9ef1def3b7e7d807b7f22e", "parents": [ "40850e3f4b5bf6d877550b4dbbaa9c3c3d4b1bd3" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 05:22:02 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 06:22:02 2026 +0200" }, "message": "Update amazon/aws-cli Docker tag to v2.34.32 (#4247)" }, { "commit": "40850e3f4b5bf6d877550b4dbbaa9c3c3d4b1bd3", "tree": "6f28370122b08f5ec67e01c3503036aedf606b14", "parents": [ "87ec6ae0fcd75379529eeab6ddb22ae573c41ab8" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 05:21:08 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 06:21:08 2026 +0200" }, "message": "Update dependency software.amazon.awssdk:bom to v2.42.36 (#4248)" }, { "commit": "87ec6ae0fcd75379529eeab6ddb22ae573c41ab8", "tree": "cf6d9f329bb8577e98e4e3c52c9f3f1793d530e7", "parents": [ "bb72f62e4e25f2dc52ca87afdb98c2434cd4a8e4" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 20 05:20:37 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 20 06:20:37 2026 +0200" }, "message": "Update registry.access.redhat.com/ubi9/openjdk-21-runtime Docker tag to v1.24-2.1776357028 (#4249)" }, { "commit": "bb72f62e4e25f2dc52ca87afdb98c2434cd4a8e4", "tree": "417197ce24505f5189ad51d789bc9c2a36db6530", "parents": [ "d6f5489f2c934f660607b970baf8b0b864e73a82" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Sat Apr 18 19:22:01 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 19:22:01 2026 +0200" }, "message": "NoSQL: fix phantom grants for dropped/non-existent entities (#4233)\n\nThe `loadGrants()` method never verified the anchor entity exists, always returning `SUCCESS` with a hardcoded version of 1. This violated the `PolarisGrantManager` contract which requires `ENTITY_NOT_FOUND` when the entity is missing, and allowed stale ACLs to surface as valid grants.\n\nAdditionally, the bidirectional ACL model produced self-referencing entries when `securable \u003d\u003d grantee`, causing an entity to appear in its own grant list. These are now filtered out on read." }, { "commit": "d6f5489f2c934f660607b970baf8b0b864e73a82", "tree": "f93de33b5c1a15bf907b1b847e3abbc92c51cdb8", "parents": [ "b108564f6e8c96bacb0d16225da401b9ca80ffb9" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Sat Apr 18 15:53:12 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 15:53:12 2026 +0200" }, "message": "Revalidate grant entities before NoSQL grant or revoke (#4234)\n\nBefore persisting a grant or revoke in the NoSQL metastore, validate that the securable and grantee entity references actually exist and have the correct type. Previously, stale or mismatched entity references could be silently written as grant records." }, { "commit": "b108564f6e8c96bacb0d16225da401b9ca80ffb9", "tree": "764ba39241da3bb2bcb11e8d33ec1cb296aa1e03", "parents": [ "f8efd36332544ef3401743f7fd13d336d88601cf" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Sat Apr 18 10:33:51 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 10:33:51 2026 +0200" }, "message": "CI: Make security workflows CodeQL + Zizmor a real PR-merge-gate (#4224)\n\nThe workflows ci-zizmor.yml, ci-codeql.yml and ci-asf-allowlist-check.yml are currently _not_ part of the CI commit-gate (required action). This change moves those workflows into the main ci.yml workflows or adds those to `.asf.yaml`, letting all 3 act as a real PR-merge-gate." }, { "commit": "f8efd36332544ef3401743f7fd13d336d88601cf", "tree": "f23cfa8a150569586b1e1615a60ad5f52c83c9e4", "parents": [ "1a7b21c54e6464b18ec62c5ef744e424f17bcfff" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Sat Apr 18 10:33:15 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 10:33:15 2026 +0200" }, "message": "CI: Use Zizmor defaults (#4223)\n\nZizmor is a static analysis toll, which, by the nature of such tools, does not consider the context of a finding, but judges on using static patters. Users can either deal with false positives or silence a lot to a level that they don\u0027t report much by default. Hiding those can, in case of security issues, be dangerous.\n\n\u0027low\u0027 confidence doesn\u0027t mean that the risk does not exist nor that the issue is not exploitable.\n\n\u0027informational\u0027/\u0027low\u0027 severity issues today can become \u0027high\u0027 or even \u0027critical\u0027 ones tomorrow. Hiding those can easily give a false sense of security.\n\nChains of informational/low severity/confidence issues have led to exactly the recent tj-actions incident. Some of these are:\n\n* unpinned actions: this is _still_ a risk, just look at the [approved wildcard patterns](https://github.com/apache/infrastructure-actions/blob/8a059befd17ed98f4942c5cf3a67b7378045b669/approved_patterns.yml).