mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
0d63bc4a4110396d59becb8231c165d27f70f53a
100
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
0d63bc4a41 |
build(deps): bump github/codeql-action from 3.29.10 to 3.29.11 (#4271)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.10 to 3.29.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.11</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.11/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/3c3833e0f8c1c83d449a7478aa59c036a9165498"><code>3c3833e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3052">#3052</a> from github/update-v3.29.11-14148a433</li> <li><a href="https://github.com/github/codeql-action/commit/8c4bfbd99ba6ef652eca12461ad7618142e00679"><code>8c4bfbd</code></a> Update changelog for v3.29.11</li> <li><a href="https://github.com/github/codeql-action/commit/14148a433d789d9b6c7dadb56d8e3f8ad1e59605"><code>14148a4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3044">#3044</a> from github/update-bundle/codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/71b2cb38a1e682cb9b2453a5f1400eef870a37df"><code>71b2cb3</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/2bf78254cceec27aab20b1623ba68c63c6eb85c6"><code>2bf7825</code></a> Update default bundle to codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/db69a5182d331d562e511302ae3c9aafd5fada6c"><code>db69a51</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3049">#3049</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/a68d47bfa574c69f3de7d6484cf28a9c55ff7287"><code>a68d47b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3050">#3050</a> from github/henrymercer/init-not-called-config-error</li> <li><a href="https://github.com/github/codeql-action/commit/e496ff959372e828f30b1518fd22cb76170cf5db"><code>e496ff9</code></a> Make "init not called" a configuration error</li> <li><a href="https://github.com/github/codeql-action/commit/fd2ea72d34cdf8157d85d93decf87671705166a3"><code>fd2ea72</code></a> Update supported GitHub Enterprise Server versions</li> <li><a href="https://github.com/github/codeql-action/commit/6dee5bc9c165ca206a70f4e3d18271971cf6ff26"><code>6dee5bc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3045">#3045</a> from github/dependabot/npm_and_yarn/npm-5b4171dd16</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/96f518a34f7a870018057716cc4d7a5c014bd61c...3c3833e0f8c1c83d449a7478aa59c036a9165498">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ae53492751 |
build(deps): bump org.springframework.boot from 3.5.4 to 3.5.5 (#4272)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.4 to 3.5.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46909">#46909</a></li> <li>Performance critical tracing code has high overhead due to the use of the Stream API <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46844">#46844</a></li> <li>SpringLiquibaseCustomizer is exposed outside its defined visibility scope <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46758">#46758</a></li> <li>Race condition in OutputCapture can result in stale data <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46721">#46721</a></li> <li>Auto-configured WebClient no longer uses context's ReactorResourceFactory <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46673">#46673</a></li> <li>Default value not detected for a field annoted with <code>@Name</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46666">#46666</a></li> <li>Missing metadata when using <code>@Name</code> with a constructor-bound property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46663">#46663</a></li> <li>Missing property for Spring Authorization Server's PAR endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46641">#46641</a></li> <li>Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46636">#46636</a></li> <li>Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46634">#46634</a></li> <li>Auto-configured MockMvc ignores <code>@FilterRegistration</code> annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46605">#46605</a></li> <li>Failure to discover default value for a primitive should not lead to document its default value <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46561">#46561</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Kotlin samples for configuration metadata are in the wrong package <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46857">#46857</a></li> <li>Observability examples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46798">#46798</a></li> <li>Align method descriptions for SslOptions getCiphers and getEnabledProtocols with <code>@returns</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46769">#46769</a></li> <li>Tracing samples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46767">#46767</a></li> <li>Improve Virtual Threads section to mention the changes in Java 24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46610">#46610</a></li> <li>spring.test.webtestclient.timeout is not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46588">#46588</a></li> <li>spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46585">#46585</a></li> <li>Adapt deprecation level for management.health.influxdb.enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46580">#46580</a></li> <li>spring.test.mockmvc properties are not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46578">#46578</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Angus Mail 2.0.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46725">#46725</a></li> <li>Upgrade to AssertJ 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46726">#46726</a></li> <li>Upgrade to Byte Buddy 1.17.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46883">#46883</a></li> <li>Upgrade to Couchbase Client 3.8.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46794">#46794</a></li> <li>Upgrade to Elasticsearch Client 8.18.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46830">#46830</a></li> <li>Upgrade to Hibernate 6.6.26.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46884">#46884</a></li> <li>Upgrade to Hibernate Validator 8.0.3.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46728">#46728</a></li> <li>Upgrade to HikariCP 6.3.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46729">#46729</a></li> <li>Upgrade to Jersey 3.1.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46730">#46730</a></li> <li>Upgrade to Jetty 12.0.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46831">#46831</a></li> <li>Upgrade to Jetty Reactive HTTPClient 4.0.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46885">#46885</a></li> <li>Upgrade to jOOQ 3.19.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46808">#46808</a></li> <li>Upgrade to MariaDB 3.5.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46779">#46779</a></li> <li>Upgrade to Maven Javadoc Plugin 3.11.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46886">#46886</a></li> <li>Upgrade to Micrometer 1.15.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46701">#46701</a></li> <li>Upgrade to Micrometer Tracing 1.5.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46702">#46702</a></li> <li>Upgrade to MySQL 9.4.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46732">#46732</a></li> <li>Upgrade to Netty 4.1.124.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46832">#46832</a></li> <li>Upgrade to Pulsar 4.0.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46733">#46733</a></li> <li>Upgrade to Reactor Bom 2024.0.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46703">#46703</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/3537d255b579018851951da08262cd0178e40c66"><code>3537d25</code></a> Release v3.5.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a22e28e9e00eca994b8e412a420110da5b58b64a"><code>a22e28e</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4cb8c8a1b9670497046655393ab2a0f535e8442d"><code>4cb8c8a</code></a> Next development version (v3.4.10-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9d205e21c4c007b317cc3c65bf8dcad543e61c81"><code>9d205e2</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/47b06322d3df72d886d838a090f506a6ba281892"><code>47b0632</code></a> Merge pull request <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46927">#46927</a> from izeye</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8b7145802503dc00720e24db67144e568648c96f"><code>8b71458</code></a> Adapt checkstyle rules for 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/fb99badf16072b3e49aca422abe8e5be184b1af8"><code>fb99bad</code></a> Remove redundant suppressions from Checkstyle configuration</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8af836a428e65b8032483d5d8159099684054cd0"><code>8af836a</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ae6c6a5ed4652134c8f35fb8ca9a3d0149a207c2"><code>ae6c6a5</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b6bae9f59b38a2dc8234d2766b062a5986410a37"><code>b6bae9f</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.4...v3.5.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d89917e88 |
build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.9 to 2.8.11 (#4273)
Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.9 to 2.8.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>springdoc-openapi v2.8.11 released!</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3065">#3065</a> - javadoc and overall performance optimization</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.5</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3064">#3064</a> -ClassNotFoundException: kotlin.reflect.full.KClasses</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/rayuuuu"><code>@rayuuuu</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3065">springdoc/springdoc-openapi#3065</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.10...v2.8.11">https://github.com/springdoc/springdoc-openapi/compare/v2.8.10...v2.8.11</a></p> <h2>springdoc-openapi v2.8.10 released!</h2> <h2>What's Changed</h2> <ul> <li>Fix unexpected merging of media types by <a href="https://github.com/Mattias-Sehlstedt"><code>@Mattias-Sehlstedt</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3026">springdoc/springdoc-openapi#3026</a></li> <li>Fixed "desciption" typo by <a href="https://github.com/lc-nyovchev"><code>@lc-nyovchev</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3036">springdoc/springdoc-openapi#3036</a></li> <li>Fix: Property resolution for extensions within <code>@OpenAPIDefinition</code> Info object by <a href="https://github.com/limehee"><code>@limehee</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3039">springdoc/springdoc-openapi#3039</a></li> <li>Support externalDocs configure on SpecPropertiesCustomizer by <a href="https://github.com/huisam"><code>@huisam</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3042">springdoc/springdoc-openapi#3042</a></li> <li>Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest by <a href="https://github.com/thijsnissen"><code>@thijsnissen</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3060">springdoc/springdoc-openapi#3060</a></li> <li>Fixes so that a RequestPart with a Map is added to the RequestBody by <a href="https://github.com/Mattias-Sehlstedt"><code>@Mattias-Sehlstedt</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3051">springdoc/springdoc-openapi#3051</a></li> <li>Refactor webhook discovery and scanning mechanism by <a href="https://github.com/zdary"><code>@zdary</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3057">springdoc/springdoc-openapi#3057</a></li> </ul> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3046">#3046</a> - Feature Request: Support <a href="https://github.com/jakarta"><code>@jakarta</code></a>.annotation.Nonnull.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3042">#3042</a> - Support externalDocs configure on SpecPropertiesCustomizer</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3057">#3057</a> - Refactor webhook discovery and scanning mechanism</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.4</li> <li>Upgrade swagger-ui to v5.27.1</li> <li>Upgrade swagger-core to 2.2.36</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3050">#3050</a> - <a href="https://github.com/RequestPart"><code>@RequestPart</code></a> JSON parameters missing Content-Type in generated curl commands, causing 415 errors.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2978">#2978</a> - Parameter is no longer optional after upgrade to 2.8.8</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3022">#3022</a> - NullPointerException thrown in SchemaUtils.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3026">#3026</a> - Fix unexpected merging of media types</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3036">#3036</a> - Fixed "desciption"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3039">#3039</a> - Fix: Property resolution for extensions within <a href="https://github.com/OpenAPIDefinition"><code>@OpenAPIDefinition</code></a> Info object</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3051">#3051</a> - Fixes so that a RequestPart with a Map is added to the RequestBody</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3060">#3060</a> - Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.11] - 2025-08-23</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3065">#3065</a> - javadoc and overall performance optimization</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.5</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3064">#3064</a> -ClassNotFoundException: kotlin.reflect.full.KClasses</li> </ul> <h2>[2.8.10] - 2025-08-20</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3046">#3046</a> - Feature Request: Support <a href="https://github.com/jakarta"><code>@jakarta</code></a>.annotation.Nonnull.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3042">#3042</a> - Support externalDocs configure on SpecPropertiesCustomizer</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3057">#3057</a> - Refactor webhook discovery and scanning mechanism</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.4</li> <li>Upgrade swagger-ui to v5.27.1</li> <li>Upgrade swagger-core to 2.2.36</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3050">#3050</a> - <a href="https://github.com/RequestPart"><code>@RequestPart</code></a> JSON parameters missing Content-Type in generated curl commands, causing 415 errors.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2978">#2978</a> - Parameter is no longer optional after upgrade to 2.8.8</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3022">#3022</a> - NullPointerException thrown in SchemaUtils.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3026">#3026</a> - Fix unexpected merging of media types</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3036">#3036</a> - Fixed "desciption"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3039">#3039</a> - Fix: Property resolution for extensions within <a href="https://github.com/OpenAPIDefinition"><code>@OpenAPIDefinition</code></a> Info object</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3051">#3051</a> - Fixes so that a RequestPart with a Map is added to the RequestBody</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3060">#3060</a> - Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/1cf8e58c4dd635520e377bea82be8821df8013ac"><code>1cf8e58</code></a> [maven-release-plugin] prepare release v2.8.11</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/9d811218ebce2c772a1964634485c579ab9f3622"><code>9d81121</code></a> CHANGELOG.md update</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/00d8525df43e5ecddcc81214aa013b42c62b8480"><code>00d8525</code></a> performance tunning</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/fba01145d3fdb6d0a9d5105d3bdaf743fdea146d"><code>fba0114</code></a> upgrade to spring-boot 3.5.5</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/957b4a91644f4148ed17a276780b3f5d3376d287"><code>957b4a9</code></a> Merge branch 'rayuuuu-main'</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/5823621fe367c7531d565401b609a2202dd2aeb4"><code>5823621</code></a> Merge branch 'main' of <a href="https://github.com/rayuuuu/springdoc-openapi">https://github.com/rayuuuu/springdoc-openapi</a> into rayu...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/133b4c335849473135d43fa9c922a5439e6bcd36"><code>133b4c3</code></a> java.lang.ClassNotFoundException: kotlin.reflect.full.KClasses when upgrade f...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/7be993e5b8c2f3c988c4cdec621ad7123f60aaf1"><code>7be993e</code></a> feat: javadoc performance optimization</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/e1b9f7114a0660c7f9af6bd16bbe55efbe846194"><code>e1b9f71</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/2a59f95ff06b90023424e1021f6c8f09c87b21f5"><code>2a59f95</code></a> [maven-release-plugin] prepare release v2.8.10</li> <li>Additional commits viewable in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.9...v2.8.11">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
246a59a794 |