\n* no explicitly declared workflow/job permissions - this is even just _informational_\n* similarly: excessive workflow/job permissions\n* (some) template injections\n\nAs the workflows and actions work with Zizmor\u0027s default severity/confidence, I\u0027d advocate to use its default and not silence a lot." }, { "commit": "1a7b21c54e6464b18ec62c5ef744e424f17bcfff", "tree": "6b9b790dbf4e2646b86e55ae94bf7505b0f1fb9e", "parents": [ "0c730504ee5bbfee6761823e4a914546f35074a9" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Sat Apr 18 03:33:21 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 22:33:21 2026 -0400" }, "message": "Update dependency io.smallrye.config:smallrye-config-core to v3.17.1 (#4239)" }, { "commit": "0c730504ee5bbfee6761823e4a914546f35074a9", "tree": "1af04e527731cf8892a7c31e27a2cf8e723fa30f", "parents": [ "9d4f34f225367410bfa26670fbf25aef6801ac6a" ], "author": { "name": "Adnan Hemani", "email": "adnan.h@berkeley.edu", "time": "Fri Apr 17 18:36:11 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 18:36:11 2026 -0700" }, "message": "Update Generated Helm Docs after First RC (#4095)\n\n* Update Generated Helm Docs after First RC\n\n* create schema\n\n* review from @adutra" }, { "commit": "9d4f34f225367410bfa26670fbf25aef6801ac6a", "tree": "6b2d6f8f9a71e43dc6e8a43a9e1c6c7bbd32e7be", "parents": [ "10d67d76dfa0bcbb4501845797fa1e083e8ab67c" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Fri Apr 17 20:43:07 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 21:43:07 2026 +0200" }, "message": "Update dependency org.keycloak:keycloak-admin-client to v26.0.9 (#4230)" }, { "commit": "10d67d76dfa0bcbb4501845797fa1e083e8ab67c", "tree": "befd060c71fa9ed49109d469b06aaea7f65127d7", "parents": [ "e1bcedfc126f29fe591906502029a74c7ebfbdab" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 17 21:42:10 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 21:42:10 2026 +0200" }, "message": "NoSQL: filter stale grants with deleted grantees from resolved entities (#4231)\n\nThe `allGrantRecords()` method only checked securable existence when filtering stale grants. For directed entries (d/...) the securable is the current entity itself, so deleted grantees were never filtered and leaked into resolved-entity grant sets." }, { "commit": "e1bcedfc126f29fe591906502029a74c7ebfbdab", "tree": "d5ec80033e1f4ecfadf0c9964ac800156187fd4a", "parents": [ "32f7805a4fa5d9f44ae0c69b49dbc5eaa4b3c1ae" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 17 21:40:23 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 21:40:23 2026 +0200" }, "message": "Chore: fix incorrect package name in polaris-core test files (#4235)\n\nSome tests were declared in package `org.apache.polaris.service`. They were moved to package `org.apache.polaris.core`." }, { "commit": "32f7805a4fa5d9f44ae0c69b49dbc5eaa4b3c1ae", "tree": "e9da3751d3e1600c08c5e1ea5eda0cd4ff9d1fe8", "parents": [ "fc52670433588e798cc143eb3a84d2af5cc58632" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 17 18:20:31 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 18:20:31 2026 +0200" }, "message": "Isolate encode/decode logic used in Polaris entities (#4214)\n\nThis change replaces calls to `RESTUtil` in Polaris entity code when serializing or deserializing namespaces stored in internal properties.\n\nIt replaces those calls with calls to a new utility class, `PolarisEntityUtils`. The logic used there for encoding and decoding namespaces is in fact identical to `RESTUtil` as of today, but having our own logic protects Polaris from future behavioral changes in `RESTUtil` that could potentially cause data corruption in Polaris metastores." }, { "commit": "fc52670433588e798cc143eb3a84d2af5cc58632", "tree": "165ced5dfe2bd7b44d088b1e53c835fbd53194ae", "parents": [ "c949236c43475746bf5bcd47f98cb5a8fc7f9c89" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Fri Apr 17 14:43:16 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 15:43:16 2026 +0200" }, "message": "Update docker.io/mongo Docker tag to v8.2.7 (#4229)" }, { "commit": "c949236c43475746bf5bcd47f98cb5a8fc7f9c89", "tree": "8a6d3f32b9f3240ce823c6da48fcb72dfe8894df", "parents": [ "d50caa2cf67ad73a94f6e37b04bc9eec74db070f" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 17 12:06:04 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 12:06:04 2026 +0200" }, "message": "Remove double URL-decoding of table identifiers (#4210)\n\nThis change fixes several double-decode issues when processing table identifiers in Polaris REST APIs.\n\nThe REST framework (Jersey) already ULR-decodes path segments. For example, when a REST resource method such as `org.apache.polaris.service.catalog.api.IcebergRestCatalogApi.loadTable` is invoked, the parameters `namespace` and `table` are already URL-decoded. It is therefore incorrect to further URL-decode table identifiers." }, { "commit": "d50caa2cf67ad73a94f6e37b04bc9eec74db070f", "tree": "97b3100027d2fb1681246fbae24528d1cfeac3d3", "parents": [ "7339ea114ed4353ce195fa643a08cb63f2c3b952" ], "author": { "name": "Michael Collado", "email": "40346148+collado-mike@users.noreply.github.com", "time": "Thu Apr 16 18:41:09 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 18:41:09 2026 -0700" }, "message": "Add MinIO support in regression tests as alternative to AWS S3 (#4162)\n\n* Add MinIO support for regtests as alternative to AWS S3\n\nEnable running regression tests against a local MinIO instance instead of\nreal AWS S3. MinIO serves as an S3-compatible storage backend with STS\ncredential vending support, allowing the full test suite to run without\nAWS credentials.\n\nKey changes:\n- Add MinIO service to docker-compose with health checks\n- Default AWS_ACCESS_KEY_ID/SECRET to minioadmin when unset (MinIO mode)\n- Update snowflake_catalog fixture to configure MinIO endpoint, path-style\n access, and STS via catalog properties (no Polaris source changes)\n- Use kmsUnavailable\u003dtrue since MinIO doesn\u0027t support KMS\n- Add create_s3_client_from_config() helper that reads s3.endpoint from\n the loadTable response config, working for both AWS and MinIO\n- Add minio-setup.sh bootstrap script and mc client to Dockerfile\n- Auto-detect MinIO mode in run.sh when AWS credentials are absent\n- Update skip conditions to run S3 tests when MINIO_TEST_ENABLED\u003dtrue\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n* Clean up MinIO configuration\n\n- Remove redundant MINIO_BUCKET (use AWS_STORAGE_BUCKET instead)\n- Remove MINIO_ACCESS_KEY/SECRET_KEY and polaris.storage.aws.* from\n Polaris service (AWS_ACCESS_KEY_ID/SECRET_ACCESS_KEY suffice)\n- Remove unused fixtures: minio_enabled, minio_endpoint, minio_access_key,\n minio_secret_key, minio_bucket, storage_mode, minio_catalog\n- Restore test_bucket fixture to original form\n- Clear AWS credentials unconditionally in run.sh (both modes use vended\n credentials from the catalog)\n- Fix stray `fi` syntax error in run.sh\n- Fix README: MinIO supports STS, not KMS\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n* Fix README: clarify MinIO KMS limitation\n\nMinIO supports KMS for encryption but its STS policy evaluator rejects\nKMS ARNs in IAM policy resources, so kmsUnavailable\u003dtrue is required.\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n* Implement smart MINIO_TEST_ENABLED defaulting\n\n- Remove unused MINIO_ENABLED env variable from docker-compose\n- Change MINIO_TEST_ENABLED default to empty string in docker-compose\n- Add auto-detection logic in conftest.py:\n * If MINIO_TEST_ENABLED is empty, check for AWS credentials\n * Default to MinIO mode if no AWS credentials present\n * Respect explicit true/false values when specified\n\nThis allows MinIO mode to activate automatically in environments\nwithout AWS credentials, while still allowing users to explicitly\nenable or disable it via environment variable.\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n* Fix auto-detection to check AWS_TEST_ENABLED instead of AWS credentials\n\nThe regtest container doesn\u0027t have AWS_ACCESS_KEY_ID in its\nenvironment (only the polaris container does). Using AWS_TEST_ENABLED\nas the detection signal correctly determines the test mode.\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n* Default AWS_STORAGE_BUCKET to polaris-test-bucket for MinIO mode\n\nIn CI without AWS credentials, AWS_STORAGE_BUCKET is unset, causing\nan empty bucket name error. Default to the MinIO bucket name so tests\nwork out of the box in MinIO mode.\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e" }, { "commit": "7339ea114ed4353ce195fa643a08cb63f2c3b952", "tree": "13f0acf046e23d6882a80545da4053b8afb8adeb", "parents": [ "49e240eb646e1a8b0361e51a32843f08aa0247d5" ], "author": { "name": "Prathyush Shankar", "email": "prathyush2018@gmail.com", "time": "Thu Apr 16 13:51:53 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 10:51:53 2026 -0700" }, "message": "Core: enforce single expiration timestamp per credential bundle (#4173)" }, { "commit": "49e240eb646e1a8b0361e51a32843f08aa0247d5", "tree": "5265b02decf4a691325db2ccc9aca7373882b959", "parents": [ "c6d966d6a701e356284671d81d5ce1af94bf8e7e" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Thu Apr 16 19:51:28 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 19:51:28 2026 +0200" }, "message": "Improve namespace decoding (#4213)\n\nThis change removes calls to Iceberg `RESTUtil.decodeNamespace()` almost entirely, and replaces those with methods that are more suitable for use in Quarkus/Jersey.\n\nThe REST framework (Jersey) already ULR-decodes path segments. For example, when a REST resource method such as `IcebergRestCatalogApi.loadTable` is invoked, the parameters `namespace` and `table` are already URL-decoded.\n\nBut since `RESTUtil.decodeNamespace()` expects *encoded* inputs, we were forced to re-encode the namespace name before passing it to `decodeNamespace()`.\n\nThis change does NOT remove calls to `RESTUtil.decodeNamespace()` in the Polaris entity code – this will be addressed later.\n\nThis change also does NOT change calls to `RESTUtil.encodeNamespace()` – these are problematic but will be addressed later as well." }, { "commit": "c6d966d6a701e356284671d81d5ce1af94bf8e7e", "tree": "3bcb360fc61ffab0c218536405e6ae9e9c5d0cc5", "parents": [ "b9d796c9d17d3cc5c5983b13498a4945f20f0e82" ], "author": { "name": "Vidit Ochani", "email": "vidit.ochani@gmail.com", "time": "Thu Apr 16 04:56:14 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 13:56:14 2026 +0200" }, "message": "Migrate persistence/nosql to JSpecify null annotations (#4130)\n\nReplace `jakarta.annotation.Nullable`/`Nonnull` with JSpecify equivalents (`org.jspecify.annotations.Nullable`/`NonNull`) across the persistence/nosql modules. JSpecify annotations support `TYPE_USE` targeting, enabling null annotations on generic type parameters.\n\nNotable non-mechanical changes:\n- Array annotations use TYPE_USE syntax (byte @Nullable [] instead of @Nullable byte[]) so Immutables correctly treats them as optional fields\n- Inner class type annotations placed on the inner type (Outer.