build(deps): bump github/codeql-action from 3.29.8 to 3.29.10 (#4231)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.8 to 3.29.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/96f518a34f7a870018057716cc4d7a5c014bd61c"><code>96f518a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3042">#3042</a> from github/update-v3.29.10-6ec994ecb</li> <li><a href="https://github.com/github/codeql-action/commit/57a1c6b3e7be038f5eeeeb5323255e363f4b0100"><code>57a1c6b</code></a> Update changelog for v3.29.10</li> <li><a href="https://github.com/github/codeql-action/commit/6ec994ecba29cf3cf0724e281b919d68714895ce"><code>6ec994e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3039">#3039</a> from github/mbg/remove-cpp-bmn-check</li> <li><a href="https://github.com/github/codeql-action/commit/3f00c7c1e1cf5d62a6dcd81509929718baa53e5f"><code>3f00c7c</code></a> Remove unused C++ BMN FF</li> <li><a href="https://github.com/github/codeql-action/commit/141ee4abd8937999bf5108d222dd9f553490f3a8"><code>141ee4a</code></a> Remove C++ BMN FF check that is no longer used</li> <li><a href="https://github.com/github/codeql-action/commit/233052189b8c862bfaf875fb02c115f54d2b9286"><code>2330521</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3037">#3037</a> from github/henrymercer/failed-upload-logs</li> <li><a href="https://github.com/github/codeql-action/commit/3966569d06c954a63fdb79944f148b2f8b4ceed8"><code>3966569</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3035">#3035</a> from github/henrymercer/fix-cleanup-info</li> <li><a href="https://github.com/github/codeql-action/commit/f7bd70c7faab9b863a52c058f145ec121b391925"><code>f7bd70c</code></a> Merge branch 'main' into henrymercer/failed-upload-logs</li> <li><a href="https://github.com/github/codeql-action/commit/75151c27826716b79222a4d1ddac714dc37eff65"><code>75151c2</code></a> Merge branch 'main' into henrymercer/fix-cleanup-info</li> <li><a href="https://github.com/github/codeql-action/commit/4ff91f10807d53419e564e2484e7045e207584b9"><code>4ff91f1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3036">#3036</a> from github/mbg/ci/gradle9</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...96f518a34f7a870018057716cc4d7a5c014bd61c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
12d4e26aa3 |
build(deps): bump jwtVersion from 0.12.6 to 0.12.7 (#4229)
Bumps `jwtVersion` from 0.12.6 to 0.12.7. Updates `io.jsonwebtoken:jjwt-api` from 0.12.6 to 0.12.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-api's releases</a>.</em></p> <blockquote> <h2>0.12.7</h2> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM! This is useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sigpwned"><code>@sigpwned</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/968">jwtk/jjwt#968</a></li> <li><a href="https://github.com/TheMrMilchmann"><code>@TheMrMilchmann</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/979">jwtk/jjwt#979</a></li> <li><a href="https://github.com/atanasg"><code>@atanasg</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/974">jwtk/jjwt#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-api's changelog</a>.</em></p> <blockquote> <h3>0.12.7</h3> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM, useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/77aeda012c4e31b86fb66acf43a67775c6fa3142"><code>77aeda0</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/47d966f8e93734cf35fc19f5c1a9e5cc4abe624b"><code>47d966f</code></a> Testing latest sonatype central publishing guidelines</li> <li><a href="https://github.com/jwtk/jjwt/commit/22ca29fe8849b11d2793bfcf2825ef692f2c19b2"><code>22ca29f</code></a> [maven-release-plugin] rollback the release of 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0487f9b49f10f37b7ad5b4e664f3e9b9a25e4a1c"><code>0487f9b</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/jwtk/jjwt/commit/4329125bac91880cb852983b1475465c30a1d819"><code>4329125</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0ddc51421240a9832f38c9afd966429c6d1aeb19"><code>0ddc514</code></a> - Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/efed1cf56f9b9715e60eaac7fda6b2c4b62410b9"><code>efed1cf</code></a> Updated 0.12.7 change list</li> <li><a href="https://github.com/jwtk/jjwt/commit/ca27b122b7f44f3bdd4cd4f636d084f38cc3b3c8"><code>ca27b12</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/1010">#1010</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1011">#1011</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/55c7b9adef88328f59534f232060830c34f25478"><code>55c7b9a</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/771">#771</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1009">#1009</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6e9c6a5a825c5ec38f90006f48cc1f8640a6d82e"><code>6e9c6a5</code></a> Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1008">#1008</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-impl` from 0.12.6 to 0.12.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-impl's releases</a>.</em></p> <blockquote> <h2>0.12.7</h2> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM! This is useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sigpwned"><code>@sigpwned</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/968">jwtk/jjwt#968</a></li> <li><a href="https://github.com/TheMrMilchmann"><code>@TheMrMilchmann</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/979">jwtk/jjwt#979</a></li> <li><a href="https://github.com/atanasg"><code>@atanasg</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/974">jwtk/jjwt#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-impl's changelog</a>.</em></p> <blockquote> <h3>0.12.7</h3> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM, useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/77aeda012c4e31b86fb66acf43a67775c6fa3142"><code>77aeda0</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/47d966f8e93734cf35fc19f5c1a9e5cc4abe624b"><code>47d966f</code></a> Testing latest sonatype central publishing guidelines</li> <li><a href="https://github.com/jwtk/jjwt/commit/22ca29fe8849b11d2793bfcf2825ef692f2c19b2"><code>22ca29f</code></a> [maven-release-plugin] rollback the release of 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0487f9b49f10f37b7ad5b4e664f3e9b9a25e4a1c"><code>0487f9b</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/jwtk/jjwt/commit/4329125bac91880cb852983b1475465c30a1d819"><code>4329125</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0ddc51421240a9832f38c9afd966429c6d1aeb19"><code>0ddc514</code></a> - Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/efed1cf56f9b9715e60eaac7fda6b2c4b62410b9"><code>efed1cf</code></a> Updated 0.12.7 change list</li> <li><a href="https://github.com/jwtk/jjwt/commit/ca27b122b7f44f3bdd4cd4f636d084f38cc3b3c8"><code>ca27b12</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/1010">#1010</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1011">#1011</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/55c7b9adef88328f59534f232060830c34f25478"><code>55c7b9a</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/771">#771</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1009">#1009</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6e9c6a5a825c5ec38f90006f48cc1f8640a6d82e"><code>6e9c6a5</code></a> Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1008">#1008</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-jackson` from 0.12.6 to 0.12.7 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fbee4b99e4 |
build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 (#4230)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.1 to 4.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>4.7.2</h2> <h2>What's Changed</h2> <ul> <li>Add Missing Languages to CodeQL Advanced Configuration by <a href="https://github.com/KyFaSt"><code>@KyFaSt</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/945">actions/dependency-review-action#945</a></li> <li>Deprecate deny lists by <a href="https://github.com/claire153"><code>@claire153</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/958">actions/dependency-review-action#958</a></li> <li>Address discrepancy between docs and reality by <a href="https://github.com/ahpook"><code>@ahpook</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/960">actions/dependency-review-action#960</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/KyFaSt"><code>@KyFaSt</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/945">actions/dependency-review-action#945</a></li> <li><a href="https://github.com/claire153"><code>@claire153</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/958">actions/dependency-review-action#958</a></li> <li><a href="https://github.com/ahpook"><code>@ahpook</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/960">actions/dependency-review-action#960</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4...v4.7.2">https://github.com/actions/dependency-review-action/compare/v4...v4.7.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/bc41886e18ea39df68b1b1245f4184881938e050"><code>bc41886</code></a> Cut 4.7.2 version release (<a href="https://redirect.github.com/actions/dependency-review-action/issues/964">#964</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/1c73553e364351d71bdd9718e92c824e1d39aaf1"><code>1c73553</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/960">#960</a> from ahpook/ahpook/address-docs-dashes</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fac3d41a588e61d27618248093f9c9137e20527c"><code>fac3d41</code></a> Bump the minor-updates group across 1 directory with 5 updates (<a href="https://redirect.github.com/actions/dependency-review-action/issues/956">#956</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d8073c4b76cb44bb87b02d4facf11c298317533b"><code>d8073c4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/958">#958</a> from actions/claire153/deprecate-deny-lists</li> <li><a href="https://github.com/actions/dependency-review-action/commit/77184c6339b69987ba61f2fd650e0facc7bd2637"><code>77184c6</code></a> Fix tests</li> <li><a href="https://github.com/actions/dependency-review-action/commit/5558c35bb3e79ef0a0f2d9896a56060e24df9bea"><code>5558c35</code></a> Address discrepancy between docs and reality</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e85d57a50e73c596b97dac69d8b3ed1a110c8bbf"><code>e85d57a</code></a> Remove test code</li> <li><a href="https://github.com/actions/dependency-review-action/commit/3eb62794c5d48f3f51627b823b3efad8c224aafb"><code>3eb6279</code></a> Re-add test package. Only show warning in summary if option is used. Update c...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/7cf33ac2f2d46e957b8c2df562c806d68486ab80"><code>7cf33ac</code></a> Remove test deny list</li> <li><a href="https://github.com/actions/dependency-review-action/commit/493bee056051bfd97929ad42f88aa2422bd19196"><code>493bee0</code></a> Remove test package</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/da24556b548a50705dd671f47852072ea4c105d9...bc41886e18ea39df68b1b1245f4184881938e050">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0afbd148cd |
build(deps): bump edu.sc.seis.launch4j from 3.0.7 to 4.0.0 (#4182)
Bumps edu.sc.seis.launch4j from 3.0.7 to 4.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
91b2f5da53 |
build(deps): bump actions/ai-inference from 1.2.7 to 1.2.8 (#4181)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.7 to 1.2.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v1.2.8</h2> <h2>What's Changed</h2> <ul> <li>Ensure MCP loops output the right response format by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/89">actions/ai-inference#89</a></li> <li>Force exit once inference finishes by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/88">actions/ai-inference#88</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1...v1.2.8">https://github.com/actions/ai-inference/compare/v1...v1.2.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/b81b2afb8390ee6839b494a404766bef6493c7d9"><code>b81b2af</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/88">#88</a> from actions/sgoedecke/force-exit-once-inference-finishes</li> <li><a href="https://github.com/actions/ai-inference/commit/9133f813307a2b02458ed619b7c644316a378541"><code>9133f81</code></a> package</li> <li><a href="https://github.com/actions/ai-inference/commit/7923b92ef8460464ee4eb8f8975a727234fd5509"><code>7923b92</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/89">#89</a> from actions/sgoedecke/ensure-mcp-loops-output-desired...</li> <li><a href="https://github.com/actions/ai-inference/commit/e44da102bfb48b5f86362e4cc7a3550e4c4e2f20"><code>e44da10</code></a> fixup format parsing</li> <li><a href="https://github.com/actions/ai-inference/commit/866ae2b5d7332a2710e5fa066d267fbff1850d38"><code>866ae2b</code></a> Ensure MCP loops output the right response format</li> <li><a href="https://github.com/actions/ai-inference/commit/4685e0dcd41bc58f268df3c4bf86f5dfeca31fc7"><code>4685e0d</code></a> Force exit once inference finishes in case we are holding any connections open</li> <li>See full diff in <a href="https://github.com/actions/ai-inference/compare/0cbed4a10641c75090de5968e66d70eb4660f751...b81b2afb8390ee6839b494a404766bef6493c7d9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1dd5e9c649 |
build(deps): bump actions/checkout from 4.2.2 to 4.3.0 (#4180)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <ul> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955"><code>08eba0b</code></a> Prepare release v4.3.0 (<a href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li> <li><a href="https://github.com/actions/checkout/commit/631c7dc4f80f88219c5ee78fee08c6b62fac8da1"><code>631c7dc</code></a> Update package dependencies (<a href="https://redirect.github.com/actions/checkout/issues/2236">#2236</a>)</li> <li><a href="https://github.com/actions/checkout/commit/8edcb1bdb4e267140fa742c62e395cd74f332709"><code>8edcb1b</code></a> Update CODEOWNERS for actions (<a href="https://redirect.github.com/actions/checkout/issues/2224">#2224</a>)</li> <li><a href="https://github.com/actions/checkout/commit/09d2acae674a48949e3602304ab46fd20ae0c42f"><code>09d2aca</code></a> Update README.md (<a href="https://redirect.github.com/actions/checkout/issues/2194">#2194</a>)</li> <li><a href="https://github.com/actions/checkout/commit/85e6279cec87321a52edac9c87bce653a07cf6c2"><code>85e6279</code></a> Adjust positioning of user email note and permissions heading (<a href="https://redirect.github.com/actions/checkout/issues/2044">#2044</a>)</li> <li><a href="https://github.com/actions/checkout/commit/009b9ae9e446ad8d9b8c809870b0fbcc5e03573e"><code>009b9ae</code></a> Documentation update - add recommended permissions to Readme (<a href="https://redirect.github.com/actions/checkout/issues/2043">#2043</a>)</li> <li><a href="https://github.com/actions/checkout/commit/cbb722410c2e876e24abbe8de2cc27693e501dcb"><code>cbb7224</code></a> Update README.md (<a href="https://redirect.github.com/actions/checkout/issues/1977">#1977</a>)</li> <li><a href="https://github.com/actions/checkout/commit/3b9b8c884f6b4bb4d5be2779c26374abadae0871"><code>3b9b8c8</code></a> docs: update README.md (<a href="https://redirect.github.com/actions/checkout/issues/1971">#1971</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08eba0b27e820071cde6df949e0beb9ba4906955">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2c293d2231 |
build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 (#4179)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li> <li>BREAKING fix: inconsistent path behavior for single artifact downloads by ID by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li> </ul> <h2>v5.0.0</h2> <h3>🚨 Breaking Change</h3> <p>This release fixes an inconsistency in path behavior for single artifact downloads by ID. <strong>If you're downloading single artifacts by ID, the output path may change.</strong></p> <h4>What Changed</h4> <p>Previously, <strong>single artifact downloads</strong> behaved differently depending on how you specified the artifact:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (direct)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/my-artifact/</code> (nested)</li> </ul> <p>Now both methods are consistent:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (unchanged)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/</code> (fixed - now direct)</li> </ul> <h4>Migration Guide</h4> <h5>✅ No Action Needed If:</h5> <ul> <li>You download artifacts by <strong>name</strong></li> <li>You download <strong>multiple</strong> artifacts by ID</li> <li>You already use <code>merge-multiple: true</code> as a workaround</li> </ul> <h5>⚠️ Action Required If:</h5> <p>You download <strong>single artifacts by ID</strong> and your workflows expect the nested directory structure.</p> <p><strong>Before v5 (nested structure):</strong></p> <pre lang="yaml"><code>- uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist # Files were in: dist/my-artifact/ </code></pre> <blockquote> <p>Where <code>my-artifact</code> is the name of the artifact you previously uploaded</p> </blockquote> <p><strong>To maintain old behavior (if needed):</strong></p> <pre lang="yaml"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/634f93cb2916e3fdff6788551b99b062d0335ce0"><code>634f93c</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/416">#416</a> from actions/single-artifact-id-download-path</li> <li><a href="https://github.com/actions/download-artifact/commit/b19ff4302770b82aa4694b63703b547756dacce6"><code>b19ff43</code></a> refactor: resolve download path correctly in artifact download tests (mainly ...</li> <li><a href="https://github.com/actions/download-artifact/commit/e262cbee4ab8c473c61c59a81ad8e9dc760e90db"><code>e262cbe</code></a> bundle dist</li> <li><a href="https://github.com/actions/download-artifact/commit/bff23f9308ceb2f06d673043ea6311519be6a87b"><code>bff23f9</code></a> update docs</li> <li><a href="https://github.com/actions/download-artifact/commit/fff8c148a8fdd56aa81fcb019f0b5f6c65700c4d"><code>fff8c14</code></a> fix download path logic when downloading a single artifact by id</li> <li><a href="https://github.com/actions/download-artifact/commit/448e3f862ab3ef47aa50ff917776823c9946035b"><code>448e3f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/407">#407</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/download-artifact/commit/47225c44b359a5155efdbbbc352041b3e249fb1b"><code>47225c4</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...634f93cb2916e3fdff6788551b99b062d0335ce0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