@NonNull Inner) per TYPE_USE rules\n- Removed workaround dual-imports in AllRetained.java and\n AddressResolver.java that previously mixed Jakarta and JSpecify\n\nContributes to #4124" }, { "commit": "b9d796c9d17d3cc5c5983b13498a4945f20f0e82", "tree": "1b312613d08ce9e1645accea68dbbea746bb8109", "parents": [ "a63eec1b5686cd9a1859cc21437da3ebb1c086b3" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Wed Apr 15 22:35:48 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 13:35:48 2026 -0700" }, "message": "CI: Restrict CodeQL to `apache` GitHub org (#4205)" }, { "commit": "a63eec1b5686cd9a1859cc21437da3ebb1c086b3", "tree": "4b88e9987604914aede48765a1b1dc9ee938adaf", "parents": [ "358c9c3592e49c2a38dfa04613eb21296f46f574" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 21:30:39 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 13:30:39 2026 -0700" }, "message": "Update zizmorcore/zizmor-action action to v0.5.3 (#4188)" }, { "commit": "358c9c3592e49c2a38dfa04613eb21296f46f574", "tree": "a512809f99a2299919995632ebdc51dfdc5f8189", "parents": [ "173779f0a7905d64eeea6a8b60ebdb9bbaf94370" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Wed Apr 15 19:48:05 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 19:48:05 2026 +0200" }, "message": "Add a few common AI agents to .gitignore (#4209)\n\nThis PR adds hidden files and folders related to agentic-driven development to .gitignore:\n\n- Generic agents\n- Aider\n- Claude\n- Codex\n- Cursor\n- OpenCode\n- skills.sh\n\nNote: skills-lock.json is actually meant to be committed, but it doesn\u0027t make sense for an Apache project to have this file in version control.\n\nAlso, according to Cursor docs, .cursor/ is meant to be committed as well, which is surprising for a hidden folder. It also doesn\u0027t make sense to have it in version control for this project." }, { "commit": "173779f0a7905d64eeea6a8b60ebdb9bbaf94370", "tree": "5c8b81b61d48091279e5691c09f1da650688cc80", "parents": [ "6a74ecdae7bc26989e4811d6e953d3fcc7b83b20" ], "author": { "name": "fivetran-ashokborra", "email": "124550177+fivetran-ashokborra@users.noreply.github.com", "time": "Wed Apr 15 21:54:59 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 18:24:59 2026 +0200" }, "message": "feat(helm): add termination and lifecycle options (#4198)" }, { "commit": "6a74ecdae7bc26989e4811d6e953d3fcc7b83b20", "tree": "2bab5a78a9d363c10e86340987dbe1fb8c3a6a23", "parents": [ "8fda2fc1b073c249fcf6be0f8a22bc7692dc97fa" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 16:38:47 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 15:38:47 2026 +0000" }, "message": "Update github/codeql-action digest to 95e58e9 (#4208)" }, { "commit": "8fda2fc1b073c249fcf6be0f8a22bc7692dc97fa", "tree": "7a49c9b2bd8e1b58173378aa91e0df599927d640", "parents": [ "9786d16c7f50dfa3bf3c9ba97a5e3a0467ef05df" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 16:06:14 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 11:06:14 2026 -0400" }, "message": "Update dependency com.google.cloud:google-cloud-iamcredentials to v2.91.0 (#4193)" }, { "commit": "9786d16c7f50dfa3bf3c9ba97a5e3a0467ef05df", "tree": "ad5a7dd8c748bdab2a113a30fdac1eb7191b86d2", "parents": [ "3c5200798c183dea143c842938a1ef0fd1465967" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 16:03:04 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 15:03:04 2026 +0000" }, "message": "Update quay.io/keycloak/keycloak Docker tag to v26.6.1 (#4212)" }, { "commit": "3c5200798c183dea143c842938a1ef0fd1465967", "tree": "5a1d931c7206f22bc202bce379185a2e5c9b9cfc", "parents": [ "fedcea225b706813359c2bcdb8b377a6eadc257a" ], "author": { "name": "randomdev2026", "email": "randomdev2026@proton.me", "time": "Wed Apr 15 15:52:08 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 09:52:08 2026 -0400" }, "message": "docs: clarify OPA server endpoint (#4196) (#4204)\n\n* docs: clarify OPA server endpoint (#4196)\n\n* Update opa.md" }, { "commit": "fedcea225b706813359c2bcdb8b377a6eadc257a", "tree": "6a1d542f0cf785271aa107397e9cf5d0585c3a05", "parents": [ "b5efe865678728a4ff9dc5b12f3aba551afdbcfa" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 12:55:10 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 13:55:10 2026 +0200" }, "message": "Update registry.access.redhat.com/ubi9/openjdk-21-runtime Docker tag to v1.24-2.1776048101 (#4207)" }, { "commit": "b5efe865678728a4ff9dc5b12f3aba551afdbcfa", "tree": "d5658b153d6197eddc6a93cde9d78bc6fb311293", "parents": [ "04f761df9b0511584cc7930b4e405e10f0612bb3" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Wed Apr 15 12:55:03 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 12:55:03 2026 +0200" }, "message": "Helm chart: fix incorrect type reported by helm-docs (#4202)" }, { "commit": "04f761df9b0511584cc7930b4e405e10f0612bb3", "tree": "ca3ab6517604531c6ee410ff66966eacb5ceab76", "parents": [ "1fd72ac477dc85f51be0ae534eca7f9dda51dbd5" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Wed Apr 15 07:40:17 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 08:40:17 2026 +0200" }, "message": "Update dependency com.google.cloud:google-cloud-storage-bom to v2.67.0 (#4194)" }, { "commit": "1fd72ac477dc85f51be0ae534eca7f9dda51dbd5", "tree": "4f118f90011cfdafc3ea7610be0ee1d9dc3002d0", "parents": [ "4af55d1e79dd1c5d169a9a3414ada4c450eae355" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Tue Apr 14 23:58:55 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 18:58:55 2026 -0400" }, "message": "Update dependency com.google.guava:guava to v33.6.0-jre (#4203)" }, { "commit": "4af55d1e79dd1c5d169a9a3414ada4c450eae355", "tree": "bdc4d71b67927ca6f31a4a7f6c05ae17cfe1ae8b", "parents": [ "341a6694f7d42b94c7de6afc8ed73b337ebd2d54" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Tue Apr 14 23:56:42 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 15:56:42 2026 -0700" }, "message": "Update crazy-max/ghaction-import-gpg action to v7 (#3920)" }, { "commit": "341a6694f7d42b94c7de6afc8ed73b337ebd2d54", "tree": "e1f47ba810bc338535fe95d7d9c19654b470e4cf", "parents": [ "6e24fb62fd65ceafa6b0623eeb68cc4eedc509a7" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Tue Apr 14 23:56:13 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 15:56:13 2026 -0700" }, "message": "Update azure/setup-helm action to v5 (#4041)" }, { "commit": "6e24fb62fd65ceafa6b0623eeb68cc4eedc509a7", "tree": "ec7fd9c03e0ceb6934a41a53b2139bfae8f573f3", "parents": [ "6e62d1141b0c2fc0ead1b11a84d0e022f9060e6d" ], "author": { "name": "AryanPatel226", "email": "94901339+AryanPatel226@users.noreply.github.com", "time": "Tue Apr 14 20:05:03 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 10:35:03 2026 -0400" }, "message": "Fix: Preserve federated field when creating PrincipalRole (#2966) (#3749)" }, { "commit": "6e62d1141b0c2fc0ead1b11a84d0e022f9060e6d", "tree": "8924b46caf65a1cbe33bb5971a055e00deea162a", "parents": [ "0272f42fb3a5f6a542d9317c6c06c3b5e0dc8195" ], "author": { "name": "Sung Yun", "email": "107272191+sungwy@users.noreply.github.com", "time": "Tue Apr 14 10:26:54 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 10:26:54 2026 -0400" }, "message": "chore: Less descriptive OPA Exception message (#4197)\n\nAs pointed out in https://github.com/apache/polaris/pull/3999#discussion_r3077112696 `ForbiddenException` is propagated to Polaris response through the `IcebergExceptionMapper`. It would best to remove information about Polaris internals from the exception message sent back to the Polaris user." }, { "commit": "0272f42fb3a5f6a542d9317c6c06c3b5e0dc8195", "tree": "45227ed0de5c40f0b6d507ac7093481f97830501", "parents": [ "674bf4a1a029a45113431c2912f73f8ff0a380f0" ], "author": { "name": "Sung Yun", "email": "107272191+sungwy@users.noreply.github.com", "time": "Tue Apr 14 09:18:43 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 09:18:43 2026 -0400" }, "message": "core: implement new authorize SPI in `PolarisAuthorizerImpl` and `OpaPolarisAuthorizer` (#3999)\n\n* implement new authorize SPI\n\n* clarify RBAC semantic on prepending root\n\n* merge new PolarisSecurable changes\n\n* preserve root handling behavior in legacy OPA API\n\n* beautification and comments\n\n* lint\n\n* update null and empty validation of AuthorizationTargetBinding in AuthorizationRequest to support LIST_CATALOGS and ADD_ROOT_GRANT_TO_PRINCIPAL_ROLE like operations\n\n* update tests\n\n* fix\n\n* fix nit\n\n* comment - thanks alex\n\nCo-authored-by: Alexandre Dutra \u003cadutra@apache.org\u003e\n\n* nits - thanks Alex and Dmitri\n\n* adopt nits - thanks Yufei\n\n---------\n\nCo-authored-by: Alexandre Dutra \u003cadutra@apache.org\u003e" }, { "commit": "674bf4a1a029a45113431c2912f73f8ff0a380f0", "tree": "786c4de6d457d02c645b6d8ee602a423ad808cd5", "parents": [ "4feb1100e9c070cc2363c3747210336fa736aad2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 23:40:26 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 23:40:26 2026 -0500" }, "message": "chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /client/python (#4195)\n\nBumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3.\n- [Release notes](https://github.com/pytest-dev/pytest/releases)\n- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)\n- [Commits](https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3)\n\n---\nupdated-dependencies:\n- dependency-name: pytest\n dependency-version: 9.0.3\n dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "4feb1100e9c070cc2363c3747210336fa736aad2", "tree": "3461c8d54ba5ec46a00b07599a1de94f9ca60935", "parents": [ "0b8699f838ad071b5b5bcc8f7e412580e8e48b46" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Tue Apr 14 05:39:33 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 23:39:33 2026 -0500" }, "message": "Update dependency pytest to v9.0.3 [SECURITY] (#4192)" }, { "commit": "0b8699f838ad071b5b5bcc8f7e412580e8e48b46", "tree": "b0065d8bc6ea9e05eebf671941e7013a340d7c20", "parents": [ "cec9e516758267a69c536c9ba7b17d46f4a8cd45" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Mon Apr 13 21:38:28 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 21:38:28 2026 -0500" }, "message": "Fix setup command default issue (#4172)\n\n* Fix setup command default issue\n\n* Fix accidently removal of empty default for allowed_locations" }, { "commit": "cec9e516758267a69c536c9ba7b17d46f4a8cd45", "tree": "896085f40ecb9773c1fcc9f25b12d94f1e1c0ddd", "parents": [ "2314f0d516e0ebcfd6b0a0dd3a2ef74fa402f364" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Mon Apr 13 21:37:51 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 21:37:51 2026 -0500" }, "message": "Fix 4137 where s3mock update from 4.12.x to 5.0.0 failed (#4181)" }, { "commit": "2314f0d516e0ebcfd6b0a0dd3a2ef74fa402f364", "tree": "9a71e888b6d940af51315a30750f52eff7e83150", "parents": [ "4eb9e846f52aa995ff26428f44f66fbf1c78640c" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 23:08:01 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 22:08:01 2026 +0000" }, "message": "Update dependency io.smallrye.config:smallrye-config-core to v3.17.0 (#4187)" }, { "commit": "4eb9e846f52aa995ff26428f44f66fbf1c78640c", "tree": "c5080920f8a98efdd8accfb53c918d294a18c607", "parents": [ "4ae774b1e848b14ede891eac432da62333899c2a" ], "author": { "name": "JB