84142bb42a |
build(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4178)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.7 to 3.29.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.21 - 28 July 2025</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/76621b61decf072c1cee8dd1ce2d2a82d33c17ed"><code>76621b6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3019">#3019</a> from github/update-v3.29.8-679a40d33</li> <li><a href="https://github.com/github/codeql-action/commit/29ac3cefbb645d41622f6f9baa1415e06d73cf06"><code>29ac3ce</code></a> Add release notes for 3.29.7</li> <li><a href="https://github.com/github/codeql-action/commit/737cfdebe687c6e720fb99761f23d89751c3b93a"><code>737cfde</code></a> Update changelog for v3.29.8</li> <li><a href="https://github.com/github/codeql-action/commit/679a40d337fedd9b7318253dd72bfe7dc6d1886c"><code>679a40d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3014">#3014</a> from github/henrymercer/rebuild-dispatch</li> <li><a href="https://github.com/github/codeql-action/commit/6fe50b283a3d2e5533299f72d99216cd8815500f"><code>6fe50b2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3015">#3015</a> from github/henrymercer/language-autodetection-worka...</li> <li><a href="https://github.com/github/codeql-action/commit/6bc91d64f66d435200c8ba85c64878c3cbfad33b"><code>6bc91d6</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/6b4fedca4f3428195d7ba1ca7c7404f9ea472911"><code>6b4fedc</code></a> Bump Action patch version</li> <li><a href="https://github.com/github/codeql-action/commit/5794ffcb4ab0e87e4b8a8446ef048488303db295"><code>5794ffc</code></a> Fix auto-detection of extractors that aren't languages</li> <li><a href="https://github.com/github/codeql-action/commit/bd62bf449cd8695f818546752cc8157693e1716c"><code>bd62bf4</code></a> Finish in-progress merges</li> <li><a href="https://github.com/github/codeql-action/commit/2afb4e6f3c84ec0534284f2b47ae8206dcb401bf"><code>2afb4e6</code></a> Avoid specifying branch unnecessarily</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bb07eced6e |
build(deps): bump gradle/actions from 4.4.1 to 4.4.2 (#4177)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.1 to 4.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.2</h2> <p>This patch release updates a bunch of dependency versions</p> <h2>What's Changed</h2> <ul> <li>Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/703">gradle/actions#703</a>)</li> <li>Bumps the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/pull/702">gradle/actions#702</a>)</li> <li>Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/pull/704">gradle/actions#704</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/701">gradle/actions#701</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/695">gradle/actions#695</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/696">gradle/actions#696</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/697">gradle/actions#697</a>)</li> <li>Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/693">gradle/actions#693</a>)</li> <li>Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/691">gradle/actions#691</a>)</li> <li>Bump the npm-dependencies group in /sources with 5 updates (<a href="https://redirect.github.com/gradle/actions/pull/692">gradle/actions#692</a>)</li> <li>Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (<a href="https://redirect.github.com/gradle/actions/pull/685">gradle/actions#685</a>)</li> <li>Bump the npm-dependencies group across 1 directory with 8 updates (<a href="https://redirect.github.com/gradle/actions/pull/684">gradle/actions#684</a>)</li> <li>Run Gradle release candidate tests with JDK 17 (<a href="https://redirect.github.com/gradle/actions/pull/690">gradle/actions#690</a>)</li> <li>Update Develocity npm agent to version 1.0.1 (<a href="https://redirect.github.com/gradle/actions/pull/687">gradle/actions#687</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/688">gradle/actions#688</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (<a href="https://redirect.github.com/gradle/actions/pull/683">gradle/actions#683</a></li> <li>Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/gradle/actions/pull/675">gradle/actions#675</a>)</li> <li>Bump the gradle group across 3 directories with 2 updates (<a href="https://redirect.github.com/gradle/actions/pull/674">gradle/actions#674</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (<a href="https://redirect.github.com/gradle/actions/pull/679">gradle/actions#679</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/682">gradle/actions#682</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/681">gradle/actions#681</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/680">gradle/actions#680</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/676">gradle/actions#676</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.1...v4.4.2">https://github.com/gradle/actions/compare/v4.4.1...v4.4.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/017a9effdb900e5b5b2fddfb590a105619dca3c3"><code>017a9ef</code></a> Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group a...</li> <li><a href="https://github.com/gradle/actions/commit/d5397cf4c822cff29ba7b79b2c9ed29917bbe84a"><code>d5397cf</code></a> Merge branch 'main' into dependabot/github_actions/github-actions-12d2e1d0cf</li> <li><a href="https://github.com/gradle/actions/commit/559dfbd266963f24dd17a76f3ce0f009a6c020ef"><code>559dfbd</code></a> Bump the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/issues/702">#702</a>)</li> <li><a href="https://github.com/gradle/actions/commit/075ee283cc5fba335ac5184eb48b40672919612a"><code>075ee28</code></a> Merge branch 'main' into dependabot/npm_and_yarn/sources/npm-dependencies-fda...</li> <li><a href="https://github.com/gradle/actions/commit/c3e68c5c72468b5662b0e325d727b1c1e6a14c16"><code>c3e68c5</code></a> Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/issues/704">#704</a>)</li> <li><a href="https://github.com/gradle/actions/commit/d7e674f97b03ec86a7d6f688bd66c45269b35bf1"><code>d7e674f</code></a> Fix init script tests dependencies</li> <li><a href="https://github.com/gradle/actions/commit/3e6512898620556ad8848c4073e8279051eaf7db"><code>3e65128</code></a> Upgrade init script tests to Gradle 9</li> <li><a href="https://github.com/gradle/actions/commit/896b9fa30994e16abfabdffea39f9bbffa8ade46"><code>896b9fa</code></a> Run tests on Gradle release candidate and current with JDK 17 as required sin...</li> <li><a href="https://github.com/gradle/actions/commit/431b3e39ba5839847f90c3917165b1f0b5b2d0fa"><code>431b3e3</code></a> Bump github/codeql-action in the github-actions group across 1 directory</li> <li><a href="https://github.com/gradle/actions/commit/44c3664945acba910b91b10f41602a5caceb57df"><code>44c3664</code></a> Bump the npm-dependencies group in /sources with 4 updates</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/ac638b010cf58a27ee6c972d7336334ccaf61c96...017a9effdb900e5b5b2fddfb590a105619dca3c3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bb8edffaab |
build(deps): bump actions/ai-inference from 1.2.3 to 1.2.4 (#4119)
Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.3 to 1.2.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v1.2.4</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@github/local-action</code> from 3.2.1 to 5.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/63">actions/ai-inference#63</a></li> <li>Bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.43.0 to 4.45.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/65">actions/ai-inference#65</a></li> <li>Bump jest and <code>@types/jest</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/66">actions/ai-inference#66</a></li> <li>Tidy up package.json by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/69">actions/ai-inference#69</a></li> <li>Moves project to using vitest by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/70">actions/ai-inference#70</a></li> <li>Move some linter files out of the root and use GitHub's shared prettier config by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/72">actions/ai-inference#72</a></li> <li>chore(deps): bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.45.1 to 4.46.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/76">actions/ai-inference#76</a></li> <li>chore(deps): bump actions/publish-action from 0.2.2 to 0.3.0 in the actions-minor group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/74">actions/ai-inference#74</a></li> <li>Separate out MCP token by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/83">actions/ai-inference#83</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1...v1.2.4">https://github.com/actions/ai-inference/compare/v1...v1.2.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/4b591cc5298ae9428fff72279eced918e444c409"><code>4b591cc</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/83">#83</a> from actions/sgoedecke/separate-mcp</li> <li><a href="https://github.com/actions/ai-inference/commit/ea24ec2ed4aeb6d19b8936f886e8fb5741527467"><code>ea24ec2</code></a> Update README.md</li> <li><a href="https://github.com/actions/ai-inference/commit/b9f9444fb79985625c6981038caa00e6346408ed"><code>b9f9444</code></a> update docs</li> <li><a href="https://github.com/actions/ai-inference/commit/419f171f16e478d9f608f4fe3fabe29f5dcdccae"><code>419f171</code></a> Separate out MCP token</li> <li><a href="https://github.com/actions/ai-inference/commit/fc8527d1d95538cb45e8f49fbc95dc9e5681b849"><code>fc8527d</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/74">#74</a> from actions/dependabot/github_actions/actions-minor-e...</li> <li><a href="https://github.com/actions/ai-inference/commit/719349dfcccd7fbeee25901255dbf1a59c88d3fb"><code>719349d</code></a> Merge branch 'main' into dependabot/github_actions/actions-minor-e893b3f303</li> <li><a href="https://github.com/actions/ai-inference/commit/2762750922fa62f91dc6203df8b23c2684d5a52b"><code>2762750</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/76">#76</a> from actions/dependabot/npm_and_yarn/rollup/rollup-lin...</li> <li><a href="https://github.com/actions/ai-inference/commit/9386906af5e73f620356d314711097696823d770"><code>9386906</code></a> chore(deps): bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.45.1 to 4.46.0</li> <li><a href="https://github.com/actions/ai-inference/commit/ca9eff70517ac00934ae11b2c2164fde6c48954e"><code>ca9eff7</code></a> chore(deps): bump actions/publish-action in the actions-minor group</li> <li><a href="https://github.com/actions/ai-inference/commit/6bef1d0031bbc403a1e49d373ab67e03c2eb60ae"><code>6bef1d0</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/72">#72</a> from actions/mr/linters</li> <li>Additional commits viewable in <a href="https://github.com/actions/ai-inference/compare/9693b137b6566bb66055a713613bf4f0493701eb...4b591cc5298ae9428fff72279eced918e444c409">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b91bfac416 |
build(deps): bump docker/login-action from 3.4.0 to 3.5.0 (#4118)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/184bdaa0721073962dff0199f1fb9940f07167d1"><code>184bdaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/878">#878</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/5c6bc94683baa064818f51e7417087c2ac58b32c"><code>5c6bc94</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/caf405864315c6006c5581b540e5047cf728b4e7"><code>caf4058</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/ef38ec311a7df3f01475313e7c5bb584b74b112a"><code>ef38ec3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/860">#860</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/d52e8ef81c0de894e9c95bed8de0ee5955ec7eb7"><code>d52e8ef</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9644ab7025be3206ff4b12f1531a1b6919022b00"><code>9644ab7</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/7abd1d512621d8896b31f4ea992d207f15915ad6"><code>7abd1d5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/875">#875</a> from docker/dependabot/npm_and_yarn/form-data-2.5.5</li> <li><a href="https://github.com/docker/login-action/commit/1a81202c4fda440f3b33eca3381d5d39c7efe85e"><code>1a81202</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/876">#876</a> from crazy-max/aws-public-dual-stack</li> <li><a href="https://github.com/docker/login-action/commit/d1ab30dc54161cbfd704562857677edf4dd7837a"><code>d1ab30d</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/f25ff28d1c8cd9a7c35896711238fed682755e1c"><code>f25ff28</code></a> support dual-stack for aws public ecr</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/74a5d142397b4f367a81961eba4e8cd7edddf772...184bdaa0721073962dff0199f1fb9940f07167d1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
63b64b5dc5 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.34 to 2.2.35 (#4117)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.34 to 2.2.35. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d47f5e26a |
build(deps): bump docker/metadata-action from 5.7.0 to 5.8.0 (#4116)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.7.0 to 5.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.8.0</h2> <ul> <li>New <code>is_not_default_branch</code> global expression by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/535">docker/metadata-action#535</a></li> <li>Allow to match part of the git tag or value for semver/pep440 types by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/536">docker/metadata-action#536</a> <a href="https://redirect.github.com/docker/metadata-action/pull/537">docker/metadata-action#537</a></li> <li>Bump <code>@actions/github</code> from 6.0.0 to 6.0.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/523">docker/metadata-action#523</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/526">docker/metadata-action#526</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/533">docker/metadata-action#533</a></li> <li>Bump moment-timezone from 0.5.47 to 0.6.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/525">docker/metadata-action#525</a></li> <li>Bump semver from 7.7.1 to 7.7.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/524">docker/metadata-action#524</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0">https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/metadata-action/commit/c1e51972afc2121e065aed6d45c65596fe445f3f"><code>c1e5197</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/537">#537</a> from crazy-max/pep440-match</li> <li><a href="https://github.com/docker/metadata-action/commit/89dd65a56942f24df76cdf7a4c23b89e9e0c64f9"><code>89dd65a</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/699ee45cf1d1e4c00bb9ca9bacb9f983fc58fbf6"><code>699ee45</code></a> allow to match part of the git tag or value for pep440 type</li> <li><a href="https://github.com/docker/metadata-action/commit/e0542a6360c9f152bbf3353bd9c94564a730f25f"><code>e0542a6</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/536">#536</a> from crazy-max/semver-match</li> <li><a href="https://github.com/docker/metadata-action/commit/b7facdfcef4956d2d16250632ca1d9fb16ed637c"><code>b7facdf</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/81c60dfb8b905e3a16457c3da8880fc62e9051b8"><code>81c60df</code></a> allow to match part of the git tag or value for semver type</li> <li><a href="https://github.com/docker/metadata-action/commit/de1119515dcfb4b110f21f67dc739b3ba1472a84"><code>de11195</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/535">#535</a> from crazy-max/not_def_branch</li> <li><a href="https://github.com/docker/metadata-action/commit/2f9c64b1b1b1f3dd8b9e5a74ae4db13087cb814e"><code>2f9c64b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/533">#533</a> from docker/dependabot/npm_and_yarn/form-data-2.5.5</li> <li><a href="https://github.com/docker/metadata-action/commit/510f74697528050f83e777f81df8cfccb153ccd3"><code>510f746</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/2bc3f4e0f13f667fe2ccb93725d524c114c6ce80"><code>2bc3f4e</code></a> is_not_default_branch global expression</li> <li>Additional commits viewable in <a href="https://github.com/docker/metadata-action/compare/902fa8ec7d6ecbf8d84d538b9b233a880e428804...c1e51972afc2121e065aed6d45c65596fe445f3f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2a20ffd09a |
build(deps): bump commonmarkVersion from 0.25.0 to 0.25.1 (#4115)
Bumps `commonmarkVersion` from 0.25.0 to 0.25.1. Updates `org.commonmark:commonmark` from 0.25.0 to 0.25.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.1</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark's changelog</a>.</em></p> <blockquote> <h2>[0.25.1] - 2025-08-01</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/b703d6a3561a6eb00f6de8dfab85cf0301cb7a2d"><code>b703d6a</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/eb93eca29e8ea0369186b6a22afd2b1f853df1f8"><code>eb93eca</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/390">#390</a> from commonmark/release-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bd50c7d587c435c80eeb1f59d2c41fed3efefb33"><code>bd50c7d</code></a> Prepare CHANGELOG for version 0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/226e8e970f4525466b28ff4a37b131776204e8b8"><code>226e8e9</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/389">#389</a> from commonmark/issue-388-footnotes-multiple-paragraphs</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/3111fed6c73dc6e961c590c58973b44e12fe5464"><code>3111fed</code></a> footnotes: Fix multiple paragraphs separated by blank lines</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/33737b7d5dd65153f2d022f7b5770f0fa0630296"><code>33737b7</code></a> CHANGELOG: Add issue links</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/c577edfe08e523ab806a111f629a518c4de660be"><code>c577edf</code></a> README: Bump version</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8d5918d4efd3ad1dca4626af8a516872f7aa6121"><code>8d5918d</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.25.0...commonmark-parent-0.25.1">compare view</a></li> </ul> </details> <br /> Updates `org.commonmark:commonmark-ext-gfm-tables` from 0.25.0 to 0.25.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark-ext-gfm-tables's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.1</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark-ext-gfm-tables's changelog</a>.</em></p> <blockquote> <h2>[0.25.1] - 2025-08-01</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/b703d6a3561a6eb00f6de8dfab85cf0301cb7a2d"><code>b703d6a</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/eb93eca29e8ea0369186b6a22afd2b1f853df1f8"><code>eb93eca</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/390">#390</a> from commonmark/release-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bd50c7d587c435c80eeb1f59d2c41fed3efefb33"><code>bd50c7d</code></a> Prepare CHANGELOG for version 0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/226e8e970f4525466b28ff4a37b131776204e8b8"><code>226e8e9</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/389">#389</a> from commonmark/issue-388-footnotes-multiple-paragraphs</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/3111fed6c73dc6e961c590c58973b44e12fe5464"><code>3111fed</code></a> footnotes: Fix multiple paragraphs separated by blank lines</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/33737b7d5dd65153f2d022f7b5770f0fa0630296"><code>33737b7</code></a> CHANGELOG: Add issue links</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/c577edfe08e523ab806a111f629a518c4de660be"><code>c577edf</code></a> README: Bump version</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8d5918d4efd3ad1dca4626af8a516872f7aa6121"><code>8d5918d</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.25.0...commonmark-parent-0.25.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
47a49c5353 |
build(deps): bump org.eclipse.angus:angus-mail from 2.0.3 to 2.0.4 (#4114)
Bumps [org.eclipse.angus:angus-mail](https://github.com/eclipse-ee4j/angus-mail) from 2.0.3 to 2.0.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/37c1c6ca1e7bdc1c7be6ed47eb6f1e388d3cbc79"><code>37c1c6c</code></a> Prepare release org.eclipse.angus:all:2.0.4</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a53d904ca190c7241ee923b14bae6e16d0726c35"><code>a53d904</code></a> Update changes log (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/169">#169</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/5d0e7b3f5155130c55e6375ae3f5dc5d0a3564ab"><code>5d0e7b3</code></a> Update changes log</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/84fe702f7a4837f325b878f17fee148a7e8ba951"><code>84fe702</code></a> Fix issue299 (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/166">#166</a>) (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/167">#167</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a15041d503cefb380e3a5284eb7144eb92d82e93"><code>a15041d</code></a> Update README.md</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/005bec40252bc732d2822cb9ab79902a4adc6f17"><code>005bec4</code></a> Merge pull request <a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/138">#138</a> from eclipse-ee4j/2.0.3-RELEASE</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/637b1913d26a0420a6b6bf1ed7ed0ebb868d8a57"><code>637b191</code></a> Update TCK-Results.md</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/2a375178f614071e872cd518d18ffa337af19029"><code>2a37517</code></a> Prepare next development cycle for 2.0.4-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/eclipse-ee4j/angus-mail/compare/2.0.3...2.0.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
31598f3f1e |
build(deps): bump org.springframework.boot:spring-boot-dependencies from 3.5.3 to 3.5.4 (#4058)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.5.3 to 3.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v3.5.4</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>LambdaSafe.withFilter is not public <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46474">#46474</a></li> <li>Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46402">#46402</a></li> <li>Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46398">#46398</a></li> <li>Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46351">#46351</a></li> <li>Change in DefaultErrorAttributes alters the shape of API validation error responses <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46260">#46260</a></li> <li>jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46225">#46225</a></li> <li>developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46205">#46205</a></li> <li>Hash calculation for uber archive entries that require unpacking is inefficient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46203">#46203</a></li> <li>Permissions are applied inconsistently when building uber archives with Gradle <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46194">#46194</a></li> <li>Environment variables using legacy dash format can no longer be bound <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46184">#46184</a></li> <li>EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46180">#46180</a></li> <li>Executable JAR application class encounters performance issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46177">#46177</a></li> <li>Executable JAR application class encounters performance issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46176">#46176</a></li> <li>Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46174">#46174</a></li> <li>Setting spring.netty.leak-detection has no effect when lazy initialization is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46170">#46170</a></li> <li>SslInfo does not use its Clock when checking certificate validity <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46011">#46011</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Fix description of spring.batch.job.enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46247">#46247</a></li> <li>Fix broken Kotlin examples in reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46168">#46168</a></li> <li>Add Logback Access Reactor Netty to community starters <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46060">#46060</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to ActiveMQ 6.1.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46373">#46373</a></li> <li>Upgrade to Caffeine 3.2.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46432">#46432</a></li> <li>Upgrade to Couchbase Client 3.8.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46460">#46460</a></li> <li>Upgrade to GraphQL Java 24.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46395">#46395</a></li> <li>Upgrade to Groovy 4.0.28 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46516">#46516</a></li> <li>Upgrade to Hibernate 6.6.22.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46492">#46492</a></li> <li>Upgrade to HikariCP 6.3.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46493">#46493</a></li> <li>Upgrade to Infinispan 15.2.5.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46461">#46461</a></li> <li>Upgrade to Jackson Bom 2.19.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46494">#46494</a></li> <li>Upgrade to Jetty 12.0.23 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46375">#46375</a></li> <li>Upgrade to MariaDB 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46376">#46376</a></li> <li>Upgrade to Maven Invoker Plugin 3.9.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46377">#46377</a></li> <li>Upgrade to Micrometer 1.15.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46280">#46280</a></li> <li>Upgrade to Micrometer Tracing 1.5.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46281">#46281</a></li> <li>Upgrade to MSSQL JDBC 12.10.1.jre11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46378">#46378</a></li> <li>Upgrade to MySQL 9.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46371">#46371</a></li> <li>Upgrade to Neo4j Java Driver 5.28.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46434">#46434</a></li> <li>Upgrade to Netty 4.1.123.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46435">#46435</a></li> <li>Upgrade to Prometheus Client 1.3.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46379">#46379</a></li> <li>Upgrade to Reactor Bom 2024.0.8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46282">#46282</a></li> <li>Upgrade to RxJava3 3.1.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46380">#46380</a></li> <li>Upgrade to Spring AMQP 3.2.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46283">#46283</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/925f9bc6ba99f0eaffce1e357282d3672b88e2a5"><code>925f9bc</code></a> Release v3.5.4</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d82fb358acc9e99af28303ccd922df634e1d69ee"><code>d82fb35</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4b6064f4aaf8f00633d29f3777e531f2f0aebd0e"><code>4b6064f</code></a> Next development version (v3.4.9-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a39c8f034a2ba187b4ddb703666531b8689cadcc"><code>a39c8f0</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/99d53dec18924d5b07f528b00a37ced110602341"><code>99d53de</code></a> Upgrade to Spring Integration 6.5.1</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/1b4aad592e62335ef3c290414bc6bf4f8daf2a2b"><code>1b4aad5</code></a> Upgrade to Groovy 4.0.28</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/3f0f79b982b6847893ecf086875461223288bb0e"><code>3f0f79b</code></a> Upgrade to Spring Integration 6.4.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ff8443c016ec1c7fe140c6ce6a58978af05025a8"><code>ff8443c</code></a> Upgrade to Groovy 4.0.28</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/aed85504210a7c79fbc49831f2fb09f77661bce6"><code>aed8550</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/5406976ee99187d2b6d69d5759f75a72ae757c82"><code>5406976</code></a> Apply commercial input consistently</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.3...v3.5.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6aa474596e |
build(deps): bump org.springframework.boot from 3.5.3 to 3.5.4 (#4059)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.3 to 3.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.4</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>LambdaSafe.withFilter is not public <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46474">#46474</a></li> <li>Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46402">#46402</a></li> <li>Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46398">#46398</a></li> <li>Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46351">#46351</a></li> <li>Change in DefaultErrorAttributes alters the shape of API validation error responses <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46260">#46260</a></li> <li>jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46225">#46225</a></li> <li>developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46205">#46205</a></li> <li>Hash calculation for uber archive entries that require unpacking is inefficient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46203">#46203</a></li> <li>Permissions are applied inconsistently when building uber archives with Gradle <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46194">#46194</a></li> <li>Environment variables using legacy dash format can no longer be bound <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46184">#46184</a></li> <li>EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46180">#46180</a></li> <li>Executable JAR application class encounters performance issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46177">#46177</a></li> <li>Executable JAR application class encounters performance issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46176">#46176</a></li> <li>Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46174">#46174</a></li> <li>Setting spring.netty.leak-detection has no effect when lazy initialization is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46170">#46170</a></li> <li>SslInfo does not use its Clock when checking certificate validity <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46011">#46011</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Fix description of spring.batch.job.enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46247">#46247</a></li> <li>Fix broken Kotlin examples in reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46168">#46168</a></li> <li>Add Logback Access Reactor Netty to community starters <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46060">#46060</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to ActiveMQ 6.1.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46373">#46373</a></li> <li>Upgrade to Caffeine 3.2.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46432">#46432</a></li> <li>Upgrade to Couchbase Client 3.8.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46460">#46460</a></li> <li>Upgrade to GraphQL Java 24.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46395">#46395</a></li> <li>Upgrade to Groovy 4.0.28 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46516">#46516</a></li> <li>Upgrade to Hibernate 6.6.22.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46492">#46492</a></li> <li>Upgrade to HikariCP 6.3.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46493">#46493</a></li> <li>Upgrade to Infinispan 15.2.5.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46461">#46461</a></li> <li>Upgrade to Jackson Bom 2.19.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46494">#46494</a></li> <li>Upgrade to Jetty 12.0.23 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46375">#46375</a></li> <li>Upgrade to MariaDB 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46376">#46376</a></li> <li>Upgrade to Maven Invoker Plugin 3.9.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46377">#46377</a></li> <li>Upgrade to Micrometer 1.15.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46280">#46280</a></li> <li>Upgrade to Micrometer Tracing 1.5.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46281">#46281</a></li> <li>Upgrade to MSSQL JDBC 12.10.1.jre11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46378">#46378</a></li> <li>Upgrade to MySQL 9.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46371">#46371</a></li> <li>Upgrade to Neo4j Java Driver 5.28.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46434">#46434</a></li> <li>Upgrade to Netty 4.1.123.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46435">#46435</a></li> <li>Upgrade to Prometheus Client 1.3.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46379">#46379</a></li> <li>Upgrade to Reactor Bom 2024.0.8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46282">#46282</a></li> <li>Upgrade to RxJava3 3.1.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46380">#46380</a></li> <li>Upgrade to Spring AMQP 3.2.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46283">#46283</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/925f9bc6ba99f0eaffce1e357282d3672b88e2a5"><code>925f9bc</code></a> Release v3.5.4</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d82fb358acc9e99af28303ccd922df634e1d69ee"><code>d82fb35</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4b6064f4aaf8f00633d29f3777e531f2f0aebd0e"><code>4b6064f</code></a> Next development version (v3.4.9-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a39c8f034a2ba187b4ddb703666531b8689cadcc"><code>a39c8f0</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/99d53dec18924d5b07f528b00a37ced110602341"><code>99d53de</code></a> Upgrade to Spring Integration 6.5.1</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/1b4aad592e62335ef3c290414bc6bf4f8daf2a2b"><code>1b4aad5</code></a> Upgrade to Groovy 4.0.28</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/3f0f79b982b6847893ecf086875461223288bb0e"><code>3f0f79b</code></a> Upgrade to Spring Integration 6.4.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ff8443c016ec1c7fe140c6ce6a58978af05025a8"><code>ff8443c</code></a> Upgrade to Groovy 4.0.28</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/aed85504210a7c79fbc49831f2fb09f77661bce6"><code>aed8550</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/5406976ee99187d2b6d69d5759f75a72ae757c82"><code>5406976</code></a> Apply commercial input consistently</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.3...v3.5.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
213949d499 |
build(deps): bump com.opencsv:opencsv from 5.11.2 to 5.12.0 (#4060)
Bumps com.opencsv:opencsv from 5.11.2 to 5.12.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1399a306a6 |
build(deps): bump edu.sc.seis.launch4j from 3.0.6 to 3.0.7 (#4062)
Bumps edu.sc.seis.launch4j from 3.0.6 to 3.0.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1eb96f08df |