Onofré", "email": "jbonofre@apache.org", "time": "Mon Apr 13 20:34:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 11:34:27 2026 -0700" }, "message": "Spark: Fix LICENSE/NOTICE files in the spark plugin bundle jar (#4182)" }, { "commit": "4ae774b1e848b14ede891eac432da62333899c2a", "tree": "c77e05bd9208e011bf81c03eabd239ed81b46cd6", "parents": [ "648c8eea116dc14c53ce099d331cc1496b5e2735" ], "author": { "name": "Prathyush Shankar", "email": "prathyush2018@gmail.com", "time": "Mon Apr 13 13:55:53 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:55:53 2026 -0400" }, "message": "fix: pass signing region to STS client (#4161)\n\n* Pass signing region to StsDestination in SigV4ConnectionCredentialVendor\n\nSigV4ConnectionCredentialVendor was passing null for region when creating\nthe StsDestination, causing STS to use the AWS SDK default region instead\nof the customer-specified signing region. This could cause failures when\nthe customer\u0027s IAM role is in a different region." }, { "commit": "648c8eea116dc14c53ce099d331cc1496b5e2735", "tree": "69d13119f425e1ef8c917a27ed9e4bca02be304e", "parents": [ "6a07ccff79f457c46113bde5f3e699b989664481" ], "author": { "name": "Subham", "email": "subhamsangwan26@gmail.com", "time": "Mon Apr 13 22:50:12 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:20:12 2026 -0400" }, "message": "Fix nosql namespace / table name clash (#4148)" }, { "commit": "6a07ccff79f457c46113bde5f3e699b989664481", "tree": "650c6844af895ddd09a179caf3b381bedcda94c9", "parents": [ "e53804afeb645425751691e4ff21e21e24d6ec3d" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 15:44:53 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 14:44:53 2026 +0000" }, "message": "Update dependency io.micrometer:micrometer-bom to v1.16.5 (#4185)" }, { "commit": "e53804afeb645425751691e4ff21e21e24d6ec3d", "tree": "c3cf99d8ef1cdc413be1a25a310bfcb42632fabf", "parents": [ "33fdfe4093f29d304fa5efaa048d8632d58d0eb8" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 15:19:09 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 14:19:09 2026 +0000" }, "message": "Update dependency pydantic to \u003e\u003d2.13.0,\u003c2.14.0 (#4184)" }, { "commit": "33fdfe4093f29d304fa5efaa048d8632d58d0eb8", "tree": "ad7e59bfa3658d0a8f077c980054a089a61c6cbc", "parents": [ "a959607ab384a3f6d59817dd254380eced39708d" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 15:18:09 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 14:18:09 2026 +0000" }, "message": "Update docker.io/prom/prometheus Docker tag to v3.11.2 (#4183)" }, { "commit": "a959607ab384a3f6d59817dd254380eced39708d", "tree": "09f8e2e3d6f9c62bde8df72f0998c309d94484f0", "parents": [ "b45d81978a5c34985de80259312bf92092970d19" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Mon Apr 13 15:53:39 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 15:53:39 2026 +0200" }, "message": "Release management: improve releaseEmailTemplate task (#4163)\n\nThe `releaseEmailTemplate` Gradle task wrote vote email files into `build/distributions/`, which were then copied to the Apache dist dev SVN repository by the release workflow. The cleanup `rm` command never worked due to shell quoting preventing glob/brace expansion.\n\nThis change moves the email template output to `build/email-templates/` so it is never swept up by the bulk cp of distribution artifacts.\n\nIt also harmonizes the vote email template across the Gradle task, the release workflow, and the manual release guide." }, { "commit": "b45d81978a5c34985de80259312bf92092970d19", "tree": "6a349e30ca753246872f46d9c02582712ecdf3b7", "parents": [ "74ca5d5f2b02d95bb2175cf36cf7d51dce249bb5" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 08:41:12 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 07:41:12 2026 +0000" }, "message": "Update dependency com.google.cloud:google-cloud-storage-bom to v2.66.0 (#4177)" }, { "commit": "74ca5d5f2b02d95bb2175cf36cf7d51dce249bb5", "tree": "3f8cab40f813be0d4b5fb96c4e31b993ec5b702a", "parents": [ "0ed4cf8a8386106db39125f9541936c7020d2b52" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 08:14:55 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 09:14:55 2026 +0200" }, "message": "Update dependency com.google.cloud:google-cloud-iamcredentials to v2.90.0 (#4176)" }, { "commit": "0ed4cf8a8386106db39125f9541936c7020d2b52", "tree": "ed1097844e17b2049a7c86e5b0955e7e930d5463", "parents": [ "23e13786c5dd5c29e687c4aabaadc46de157159c" ], "author": { "name": "JB Onofré", "email": "jbonofre@apache.org", "time": "Mon Apr 13 06:48:12 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 21:48:12 2026 -0700" }, "message": "Site: Update Slack invite link with no expiration (#4088)" }, { "commit": "23e13786c5dd5c29e687c4aabaadc46de157159c", "tree": "c1527fec6c1bf2ceaac0d2e9cce946c4cbe39a8e", "parents": [ "d776649d83aa74ea71fa6c0d649fcf02ceaea7cb" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 05:15:57 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 23:15:57 2026 -0500" }, "message": "Update dependency mypy to \u003e\u003d1.20, \u003c\u003d1.20.1 (#4179)" }, { "commit": "d776649d83aa74ea71fa6c0d649fcf02ceaea7cb", "tree": "6be86dc437ee7c998f781866b16a1c1d940b08a6", "parents": [ "75de459fd63ba3b4299c4dc85a555da99e3e0d97" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 04:38:18 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 22:38:18 2026 -0500" }, "message": "Update dependency