build(deps): bump github/codeql-action from 3.29.3 to 3.29.5 (#4061)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.3 to 3.29.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.5</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.5/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.4</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.4/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.21 - 28 July 2025</h2> <p>No user facing changes.</p> <h2>3.28.20 - 21 July 2025</h2> <ul> <li>Remove support for combining SARIF files from a single upload for GHES 3.18, see <a href="https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/">the changelog post</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2959">#2959</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/51f77329afa6477de8c49fc9c7046c15b9a4e79d"><code>51f7732</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2997">#2997</a> from github/update-v3.29.5-80a09d7b0</li> <li><a href="https://github.com/github/codeql-action/commit/8e90243ddbe0de3f12f4fa361675387b7f94c48d"><code>8e90243</code></a> Update changelog for v3.29.5</li> <li><a href="https://github.com/github/codeql-action/commit/80a09d7b0b5468297f127c81b43cb7335eed0f30"><code>80a09d7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2996">#2996</a> from github/dependabot/npm_and_yarn/npm-240ab9fad0</li> <li><a href="https://github.com/github/codeql-action/commit/8388115dc8d6af25bf915cc8455a7d6a77253970"><code>8388115</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2994">#2994</a> from github/mergeback/changelog/v3.28.21</li> <li><a href="https://github.com/github/codeql-action/commit/401ecaf503b1a19fc0fbd253cc5afe7759870068"><code>401ecaf</code></a> Merge branch 'main' into mergeback/changelog/v3.28.21</li> <li><a href="https://github.com/github/codeql-action/commit/ab5c0c5fa56442a68c2d51b194ccc93faaaaa639"><code>ab5c0c5</code></a> Merge branch 'main' into dependabot/npm_and_yarn/npm-240ab9fad0</li> <li><a href="https://github.com/github/codeql-action/commit/cd264d4dcdc5ee89d8590821e29c66a1bdcaa968"><code>cd264d4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2986">#2986</a> from github/update-bundle/codeql-bundle-v2.22.2</li> <li><a href="https://github.com/github/codeql-action/commit/4599055b1e273f63344615ade2c46c852c6d5c63"><code>4599055</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.22.2</li> <li><a href="https://github.com/github/codeql-action/commit/fd7ad511e6bd5985ebbc84944e0e173d39a968b8"><code>fd7ad51</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2971">#2971</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/ac0c9bfe1e34d6a76860325c1b4abe8208ce98a6"><code>ac0c9bf</code></a> Merge branch 'main' into update-supported-enterprise-server-versions</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/d6bbdef45e766d081b84a2def353b0055f728d3e...51f77329afa6477de8c49fc9c7046c15b9a4e79d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
31ade3e496 |
build(deps): bump actions/ai-inference from 1.1.0 to 1.2.3 (#4006)
Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.1.0 to 1.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v1.2.3</h2> <h2>What's Changed</h2> <ul> <li>Bump super-linter/super-linter from 7.4.0 to 8.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/62">actions/ai-inference#62</a></li> <li>Add GitHub Actions workflow for releasing new version by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/59">actions/ai-inference#59</a></li> <li>Update readme to say MCP needs a PAT by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/60">actions/ai-inference#60</a></li> <li>Support .prompt.yml files by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/61">actions/ai-inference#61</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1.2.2...v1.2.3">https://github.com/actions/ai-inference/compare/v1.2.2...v1.2.3</a></p> <h2>v1.2.2</h2> <h2>What's Changed</h2> <ul> <li>Fixup bundle by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/58">actions/ai-inference#58</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1.2.1...v1.2.2">https://github.com/actions/ai-inference/compare/v1.2.1...v1.2.2</a></p> <h2>v1.2.1</h2> <h2>What's Changed</h2> <ul> <li>Ensure pkce-challenge is bundled in dist instead of treated as external by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/57">actions/ai-inference#57</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1.2.0...v1.2.1">https://github.com/actions/ai-inference/compare/v1.2.0...v1.2.1</a></p> <h2>v1.2.0</h2> <h2>What's Changed</h2> <ul> <li>Setup licensed on the codespace by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/29">actions/ai-inference#29</a></li> <li>Bump the npm-development group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/36">actions/ai-inference#36</a></li> <li>Update readme by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/41">actions/ai-inference#41</a></li> <li>Bump <code>@jest/globals</code> from 29.7.0 to 30.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/46">actions/ai-inference#46</a></li> <li>Make actual inference in CI optional, since it depends on org settings by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/55">actions/ai-inference#55</a></li> <li>fix: improve error handling for AI service responses by <a href="https://github.com/ainoya"><code>@ainoya</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/49">actions/ai-inference#49</a></li> <li>Add read-only GitHub MCP support by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/56">actions/ai-inference#56</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ainoya"><code>@ainoya</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/49">actions/ai-inference#49</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1.1.0...v1.2.0">https://github.com/actions/ai-inference/compare/v1.1.0...v1.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/9693b137b6566bb66055a713613bf4f0493701eb"><code>9693b13</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/61">#61</a> from actions/sgoedecke/prompt-file</li> <li><a href="https://github.com/actions/ai-inference/commit/d0b2f23c43311aaad7b4a02894c649a1d6571b53"><code>d0b2f23</code></a> Merge branch 'main' into sgoedecke/prompt-file</li> <li><a href="https://github.com/actions/ai-inference/commit/0df96479bcb4ea24c63144c03be8b6ae7b11003f"><code>0df9647</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/60">#60</a> from actions/sgoedecke/update-readme</li> <li><a href="https://github.com/actions/ai-inference/commit/446f075e3b11fd0afca78c8d0df8d04942161497"><code>446f075</code></a> Merge branch 'main' into sgoedecke/update-readme</li> <li><a href="https://github.com/actions/ai-inference/commit/ce58b26ac7f47baf89dc3d2aeaea560107e25277"><code>ce58b26</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/59">#59</a> from actions/sgoedecke-patch-1</li> <li><a href="https://github.com/actions/ai-inference/commit/1cf96b0212eda48166c54df14085910a7c1f1faf"><code>1cf96b0</code></a> Merge branch 'main' into sgoedecke/update-readme</li> <li><a href="https://github.com/actions/ai-inference/commit/f79e4e11cbdac29de8a9db3b227468308bdc7897"><code>f79e4e1</code></a> regenerate dist</li> <li><a href="https://github.com/actions/ai-inference/commit/72102e50bfcdb3f04447929bf2b2fb23e2db81cf"><code>72102e5</code></a> Update src/prompt.ts</li> <li><a href="https://github.com/actions/ai-inference/commit/2bc30a525a2d4893b4836711c397c64122da23c6"><code>2bc30a5</code></a> regenerate dist</li> <li><a href="https://github.com/actions/ai-inference/commit/8f64ac12840ea5f874555d8a5f663a339e4c3cd6"><code>8f64ac1</code></a> Fixup types and tests</li> <li>Additional commits viewable in <a href="https://github.com/actions/ai-inference/compare/d645f067d89ee1d5d736a5990e327e504d1c5a4a...9693b137b6566bb66055a713613bf4f0493701eb">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c161000f85 |
build(deps): bump com.diffplug.spotless from 7.1.0 to 7.2.1 (#4019)
Bumps com.diffplug.spotless from 7.1.0 to 7.2.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b650d443a7 |
build(deps): bump springSecuritySamlVersion from 6.5.1 to 6.5.2 (#4020)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d80c11dffa |
build(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2 (#4009)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.1 to 3.9.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.2</h2> <h2>What's Changed</h2> <ul> <li>not fail fast and setup permissions in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/195">sigstore/cosign-installer#195</a></li> <li>drop old unsupported versions <v2.0.0 in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/192">sigstore/cosign-installer#192</a></li> <li>Update default to v2.5.3 in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/196">sigstore/cosign-installer#196</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.1...v3.9.2">https://github.com/sigstore/cosign-installer/compare/v3.9.1...v3.9.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/d58896d6a1865668819e1d91763c7751a165e159"><code>d58896d</code></a> Update default to v2.5.3 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/196">#196</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/e40248c492a99ad409432e2ea978d7a2811f2e1f"><code>e40248c</code></a> drop old unsupported versions <v2.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/192">#192</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/d9374b96fed791ab117111a9a307a92b68bf3145"><code>d9374b9</code></a> not fail fast and setup permissions (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/195">#195</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/398d4b0eeef1380460a10c8013a76f728fb906ac...d58896d6a1865668819e1d91763c7751a165e159">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c80aaf6cd2 |
build(deps): bump actions/checkout from 2.4.2 to 4.2.2 (#4010)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.2 to 4.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <h2>v4.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependabot updates in <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a> & <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yasonk"><code>@yasonk</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li> <li><a href="https://github.com/lucacome"><code>@lucacome</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p> <h2>v4.1.7</h2> <h2>What's Changed</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/orhantoy"><code>@orhantoy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.6...v4.1.7">https://github.com/actions/checkout/compare/v4.1.6...v4.1.7</a></p> <h2>v4.1.6</h2> <h2>What's Changed</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> <li>Update for 4.1.6 release by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1733">actions/checkout#1733</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.5...v4.1.6">https://github.com/actions/checkout/compare/v4.1.5...v4.1.6</a></p> <h2>v4.1.5</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <ul> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> </ul> <h2>v4.1.2</h2> <ul> <li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code> option is not present <a href="https://github.com/dscho"><code>@dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li> </ul> <h2>v4.1.1</h2> <ul> <li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@peterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li> <li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li> </ul> <h2>v4.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/11bd71901bbe5b1630ceea73d27597364c9af683"><code>11bd719</code></a> Prepare 4.2.2 Release (<a href="https://redirect.github.com/actions/checkout/issues/1953">#1953</a>)</li> <li><a href="https://github.com/actions/checkout/commit/e3d2460bbb42d7710191569f88069044cfb9d8cf"><code>e3d2460</code></a> Expand unit test coverage (<a href="https://redirect.github.com/actions/checkout/issues/1946">#1946</a>)</li> <li><a href="https://github.com/actions/checkout/commit/163217dfcd28294438ea1c1c149cfaf66eec283e"><code>163217d</code></a> <code>url-helper.ts</code> now leverages well-known environment variables. (<a href="https://redirect.github.com/actions/checkout/issues/1941">#1941</a>)</li> <li><a href="https://github.com/actions/checkout/commit/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871"><code>eef6144</code></a> Prepare 4.2.1 release (<a href="https://redirect.github.com/actions/checkout/issues/1925">#1925</a>)</li> <li><a href="https://github.com/actions/checkout/commit/6b42224f41ee5dfe5395e27c8b2746f1f9955030"><code>6b42224</code></a> Add workflow file for publishing releases to immutable action package (<a href="https://redirect.github.com/actions/checkout/issues/1919">#1919</a>)</li> <li><a href="https://github.com/actions/checkout/commit/de5a000abf73b6f4965bd1bcdf8f8d94a56ea815"><code>de5a000</code></a> Check out other refs/* by commit if provided, fall back to ref (<a href="https://redirect.github.com/actions/checkout/issues/1924">#1924</a>)</li> <li><a href="https://github.com/actions/checkout/commit/d632683dd7b4114ad314bca15554477dd762a938"><code>d632683</code></a> Prepare 4.2.0 release (<a href="https://redirect.github.com/actions/checkout/issues/1878">#1878</a>)</li> <li><a href="https://github.com/actions/checkout/commit/6d193bf28034eafb982f37bd894289fe649468fc"><code>6d193bf</code></a> Bump braces from 3.0.2 to 3.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/1777">#1777</a>)</li> <li><a href="https://github.com/actions/checkout/commit/db0cee9a514becbbd4a101a5fbbbf47865ee316c"><code>db0cee9</code></a> Bump the minor-npm-dependencies group across 1 directory with 4 updates (<a href="https://redirect.github.com/actions/checkout/issues/1872">#1872</a>)</li> <li><a href="https://github.com/actions/checkout/commit/b6849436894e144dbce29d7d7fda2ae3bf9d8365"><code>b684943</code></a> Add Ref and Commit outputs (<a href="https://redirect.github.com/actions/checkout/issues/1180">#1180</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/v2.4.2...11bd71901bbe5b1630ceea73d27597364c9af683">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
28e95438b3 |
build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#4008)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.2 to 3.29.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.3</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.3/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.20 - 21 July 2025</h2> <ul> <li>Remove support for combining SARIF files from a single upload for GHES 3.18, see <a href="https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/">the changelog post</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2959">#2959</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/d6bbdef45e766d081b84a2def353b0055f728d3e"><code>d6bbdef</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2977">#2977</a> from github/update-v3.29.3-7710ed11e</li> <li><a href="https://github.com/github/codeql-action/commit/210cc9bfa2103f4b7c4701ee383183b944c62578"><code>210cc9b</code></a> Update changelog for v3.29.3</li> <li><a href="https://github.com/github/codeql-action/commit/7710ed11e398ea99c7f7004c2b2e0f580458db42"><code>7710ed1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2970">#2970</a> from github/cklin/diff-informed-feature-enable</li> <li><a href="https://github.com/github/codeql-action/commit/6a49a8cbce6ecbd74ea251a48dbc84e64ce3be4d"><code>6a49a8c</code></a> build: refresh js files</li> <li><a href="https://github.com/github/codeql-action/commit/3aef4108d1730e17b6fd24f8b9c49d8fcc87d46d"><code>3aef410</code></a> Add diff-informed-analysis-utils.test.ts</li> <li><a href="https://github.com/github/codeql-action/commit/614b64c6ec97a4ad54f7c99c5becbf593144dbfb"><code>614b64c</code></a> Diff-informed analysis: disable for GHES below 3.19</li> <li><a href="https://github.com/github/codeql-action/commit/aefb854fe5563f4650638224c839c6e9b33c25b5"><code>aefb854</code></a> Feature.DiffInformedQueries: default to true</li> <li><a href="https://github.com/github/codeql-action/commit/03a2a17e75d20e4ff461b43f161fb2b52165f632"><code>03a2a17</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2967">#2967</a> from github/cklin/overlay-feature-flags</li> <li><a href="https://github.com/github/codeql-action/commit/07455ed3c36f739ad76d1c4e55f8b49550f74344"><code>07455ed</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2972">#2972</a> from github/koesie10/ghes-satisfies</li> <li><a href="https://github.com/github/codeql-action/commit/3fb562ddcce3ca92b83ea1bb7abaa579a1ab882d"><code>3fb562d</code></a> build: refresh js files</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...d6bbdef45e766d081b84a2def353b0055f728d3e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b1bbad53bc |
build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 (#4007)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.2 to 2.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/ec9f2d5744a09debf3a187a3f4f675c53b671911"><code>ec9f2d5</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/565">#565</a> from step-security/rc-24</li> <li><a href="https://github.com/step-security/harden-runner/commit/04bcbc31cfcefe0cf4720832008735021cec5ec4"><code>04bcbc3</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/7c7a56fcaa124ab72fff1cc3e81257f264fd7317"><code>7c7a56f</code></a> feat: get job summary from API</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49...ec9f2d5744a09debf3a187a3f4f675c53b671911">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ea9b27719f |
build(deps): bump alpine from 3.22.0 to 3.22.1 (#4011)
Bumps alpine from 3.22.0 to 3.22.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0b4913c6e4 |
build(deps): bump commons-io:commons-io from 2.19.0 to 2.20.0 (#4003)
Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.19.0 to 2.20.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt">commons-io:commons-io's changelog</a>.</em></p> <blockquote> <p>Apache Commons IO 2.20.0 Release Notes</p> <p>The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.</p> <h2>Introduction</h2> <p>The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.</p> <p>Version 2.19.1: Java 8 or later is required.</p> <h2>New features</h2> <p>o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) <a href="https://redirect.github.com/apache/commons-io/issues/743">#743</a>. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option <a href="https://redirect.github.com/apache/commons-io/issues/757">#757</a>. Thanks to Joerg Budischewski, Gary Gregory.</p> <h2>Fixed Bugs</h2> <p>o [javadoc] Rename parameter of ProxyOutputStream.write(int) <a href="https://redirect.github.com/apache/commons-io/issues/740">#740</a>. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter <a href="https://redirect.github.com/apache/commons-io/issues/743">#743</a>. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset <a href="https://redirect.github.com/apache/commons-io/issues/744">#744</a>. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. <a href="https://redirect.github.com/apache/commons-io/issues/748">#748</a>. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again <a href="https://redirect.github.com/apache/commons-io/issues/756">#756</a>. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. <a href="https://redirect.github.com/apache/commons-io/issues/758">#758</a>. Thanks to Alex Benusovich.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/commons-io/commit/c224bce839494ed651e5eba320b27c73ce8d804e"><code>c224bce</code></a> Prepare for the release candidate 2.20.0 RC1</li> <li><a href="https://github.com/apache/commons-io/commit/8981a5c9664574003f5d7620cf5133325161e543"><code>8981a5c</code></a> Remove workaround for</li> <li><a href="https://github.com/apache/commons-io/commit/4ef481f14220c19f6114a3f793df2202bb1336a6"><code>4ef481f</code></a> Prepare for the next release candidate</li> <li><a href="https://github.com/apache/commons-io/commit/d23228f4a94bd070b0505e5a528da1413915c8a4"><code>d23228f</code></a> Merge branch 'master' of <a href="https://github.com/apache/commons-io.git">https://github.com/apache/commons-io.git</a></li> <li><a href="https://github.com/apache/commons-io/commit/5d2737ffe489b91c4af7ccddfeda93d860750729"><code>5d2737f</code></a> Add <a href="https://github.com/SuppressWarnings"><code>@SuppressWarnings</code></a></li> <li><a href="https://github.com/apache/commons-io/commit/e5c80d6eff29b9a3b2b917356345d90237e84e57"><code>e5c80d6</code></a> Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 <a href="https://redirect.github.com/apache/commons-io/issues/761">#761</a></li> <li><a href="https://github.com/apache/commons-io/commit/2017ac063c1cc284dc855265a15a4e2dfdc653e4"><code>2017ac0</code></a> Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (<a href="https://redirect.github.com/apache/commons-io/issues/761">#761</a>)</li> <li><a href="https://github.com/apache/commons-io/commit/07ce798898b6c6ca639e6ad0e2beecf55cf00d7a"><code>07ce798</code></a> Javadoc</li> <li><a href="https://github.com/apache/commons-io/commit/a828efa09f5b32f80485c2302caf78b8ee3c857c"><code>a828efa</code></a> Add ciManagement element to POM</li> <li><a href="https://github.com/apache/commons-io/commit/46bd1c2955a29d676bfbc3fea6cce84918ba6ac5"><code>46bd1c2</code></a> Javadoc</li> <li>Additional commits viewable in <a href="https://github.com/apache/commons-io/compare/rel/commons-io-2.19.0...rel/commons-io-2.20.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b510df9951 |
build(deps): bump org.snakeyaml:snakeyaml-engine from 2.9 to 2.10 (#3948)
Bumps [org.snakeyaml:snakeyaml-engine](https://bitbucket.org/snakeyaml/snakeyaml-engine) from 2.9 to 2.10. <details> <summary>Commits</summary> <ul> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/61e3f77df22d165ca210f9ef61abbe4c7a764b10"><code>61e3f77</code></a> Issue 56: improve code</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/ab996bb428a3769b7118ecc5a4035d64514464b8"><code>ab996bb</code></a> Issue 56: refactor rename variable</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/7b316bbad0fdb51b9027652c25963d062cbebe65"><code>7b316bb</code></a> Issue 56: refactor rename variable</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/c46d5f741720b5ba1152e0d7de2c21e6c0ee42c8"><code>c46d5f7</code></a> Issue 56: remove unused merge code in StandardConstructor</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/553748c968e1b22969f1411e5e061ed3dfb96403"><code>553748c</code></a> Fix issue 55 only for JSON</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/b484094bfcea73d167a2d284ec8289e4ce3d316f"><code>b484094</code></a> Clarify when to expect NoSuchElementException</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/e6b30e3b8d385e7e555d919b18dbc6ad571bd989"><code>e6b30e3</code></a> Wrap IOException in UncheckedIOException by default</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/5d0fa73483309d837e43d8da1ba25a9446ceafd8"><code>5d0fa73</code></a> Update changes</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/3e19067a981c376eb146dedf8e74810d6d539cf8"><code>3e19067</code></a> Update changes</li> <li><a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/commits/4de1481f10c1cf90ff5b33abe1cf31709f3bdf62"><code>4de1481</code></a> Merge branch 'master' into issue-55-json</li> <li>Additional commits viewable in <a href="https://bitbucket.org/snakeyaml/snakeyaml-engine/branches/compare/snakeyaml-engine-2.10..snakeyaml-engine-2.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
638d9ec43c |
build(deps): bump io.micrometer:micrometer-core from 1.15.1 to 1.15.2 (#3947)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8ba7cfe921 |
Bump com.unboundid.product.scim2:scim2-sdk-client from 2.3.5 to 4.0.0 (#3736)
Bumps [com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2) from 2.3.5 to 4.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pingidentity/scim2/blob/master/CHANGELOG.md">com.unboundid.product.scim2:scim2-sdk-client's changelog</a>.</em></p> <blockquote> <h2>v4.0.0 - 2025-Jun-10</h2> <p>Removed support for Java 11. The UnboundID SCIM 2 SDK now requires Java 17 or a later release.</p> <p>Updated the following dependencies:</p> <ul> <li>Jackson: 2.18.3</li> <li>Jakarta RS: 4.0.0</li> <li>Jersey: 3.1.10</li> </ul> <p>Updated the default behavior for ADD patch requests with value filters (e.g., <code>emails[type eq "work"].display</code>). The SCIM SDK will now target existing values within the multi-valued attribute. For more background on this type of patch request, see the release notes for the 3.2.0 release where this was introduced (but not made the default). To restore the old behavior, set the following property in your application:</p> <pre><code>PatchOperation.APPEND_NEW_PATCH_VALUES_PROPERTY = true; </code></pre> <p>Updated <code>SearchRequestBuilder</code> to be more permissive of ListResponses with non-standard attribute casing (e.g., if a response includes a <code>"resources"</code> array instead of <code>"Resources"</code>).</p> <p>Updated the class-level documentation of <code>SearchRequest</code> to provide more background about how searches are performed in the SCIM standard.</p> <p>Added a new property that allows ignoring unknown fields when converting JSON text to Java objects that inherit from <code>BaseScimResource</code>. This behaves similarly to the <code>FAIL_ON_UNKNOWN_PROPERTIES</code> setting from the Jackson library, and allows for easier integration with SCIM service providers that include additional non-standard data in their responses. To enable this setting, set the following property in your application code:</p> <pre><code>BaseScimResource.IGNORE_UNKNOWN_FIELDS = true; </code></pre> <p>Fixed an issue with methods that interface with schema extensions such as <code>BaseScimResource.getExtensionValues(String)</code>. These accepted paths as a string, but previously performed updates to the extension data incorrectly.</p> <p>Simplified the implementation of the StaticUtils#toLowerCase method. This had an optimization for Java versions before JDK 9 that was especially beneficial for the most common case of handling ASCII characters. Since JDK 9, however, the String class has been updated so that the class is backed by a byte array as opposed to a character array, so it is more optimal to use the JDK's implementation directly while handling null values.</p> <p>Previous releases of the SCIM SDK set many classes as <code>final</code> to encourage applications to follow strict compliance to the SCIM standard. However, this also makes it difficult to integrate with services that violate the standard. An example of this is a SCIM error response that contains extra fields in the JSON body. To help accommodate these integrations, the SCIM SDK has been updated so that several model classes are no longer <code>final</code>, allowing applications to <code>extend</code> them if needed. The following classes were updated:</p> <ul> <li>scim2-sdk-client builder classes such as <code>CreateRequestBuilder.java</code></li> <li><code>ErrorResponse.java</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pingidentity/scim2/commit/039c7e62645744498f938f3502517dcdd18c2986"><code>039c7e6</code></a> Setting release version 4.0.0</li> <li><a href="https://github.com/pingidentity/scim2/commit/ea0486470e61493829dbd1664f63fbcc949bc597"><code>ea04864</code></a> Update CHANGELOG date for the 4.0.0 release.</li> <li><a href="https://github.com/pingidentity/scim2/commit/bfd276e8221b7843ba0d6f605d2a95f09cfe11b0"><code>bfd276e</code></a> Make GenericScimResource extendable.</li> <li><a href="https://github.com/pingidentity/scim2/commit/9008757a2281e2cbaf36e05a0bb1f276ab15a800"><code>9008757</code></a> Clean up POM and remove Guava test dependency.</li> <li><a href="https://github.com/pingidentity/scim2/commit/a954381dcca9ac0fbb9b3171252cba861a3323b2"><code>a954381</code></a> Remove the deprecated ScimDateFormat class.</li> <li><a href="https://github.com/pingidentity/scim2/commit/76f23141ffc8564becbb671c1aaa4060d7a0c161"><code>76f2314</code></a> Enhance the Filter classes and their documentation</li> <li><a href="https://github.com/pingidentity/scim2/commit/cfd9d7ecf9e3ef0a32cc9ca0fbe9ffc5e202d3cc"><code>cfd9d7e</code></a> Add a new filter method for SearchRequestBuilder.</li> <li><a href="https://github.com/pingidentity/scim2/commit/3c3c0cad3382f9a21456e1af0133e9263ef526c2"><code>3c3c0ca</code></a> Fix CodeQL by adding Java 17 installation step</li> <li><a href="https://github.com/pingidentity/scim2/commit/114ad5105bd245b2115e4ca9523f532bff7a5535"><code>114ad51</code></a> Import the default codeql.yaml</li> <li><a href="https://github.com/pingidentity/scim2/commit/26fe8f180a281ca6e296e8b40be10f1f02ea0f47"><code>26fe8f1</code></a> Allow extending model classes</li> <li>Additional commits viewable in <a href="https://github.com/pingidentity/scim2/compare/scim2-2.3.5...scim2-4.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b2f1404f68 |
chore(deps): bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3939)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b4df5c648a |
chore(deps): bump com.diffplug.spotless from 7.0.4 to 7.1.0 (#3904)
Bumps com.diffplug.spotless from 7.0.4 to 7.1.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7dd6d50ef3 |
Bump urllib3 from 2.3.0 to 2.5.0 in /testing/cucumber in the pip group across 1 directory (#3769)
Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.3.0 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.3.0...2.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e1e295d33b |
Bump com.opencsv:opencsv from 5.11.1 to 5.11.2 (#3793)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps com.opencsv:opencsv from 5.11.1 to 5.11.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
09b185febf |
Bump commonmarkVersion from 0.24.0 to 0.25.0 (#3789)
Bumps `commonmarkVersion` from 0.24.0 to 0.25.0. Updates `org.commonmark:commonmark` from 0.24.0 to 0.25.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.0</h2> <h3>Added</h3> <ul> <li>Include OSGi metadata in jars (<code>META-INF/MANIFEST.MF</code> files) (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/378">#378</a>)</li> <li>More documentation with examples for <code>Node</code> classes (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/370">#370</a>)</li> </ul> <h3>Changed</h3> <ul> <li>GitHub tables: Tables are now parsed even if there's no blank line before the table heading, matching GitHub's behavior. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code>MarkdownRenderer</code>: Fix precedence for <code>nodeRendererFactory</code>: Factories passed to the builder can now override rendering for core node types. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/368">#368</a>)</li> <li><code>MarkdownRenderer</code>: Fix exception with ordered lists with a long first number followed by a shorter one (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li>Fix warning in Eclipse about "missing 'requires transitive'" (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/358">#358</a>)</li> <li>Fix Android incompatibility with <code>requireNonNullElseGet</code> (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/369">#369</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark's changelog</a>.</em></p> <blockquote> <h2>[0.25.0] - 2025-06-20</h2> <h3>Added</h3> <ul> <li>Include OSGi metadata in jars (<code>META-INF/MANIFEST.MF</code> files) (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/378">#378</a>)</li> <li>More documentation with examples for <code>Node</code> classes (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/370">#370</a>)</li> </ul> <h3>Changed</h3> <ul> <li>GitHub tables: Tables are now parsed even if there's no blank line before the table heading, matching GitHub's behavior. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code>MarkdownRenderer</code>: Fix precedence for <code>nodeRendererFactory</code>: Factories passed to the builder can now override rendering for core node types. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/368">#368</a>)</li> <li><code>MarkdownRenderer</code>: Fix exception with ordered lists with a long first number followed by a shorter one (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li>Fix warning in Eclipse about "missing 'requires transitive'" (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/358">#358</a>)</li> <li>Fix Android incompatibility with <code>requireNonNullElseGet</code> (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/369">#369</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/99e6050ae12e862e39f4a0b81108ec155d4817af"><code>99e6050</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.0</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/17019911385988005a2083d74df8952ce045a6db"><code>1701991</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/385">#385</a> from commonmark/release-0.25</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/6354f0244746a5e6cd6b44f0be61e153681f2270"><code>6354f02</code></a> Prepare for version 0.25.0</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/adcf2f232c9fcf55e29770c78a9285d5446517f3"><code>adcf2f2</code></a> Prepare CHANGELOG for release 0.25</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8cc1fa20723736833441b9e9ecee93a1df1045fb"><code>8cc1fa2</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/384">#384</a> from commonmark/central-publisher-portal</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/5e6b740271587bb0881a5f065d56f05f8ae7ed9f"><code>5e6b740</code></a> Migrate from OSSRH to Central Publisher Portal</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/7616e19533837233fa4dfd2b9f09e283d6f00927"><code>7616e19</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/383">#383</a> from commonmark/markdown-renderer-ordered-list-fix</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/971aaa9edeaa7ef161e4553b001be91bf2d83cea"><code>971aaa9</code></a> MarkdownRenderer: Fix ordered list with long start number (fixes <a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/32c9290bc4c9b7d9daec25832dec31404459f8e4"><code>32c9290</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a> from commonmark/tables-without-blank-line-before</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bb57a5f0921ab7e46f44128c875720617452564a"><code>bb57a5f</code></a> Parse tables without blank line before</li> <li>Additional commits viewable in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.24.0...commonmark-parent-0.25.0">compare view</a></li> </ul> </details> <br /> Updates `org.commonmark:commonmark-ext-gfm-tables` from 0.24.0 to 0.25.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark-ext-gfm-tables's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.0</h2> <h3>Added</h3> <ul> <li>Include OSGi metadata in jars (<code>META-INF/MANIFEST.MF</code> files) (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/378">#378</a>)</li> <li>More documentation with examples for <code>Node</code> classes (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/370">#370</a>)</li> </ul> <h3>Changed</h3> <ul> <li>GitHub tables: Tables are now parsed even if there's no blank line before the table heading, matching GitHub's behavior. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code>MarkdownRenderer</code>: Fix precedence for <code>nodeRendererFactory</code>: Factories passed to the builder can now override rendering for core node types. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/368">#368</a>)</li> <li><code>MarkdownRenderer</code>: Fix exception with ordered lists with a long first number followed by a shorter one (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li>Fix warning in Eclipse about "missing 'requires transitive'" (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/358">#358</a>)</li> <li>Fix Android incompatibility with <code>requireNonNullElseGet</code> (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/369">#369</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark-ext-gfm-tables's changelog</a>.</em></p> <blockquote> <h2>[0.25.0] - 2025-06-20</h2> <h3>Added</h3> <ul> <li>Include OSGi metadata in jars (<code>META-INF/MANIFEST.MF</code> files) (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/378">#378</a>)</li> <li>More documentation with examples for <code>Node</code> classes (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/370">#370</a>)</li> </ul> <h3>Changed</h3> <ul> <li>GitHub tables: Tables are now parsed even if there's no blank line before the table heading, matching GitHub's behavior. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code>MarkdownRenderer</code>: Fix precedence for <code>nodeRendererFactory</code>: Factories passed to the builder can now override rendering for core node types. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/368">#368</a>)</li> <li><code>MarkdownRenderer</code>: Fix exception with ordered lists with a long first number followed by a shorter one (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li>Fix warning in Eclipse about "missing 'requires transitive'" (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/358">#358</a>)</li> <li>Fix Android incompatibility with <code>requireNonNullElseGet</code> (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/369">#369</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/99e6050ae12e862e39f4a0b81108ec155d4817af"><code>99e6050</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.0</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/17019911385988005a2083d74df8952ce045a6db"><code>1701991</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/385">#385</a> from commonmark/release-0.25</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/6354f0244746a5e6cd6b44f0be61e153681f2270"><code>6354f02</code></a> Prepare for version 0.25.0</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/adcf2f232c9fcf55e29770c78a9285d5446517f3"><code>adcf2f2</code></a> Prepare CHANGELOG for release 0.25</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8cc1fa20723736833441b9e9ecee93a1df1045fb"><code>8cc1fa2</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/384">#384</a> from commonmark/central-publisher-portal</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/5e6b740271587bb0881a5f065d56f05f8ae7ed9f"><code>5e6b740</code></a> Migrate from OSSRH to Central Publisher Portal</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/7616e19533837233fa4dfd2b9f09e283d6f00927"><code>7616e19</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/383">#383</a> from commonmark/markdown-renderer-ordered-list-fix</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/971aaa9edeaa7ef161e4553b001be91bf2d83cea"><code>971aaa9</code></a> MarkdownRenderer: Fix ordered list with long start number (fixes <a href="https://redirect.github.com/commonmark/commonmark-java/issues/382">#382</a>)</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/32c9290bc4c9b7d9daec25832dec31404459f8e4"><code>32c9290</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/381">#381</a> from commonmark/tables-without-blank-line-before</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bb57a5f0921ab7e46f44128c875720617452564a"><code>bb57a5f</code></a> Parse tables without blank line before</li> <li>Additional commits viewable in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.24.0...commonmark-parent-0.25.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9760c30638 |
Bump io.swagger.core.v3:swagger-core-jakarta from 2.2.33 to 2.2.34 (#3791)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.33 to 2.2.34. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
afb1df02b6 |
Bump org.panteleyev.jpackageplugin from 1.6.1 to 1.7.3 (#3740)
Bumps org.panteleyev.jpackageplugin from 1.6.1 to 1.7.3. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
0b342d463c |
chore(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.1 (#3801)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.0 to 3.9.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.1</h2> <h2>What's Changed</h2> <ul> <li>default action install to use release v2.5.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/193">sigstore/cosign-installer#193</a></li> <li>default cosign to v2.5.2 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/194">sigstore/cosign-installer#194</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1">https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/398d4b0eeef1380460a10c8013a76f728fb906ac"><code>398d4b0</code></a> default cosign to v2.5.2 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/194">#194</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/84f54a2bcd1ecf70e51a05388183dce4e1487230"><code>84f54a2</code></a> default action install to use release v2.5.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/193">#193</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3...398d4b0eeef1380460a10c8013a76f728fb906ac">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e7ac4b7b20 |
chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 (#3849)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2">https://github.com/step-security/harden-runner/compare/v2...v2.12.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49"><code>6c439dc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/562">#562</a> from step-security/rc-22</li> <li><a href="https://github.com/step-security/harden-runner/commit/bf5688696d0b2cf8221eadb38e4232386015763a"><code>bf56886</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/5436dac7b5fa76a1a179168f5f4de86c00e22c84"><code>5436dac</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/88d305a3530acfa6d1939000baaa571e520df9c8"><code>88d305a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/b976878278dbe3bc16039f7165b8faf809c50297"><code>b976878</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/875cc92db280a03598e7492a3e6c165c689f7af6"><code>875cc92</code></a> Update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/002fdce3c6a235733a90a27c80493a3241e56863...6c439dc8bdf85cadbbce9ed30d1c7b959517bc49">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
48c0112b87 |
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 (#3848)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.0 to 3.29.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.2</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.1</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b"><code>181d5ee</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2957">#2957</a> from github/update-v3.29.2-4c57370d0</li> <li><a href="https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca"><code>c77386a</code></a> Fix changelog PR number</li> <li><a href="https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b"><code>8d43d4e</code></a> Update changelog for v3.29.2</li> <li><a href="https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a"><code>4c57370</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2935">#2935</a> from github/mbg/interpret-cq-results</li> <li><a href="https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c"><code>2830b75</code></a> Add changelog entry</li> <li><a href="https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c"><code>aa72dda</code></a> Merge branch 'main' into mbg/interpret-cq-results</li> <li><a href="https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551"><code>65d1e45</code></a> Rename <code>SARIF_UPLOAD_ENDPOINT</code> members</li> <li><a href="https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f"><code>362ebf8</code></a> Check both SARIF files in <code>quality-queries.yml</code> test</li> <li><a href="https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab"><code>10a3e4b</code></a> Fix formatting</li> <li><a href="https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae"><code>8593ea6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2954">#2954</a> from github/mergeback/v3.29.1-to-main-39edc492</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858...181d5eefc20863364f96762470ba6f862bdef56b">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
cc3aa6b703 |
Bump org.springframework.boot:spring-boot-dependencies from 3.5.0 to 3.5.3 (#3787)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.5.0 to 3.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v3.5.3</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46040">#46040</a></li> </ul> <h2>v3.5.2</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46032">#46032</a></li> </ul> <h2>v3.5.1</h2> <h2>⚠️ Noteworthy Changes</h2> <ul> <li>This release <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45872">upgrades to Tomcat 10.1.42</a> which has introduced limits for part count and header size in <code>multipart/form-data</code> requests. These limits can be customized using <code>server.tomcat.max-part-count</code> and <code>server.tomcat.max-part-header-size</code> respectively.</li> </ul> <h2>⭐ New Features</h2> <ul> <li>Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors <a href="https://redirect.github.com/spring-projects/spring-boot/issues/42932">#42932</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Executable JAR application class encounters performance issues when classpath URLs reference a host <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46028">#46028</a></li> <li>Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46019">#46019</a></li> <li>spring.couchbase.authentication.jks.private-key-password has no effect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46006">#46006</a></li> <li>Actuator heapdump endpoint is failing on modern OpenJ9 JVMs <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46005">#46005</a></li> <li>UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45994">#45994</a></li> <li>DataSouceBuilder can fail with a NPE when the driver is null <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45992">#45992</a></li> <li>JSON writer incorrectly escapes forward slash which can cause structure logging issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45980">#45980</a></li> <li>ManagementContextAutoConfiguration adds a property source that degrades binding performance <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45968">#45968</a></li> <li>ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45955">#45955</a></li> <li>It is not possible to opt-out of profile validation or use profile names that contain '.' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45947">#45947</a></li> <li>GraphQlProperties.DeprecatedSse is not annotated as deprecated <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45878">#45878</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45857">#45857</a></li> <li>Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45848">#45848</a></li> <li>ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45803">#45803</a></li> <li>Binding no longer works with sytem environment properties that are not upper case <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45741">#45741</a></li> <li>ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45736">#45736</a></li> <li>Default version of Awailitility is not compatible with Kotlin 1.9 baseline <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45673">#45673</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45670">#45670</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45669">#45669</a></li> <li>SAML2 autoconfiguration is not imported by <code>@WebMvcTest</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45666">#45666</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45660">#45660</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Fix Docker security options links in Packaging OCI images sections <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46021">#46021</a></li> <li>Improve documentation for configuring Spring Security with '/error' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46009">#46009</a></li> <li>Timestamps in Retrieving Audit Events examples do not match the accompanying text <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45997">#45997</a></li> <li>Add SSL response structure to actuator info endpoint documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45921">#45921</a></li> <li>Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45915">#45915</a></li> <li>Include configuration classes from all modules in the "Auto-configuration Classes" appendix <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45863">#45863</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/0ec7194fc1a3196e8e27cf845e05da1c99315600"><code>0ec7194</code></a> Release v3.5.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/18e5e0647d0b8c2cc363235dfb4f1cf7b76fa838"><code>18e5e06</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/cb9cf45b7fb465479173adf04d615ee744e7236e"><code>cb9cf45</code></a> Restore previous source in Context.withSource calls</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/01a23c3d209eaa505e7afc29f5292eb2631af67c"><code>01a23c3</code></a> Next development version (v3.5.3-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/7b553d9093502bb5c9a5efa3eeb39ccd7bc8c046"><code>7b553d9</code></a> Protect against null names when filter is applied more than once</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/440ea79df1f7a94685f9d6c8d4553601ca91c7d6"><code>440ea79</code></a> Next development version (v3.5.2-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a816518679da676366670d02a754bdf5e8368842"><code>a816518</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/05906cc04759ea4ad7f2551ad051d05d0e40b450"><code>05906cc</code></a> Next development version (v3.4.8-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/74fe4adcaf299ea441664a379ce7df1a6bee47ed"><code>74fe4ad</code></a> Upgrade to HttpClient5 5.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/98632a1f485dc26b4b1e73350d4311b812e42663"><code>98632a1</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.0...v3.5.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
077962872e |
Bump org.springframework.boot from 3.5.0 to 3.5.3 (#3788)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.0 to 3.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.3</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46040">#46040</a></li> </ul> <h2>v3.5.2</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46032">#46032</a></li> </ul> <h2>v3.5.1</h2> <h2>⚠️ Noteworthy Changes</h2> <ul> <li>This release <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45872">upgrades to Tomcat 10.1.42</a> which has introduced limits for part count and header size in <code>multipart/form-data</code> requests. These limits can be customized using <code>server.tomcat.max-part-count</code> and <code>server.tomcat.max-part-header-size</code> respectively.</li> </ul> <h2>⭐ New Features</h2> <ul> <li>Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors <a href="https://redirect.github.com/spring-projects/spring-boot/issues/42932">#42932</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Executable JAR application class encounters performance issues when classpath URLs reference a host <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46028">#46028</a></li> <li>Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46019">#46019</a></li> <li>spring.couchbase.authentication.jks.private-key-password has no effect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46006">#46006</a></li> <li>Actuator heapdump endpoint is failing on modern OpenJ9 JVMs <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46005">#46005</a></li> <li>UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45994">#45994</a></li> <li>DataSouceBuilder can fail with a NPE when the driver is null <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45992">#45992</a></li> <li>JSON writer incorrectly escapes forward slash which can cause structure logging issues <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45980">#45980</a></li> <li>ManagementContextAutoConfiguration adds a property source that degrades binding performance <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45968">#45968</a></li> <li>ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45955">#45955</a></li> <li>It is not possible to opt-out of profile validation or use profile names that contain '.' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45947">#45947</a></li> <li>GraphQlProperties.DeprecatedSse is not annotated as deprecated <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45878">#45878</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45857">#45857</a></li> <li>Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45848">#45848</a></li> <li>ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45803">#45803</a></li> <li>Binding no longer works with sytem environment properties that are not upper case <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45741">#45741</a></li> <li>ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45736">#45736</a></li> <li>Default version of Awailitility is not compatible with Kotlin 1.9 baseline <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45673">#45673</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45670">#45670</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45669">#45669</a></li> <li>SAML2 autoconfiguration is not imported by <code>@WebMvcTest</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45666">#45666</a></li> <li>Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45660">#45660</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Fix Docker security options links in Packaging OCI images sections <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46021">#46021</a></li> <li>Improve documentation for configuring Spring Security with '/error' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46009">#46009</a></li> <li>Timestamps in Retrieving Audit Events examples do not match the accompanying text <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45997">#45997</a></li> <li>Add SSL response structure to actuator info endpoint documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45921">#45921</a></li> <li>Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45915">#45915</a></li> <li>Include configuration classes from all modules in the "Auto-configuration Classes" appendix <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45863">#45863</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/0ec7194fc1a3196e8e27cf845e05da1c99315600"><code>0ec7194</code></a> Release v3.5.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/18e5e0647d0b8c2cc363235dfb4f1cf7b76fa838"><code>18e5e06</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/cb9cf45b7fb465479173adf04d615ee744e7236e"><code>cb9cf45</code></a> Restore previous source in Context.withSource calls</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/01a23c3d209eaa505e7afc29f5292eb2631af67c"><code>01a23c3</code></a> Next development version (v3.5.3-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/7b553d9093502bb5c9a5efa3eeb39ccd7bc8c046"><code>7b553d9</code></a> Protect against null names when filter is applied more than once</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/440ea79df1f7a94685f9d6c8d4553601ca91c7d6"><code>440ea79</code></a> Next development version (v3.5.2-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a816518679da676366670d02a754bdf5e8368842"><code>a816518</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/05906cc04759ea4ad7f2551ad051d05d0e40b450"><code>05906cc</code></a> Next development version (v3.4.8-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/74fe4adcaf299ea441664a379ce7df1a6bee47ed"><code>74fe4ad</code></a> Upgrade to HttpClient5 5.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/98632a1f485dc26b4b1e73350d4311b812e42663"><code>98632a1</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.0...v3.5.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