software.amazon.awssdk:bom to v2.42.33 (#4175)" }, { "commit": "75de459fd63ba3b4299c4dc85a555da99e3e0d97", "tree": "f80995af8ed35defdd3dbe7107c2e081a3faa574", "parents": [ "566b748caa04a7ded7d8396341280d25c406fa8e" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Mon Apr 13 03:16:26 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 21:16:26 2026 -0500" }, "message": "Update amazon/aws-cli Docker tag to v2.34.29 (#4174)" }, { "commit": "566b748caa04a7ded7d8396341280d25c406fa8e", "tree": "059ffb9827269d19be4aab22a95c2c71b0845370", "parents": [ "27cd0ebd4d7ef6a005b59127169bc9cdb4e8d60e" ], "author": { "name": "Yong Zheng", "email": "yongzheng0809@gmail.com", "time": "Sun Apr 12 00:34:02 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 00:34:02 2026 -0500" }, "message": "CLI: refactor CLI unit tests (#4169)" }, { "commit": "27cd0ebd4d7ef6a005b59127169bc9cdb4e8d60e", "tree": "ad601ee578716e7d6cae3ae0f699ddf096fe9e4b", "parents": [ "a95e16418aa58580eb569d0c2bfb3ae34ce75cf0" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Sun Apr 12 06:26:27 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 12 07:26:27 2026 +0200" }, "message": "Update actions/upload-artifact digest to 043fb46 (#4171)" }, { "commit": "a95e16418aa58580eb569d0c2bfb3ae34ce75cf0", "tree": "762e35af2010b1354eee69771e99f0d08b5afbe5", "parents": [ "95e0d62544064cb892cef5c4e7ef67465a853d2f" ], "author": { "name": "Prathyush Shankar", "email": "prathyush2018@gmail.com", "time": "Sat Apr 11 16:22:56 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 11 13:22:56 2026 -0700" }, "message": "docs: clarify remove_orphan_files with vended credentials (#4170)" }, { "commit": "95e0d62544064cb892cef5c4e7ef67465a853d2f", "tree": "bc5d27c70c4476d556cd7cc0e4dbed89e3e960d6", "parents": [ "eb9d51b1f5f05eea3948d6bb8dd263d77f5becbf" ], "author": { "name": "andrii.k", "email": "andriikrymus@gmail.com", "time": "Fri Apr 10 22:45:30 2026 +0300" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 19:45:30 2026 +0000" }, "message": "feat(helm): add envFrom (#4153)\n\n* feat(helm): add envFrom + tests" }, { "commit": "eb9d51b1f5f05eea3948d6bb8dd263d77f5becbf", "tree": "246f24960d0fb2dbbb1e9a393c23f98360665967", "parents": [ "23360a08232991f9532d11f7a820fe88a01cf302" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 17:59:00 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 17:59:00 2026 +0200" }, "message": "Docs generator: do not print all enum constants for all enums (#4156)\n\nFor enums with more than 3 constants, we are now printing just the first 3, in order to avoid messing up the HTML table rendering. The full list of names is still viewable through an HTML tooltip.\n\nThe format also now includes the token `enum` before the list of enum names, for clarity." }, { "commit": "23360a08232991f9532d11f7a820fe88a01cf302", "tree": "cd0125c69c75861be3dcbec95b7ab1de2d19e70f", "parents": [ "618edaec5b4c35663de8ce5ad0d97b9d16c52bd0" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 17:57:44 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 17:57:44 2026 +0200" }, "message": "Build: replace deprecated Task.getProject() usage at execution time (#4164)\n\nAvoid invoking `Task.getProject()` at execution time, which is deprecated in Gradle 9 and will fail in Gradle 10." }, { "commit": "618edaec5b4c35663de8ce5ad0d97b9d16c52bd0", "tree": "8a76bb4faa7a975516cbd0bed1d95a23ce79f82e", "parents": [ "25fe597758e1c249b661b0a5e50d8f8b1d829cad" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 17:57:12 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 17:57:12 2026 +0200" }, "message": "List free-disk-space action as code from Project Nessie (#4166)\n\nThis action was copied from Nessie, but not verbatim. Since it bears the mention `Copyright (C) 2020 Dremio`, I added the `CODE_COPIED_TO_POLARIS` label and included it in Polaris `LICENSE`." }, { "commit": "25fe597758e1c249b661b0a5e50d8f8b1d829cad", "tree": "7b488074f75cbf31a2a83ee563b09067289e67dd", "parents": [ "abf68f5c6ef00446b28e6c396e126367e121dabe" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 17:56:44 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 17:56:44 2026 +0200" }, "message": "nit: avoid symlinks in LICENSE (#4165)" }, { "commit": "abf68f5c6ef00446b28e6c396e126367e121dabe", "tree": "7e19b295fc4aaa19017a0eb3e2cbdab89df3637d", "parents": [ "2f4a3f792ffa00074ad90a404a9117e6a5408050" ], "author": { "name": "CG", "email": "cgpoh@users.noreply.github.com", "time": "Fri Apr 10 22:29:29 2026 +0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 10:29:29 2026 -0400" }, "message": "Blog: add building a local data lakehouse with k3d, Apache Ozone, Apache Polaris and Trino (#4123)" }, { "commit": "2f4a3f792ffa00074ad90a404a9117e6a5408050", "tree": "d7b592f34c58d9106554c6321a9e88cf0535233b", "parents": [ "a1b319219f16da99fbf713fcba92bba45425e285" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 14:28:39 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 14:28:39 2026 +0200" }, "message": "Fix license normalizer bugs and add CDDL 1.1 support (#4144)\n\nThis PR fixes several bugs in `normalizer-bundle.json`:\n\n- \"CDDL License\" was incorrectly mapped to CC0 (Creative Commons Zero)\n- JBoss CC0 URL was incorrectly mapped to CDDL 1.0\n- Two EPL rules had swapped 1.0/2.0 bundle names\n- Glassfish CDDL+GPL URLs were mapped to `gpl2ce` (with broken regex); they were remapped to the appropriate CDDL bundle instead.\n\nIt also adds CDDL 1.1 as a distinct license bundle with transformation rules, and adds it to the allowed licenses list.\n\nFinally, it creates one dependency filter: `NoticeFileLicenseFilter`, which removes license detections from NOTICE files (these were being incorrectly added to the dependency licenses)." }, { "commit": "a1b319219f16da99fbf713fcba92bba45425e285", "tree": "5e1c9435bfcf12278f1a8c50f7e54920a29f65c4", "parents": [ "d2e7da12000adb75fdcf40d1b0329754a68dab0b" ], "author": { "name": "Alexandre Dutra", "email": "adutra@apache.org", "time": "Fri Apr 10 14:27:50 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 14:27:50 2026 +0200" }, "message": "Releasey: fix missing index.yaml in dist/dev Helm repo (#4154)\n\nThis PR fixes a missing index.yaml file in the `dist/dev` Helm chart repository when using the automated release process.\n\nThe release-3 workflow currently performs the following steps:\n\n1. Copies the generated `index.yaml` into the SVN working copy\n2. Copies `artifacthub-repo.yml` into the SVN working copy\n3. Runs `svn add` for `artifacthub-repo.yml`\n4. Runs `svn commit`\n\nBut it never runs `svn add` for `index.yaml`. This worked before because `index.yaml` was already tracked by SVN.\n\nBut now, when the release-4 workflow runs `svn mv` to move `index.yaml` from `dist/dev` to `dist/release`, the file is no longer tracked in `dist/dev`. The next release-3 workflow run copies a new `index.yaml` into the working directory, but since it\u0027s untracked, `svn commit` silently ignores it." }, { "commit": "d2e7da12000adb75fdcf40d1b0329754a68dab0b", "tree": "badbad45b87526050197cd854e2262bf1d93a179", "parents": [ "e63bf246389bfabf6c1fb6ef4a7d3a01a502f534" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Fri Apr 10 10:20:27 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 11:20:27 2026 +0200" }, "message": "Update dependency com.google.errorprone:error_prone_core to v2.49.0 (#4131)" }, { "commit": "e63bf246389bfabf6c1fb6ef4a7d3a01a502f534", "tree": "a50dd2a867a380802382631511696fe61dc4c86c", "parents": [ "bcb60c6d5d17ee8e1ab7a5b1f29a8e562af023dd" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Fri Apr 10 09:52:19 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 10:52:19 2026 +0200" }, "message": "Update plugin com.gradle.common-custom-user-data-gradle-plugin to v2.6.0 (#4157)" }, { "commit": "bcb60c6d5d17ee8e1ab7a5b1f29a8e562af023dd", "tree": "e2becadfee59c67b363eb78d1b3c8a9ffe2eb090", "parents": [ "f7c4d43e3ed77fbd3a2fe2ebe0b6a329a96a3181" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Fri Apr 10 10:50:48 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 10:50:48 2026 +0200" }, "message": "Include pom.xml in jars when building with -PjarWithGitInfo (#4138)\n\nThe release verification script (`tools/verify-release/verify-release.sh`) builds Polaris locally with `-PjarWithGitInfo` and then compares the locally built artifacts against the staged release artifacts. The staged release artifacts include `pom.xml` inside each jar (under `META-INF/maven/`), because those are built with `-Prelease`. The local verification build uses `-PjarWithGitInfo` instead, which did not trigger `pom.xml` inclusion, causing the jars to differ and the reproducibility check to fail.\n\nAlso reformats a comment." }, { "commit": "f7c4d43e3ed77fbd3a2fe2ebe0b6a329a96a3181", "tree": "e13950153d1d5c05a0b0f06d0616b1857ba9c64d", "parents": [ "fbf738098fd22b940b1ad8e384b9a406b79089b0" ], "author": { "name": "Robert Stupp", "email": "snazy@snazy.de", "time": "Fri Apr 10 10:50:23 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 10:50:23 2026 +0200" }, "message": "PolarisConfigurationStoreTest: minor fixes for error-prone update (#4152)\n\nThe `// noinspection ...` comment isn\u0027t standard and not recognized by error-prone, fixed by using `@SuppressWarnings`.\n\nError-prone also complains about the Javadoc comment at L52, because it can never make it into a generated javadoc (anonymous inner class), so it\u0027s converted to an inline block comment.\n\nThis PR unblocks #4131" }, { "commit": "fbf738098fd22b940b1ad8e384b9a406b79089b0", "tree": "dabce4902eb07050899541b482db4d61d6c234e4", "parents": [ "ee05b8f38c2ffdd7a670953c9f1c4fe0740da7cb" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Thu Apr 09 17:27:27 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 16:27:27 2026 +0000" }, "message": "Update dependency io.smallrye.common:smallrye-common-annotation to v2.17.1 (#4155)" }, { "commit": "ee05b8f38c2ffdd7a670953c9f1c4fe0740da7cb", "tree": "91f889a749498621a7dd7a41189588acb87bbdfd", "parents": [ "84e1d4a1ac903e4b22a96f4180b60a30db92d480" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Thu Apr 09 11:54:57 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 12:54:57 2026 +0200" }, "message": "Update registry.access.redhat.com/ubi9/openjdk-21-runtime Docker tag to v1.24-2.1775561370 (#4149)" }, { "commit": "84e1d4a1ac903e4b22a96f4180b60a30db92d480", "tree": "1f622f77f9c4fda0974bdf6eb8aebc6ea9bace11", "parents": [ "1080e5653aabe489e6832debb31c77121b8fc1f9" ], "author": { "name": "Mend Renovate", "email": "bot@renovateapp.com", "time": "Thu Apr 09 11:54:45 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 12:54:45 2026 +0200" }, "message": "Update cockroachdb/cockroach Docker tag to v26.1.2 (#4147)" } ], "next": "1080e5653aabe489e6832debb31c77121b8fc1f9" }