76808b716a |
Bump docker/setup-buildx-action from 3.11.0 to 3.11.1 (#3790)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.0 to 3.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.11.1</h2> <ul> <li>Fix <code>keep-state</code> not being respected by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/429">docker/setup-buildx-action#429</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1">https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/e468171a9de216ec08956ac3ada2f0791b6bd435"><code>e468171</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/429">#429</a> from crazy-max/fix-keep-state</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a3e7502fd02828f4a26a8294ad2621a6c2204952"><code>a3e7502</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b145473295476dbef957d01d109fe7810b511c95"><code>b145473</code></a> fix keep-state not being respected</li> <li>See full diff in <a href="https://github.com/docker/setup-buildx-action/compare/18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0...e468171a9de216ec08956ac3ada2f0791b6bd435">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
96315ee76f |
Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#3792)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.2 to 3.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/setup-go from 5.4.0 to 5.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/189">sigstore/cosign-installer#189</a></li> <li>bump cosign install to use release v2.5.0 as default by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/191">sigstore/cosign-installer#191</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0">https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3"><code>fb28c2b</code></a> bump cosign install to use release v2.5.0 as default (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/191">#191</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/e9a05e6d32d7ed22b5656cd874ef31af58d05bfa"><code>e9a05e6</code></a> Bump actions/setup-go from 5.4.0 to 5.5.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/189">#189</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/3454372f43399081ed03b604cb2d021dabca52bb...fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
85eb78e707 |
Bump springSecuritySamlVersion from 6.5.0 to 6.5.1 (#3735)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `springSecuritySamlVersion` from 6.5.0 to 6.5.1. Updates `org.springframework.security:spring-security-core` from 6.5.0 to 6.5.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-core's releases</a>.</em></p> <blockquote> <h2>6.5.1</h2> <h2>⭐ New Features</h2> <ul> <li>Create demonstration of include-code usage <a href="https://redirect.github.com/spring-projects/spring-security/issues/17161">#17161</a></li> <li>Setup include-code extension for docs <a href="https://redirect.github.com/spring-projects/spring-security/issues/17160">#17160</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>ClearSiteDataHeaderWriter log is misleading <a href="https://redirect.github.com/spring-projects/spring-security/issues/17166">#17166</a></li> <li>Fix to allow multiple AuthenticationFilter instances to process each request <a href="https://redirect.github.com/spring-projects/spring-security/issues/17216">#17216</a></li> <li>Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' <a href="https://redirect.github.com/spring-projects/spring-security/issues/17210">#17210</a></li> <li>OAuth2ResourceServer using authenticationManagerResolver results in <code>tokenAuthenticationManager cannot be null</code> while startup <a href="https://redirect.github.com/spring-projects/spring-security/issues/17172">#17172</a></li> <li>Publishing a default TargetVisitor should not override Spring MVC support <a href="https://redirect.github.com/spring-projects/spring-security/pull/17189">#17189</a></li> <li>Use HttpStatus in back-channel logout filters <a href="https://redirect.github.com/spring-projects/spring-security/issues/17157">#17157</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17233">#17233</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17192">#17192</a></li> <li>Bump io-spring-javaformat from 0.0.43 to 0.0.45 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17152">#17152</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17220">#17220</a></li> <li>Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17232">#17232</a></li> <li>Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17204">#17204</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17214">#17214</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17184">#17184</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17256">#17256</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17257">#17257</a></li> <li>Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17239">#17239</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17238">#17238</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/evgeniycheban"><code>@evgeniycheban</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/ebdd6c22a89e5b605b0540857f7824754922e56d"><code>ebdd6c2</code></a> Release 6.5.1</li> <li><a href="https://github.com/spring-projects/spring-security/commit/f7cff8deb5e8772e402d6410007be8cef0b65084"><code>f7cff8d</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/b8c19f9df54ca4678df7c0d3ced8f3a8fa953d45"><code>b8c19f9</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/f2dbe28b815161d187933143c336deb843306919"><code>f2dbe28</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/17fe96e4a74d37dfe7694ef09a3863efb2748654"><code>17fe96e</code></a> Merge branch '6.3.x' into 6.4.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/1828d56bf184472ff024577c8b8d9cf75572c73e"><code>1828d56</code></a> Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8</li> <li><a href="https://github.com/spring-projects/spring-security/commit/71851de649f679f8f401ca3be7a02eddaaa7d36d"><code>71851de</code></a> Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13</li> <li><a href="https://github.com/spring-projects/spring-security/commit/60a930a49a64c78f9f29091fa9afdcd9616e49cc"><code>60a930a</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/2b5170541306282ac956129764b244cd231519ea"><code>2b51705</code></a> Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7</li> <li><a href="https://github.com/spring-projects/spring-security/commit/0a15dcaadfe6fd0404a26587d8ad9f1763d96137"><code>0a15dca</code></a> Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/6.5.0...6.5.1">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.security:spring-security-saml2-service-provider` from 6.5.0 to 6.5.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's releases</a>.</em></p> <blockquote> <h2>6.5.1</h2> <h2>⭐ New Features</h2> <ul> <li>Create demonstration of include-code usage <a href="https://redirect.github.com/spring-projects/spring-security/issues/17161">#17161</a></li> <li>Setup include-code extension for docs <a href="https://redirect.github.com/spring-projects/spring-security/issues/17160">#17160</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>ClearSiteDataHeaderWriter log is misleading <a href="https://redirect.github.com/spring-projects/spring-security/issues/17166">#17166</a></li> <li>Fix to allow multiple AuthenticationFilter instances to process each request <a href="https://redirect.github.com/spring-projects/spring-security/issues/17216">#17216</a></li> <li>Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' <a href="https://redirect.github.com/spring-projects/spring-security/issues/17210">#17210</a></li> <li>OAuth2ResourceServer using authenticationManagerResolver results in <code>tokenAuthenticationManager cannot be null</code> while startup <a href="https://redirect.github.com/spring-projects/spring-security/issues/17172">#17172</a></li> <li>Publishing a default TargetVisitor should not override Spring MVC support <a href="https://redirect.github.com/spring-projects/spring-security/pull/17189">#17189</a></li> <li>Use HttpStatus in back-channel logout filters <a href="https://redirect.github.com/spring-projects/spring-security/issues/17157">#17157</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17233">#17233</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17192">#17192</a></li> <li>Bump io-spring-javaformat from 0.0.43 to 0.0.45 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17152">#17152</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17220">#17220</a></li> <li>Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17232">#17232</a></li> <li>Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17204">#17204</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17214">#17214</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17184">#17184</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17256">#17256</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17257">#17257</a></li> <li>Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17239">#17239</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17238">#17238</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/evgeniycheban"><code>@evgeniycheban</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/ebdd6c22a89e5b605b0540857f7824754922e56d"><code>ebdd6c2</code></a> Release 6.5.1</li> <li><a href="https://github.com/spring-projects/spring-security/commit/f7cff8deb5e8772e402d6410007be8cef0b65084"><code>f7cff8d</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/b8c19f9df54ca4678df7c0d3ced8f3a8fa953d45"><code>b8c19f9</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/f2dbe28b815161d187933143c336deb843306919"><code>f2dbe28</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/17fe96e4a74d37dfe7694ef09a3863efb2748654"><code>17fe96e</code></a> Merge branch '6.3.x' into 6.4.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/1828d56bf184472ff024577c8b8d9cf75572c73e"><code>1828d56</code></a> Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8</li> <li><a href="https://github.com/spring-projects/spring-security/commit/71851de649f679f8f401ca3be7a02eddaaa7d36d"><code>71851de</code></a> Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13</li> <li><a href="https://github.com/spring-projects/spring-security/commit/60a930a49a64c78f9f29091fa9afdcd9616e49cc"><code>60a930a</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/2b5170541306282ac956129764b244cd231519ea"><code>2b51705</code></a> Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7</li> <li><a href="https://github.com/spring-projects/spring-security/commit/0a15dcaadfe6fd0404a26587d8ad9f1763d96137"><code>0a15dca</code></a> Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/6.5.0...6.5.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
625900557a |
Bump docker/setup-buildx-action from 3.10.0 to 3.11.0 (#3726)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <ul> <li>Keep BuildKit state support by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/427">docker/setup-buildx-action#427</a></li> <li>Remove aliases created when installing by default by <a href="https://github.com/hashhar"><code>@hashhar</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/139">docker/setup-buildx-action#139</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/422">docker/setup-buildx-action#422</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/425">docker/setup-buildx-action#425</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0">https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0"><code>18ce135</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/425">#425</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/0e198e93af3b40a76583e851660b876e62b3a155"><code>0e198e9</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/05f3f3ac108784e8fb56815c12fbfcf2d0ed660f"><code>05f3f3a</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/622913496df23a5293cfb3418e5836ee4dd28f3a"><code>6229134</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/427">#427</a> from crazy-max/keep-state</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/c6f6a0702519e6c47b71b117b24c0c1c130fdf32"><code>c6f6a07</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/6c5e29d8485c56f3f8d1cb2197b657959dd6e032"><code>6c5e29d</code></a> skip builder creation if one already exists with the same name</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/548b2977492e10f459d0f0df8bee7ce3c5937792"><code>548b297</code></a> ci: keep-state check</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/36590ad0c188499a27159a23cb004d12bdcf695e"><code>36590ad</code></a> check if driver compatible with keep-state</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4143b5899b9d18631036cc02b1fee89f71bc07fc"><code>4143b58</code></a> Support to retain cache</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3f1544eb9eff0b4d4d279b33f704a06fcf8d0e43"><code>3f1544e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/139">#139</a> from hashhar/hashhar/cleanup-aliases</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d98ebddf49 |
Bump gradle/actions from 4.4.0 to 4.4.1 (#3727)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.0 to 4.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.1</h2> <p>This patch release fixes a bug in Develocity Injection with a custom plugin repository. The <code>gradle-plugin-repository-*</code> action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.</p> <p>This issue has been fixed by setting the correct environment variables:</p> <ul> <li><code>gradle-plugin-repository-url</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL</code></li> <li><code>gradle-plugin-repository-username</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME</code></li> <li><code>gradle-plugin-repository-password</code> is mapped to <code>DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD</code></li> </ul> <p>Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.</p> <h2>What's Changed</h2> <ul> <li>Dependency updates by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/667">gradle/actions#667</a></li> <li>Fix plugin repository env vars by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/669">gradle/actions#669</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.0...v4.4.1">https://github.com/gradle/actions/compare/v4.4.0...v4.4.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/ac638b010cf58a27ee6c972d7336334ccaf61c96"><code>ac638b0</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/fd888822a4035f0e380d519857d6ae2db1e4a528"><code>fd88882</code></a> Fix setting env vars for plugin repository (<a href="https://redirect.github.com/gradle/actions/issues/669">#669</a>)</li> <li><a href="https://github.com/gradle/actions/commit/3af3dd3475d8ff0c4ffc9d6e0e9d01e35cd9b2a4"><code>3af3dd3</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/bf78bf9f1057e343a1b2c7b1a2c14085b266741b"><code>bf78bf9</code></a> Dependency updates (<a href="https://redirect.github.com/gradle/actions/issues/667">#667</a>)</li> <li><a href="https://github.com/gradle/actions/commit/ca92106195d5992eceef4f1486b9971b53e3bea4"><code>ca92106</code></a> Use Java 17 for toolchain build</li> <li><a href="https://github.com/gradle/actions/commit/f7d1903e6cff0d1d471cfb73b6f8726850accda9"><code>f7d1903</code></a> Update known wrapper checksums</li> <li><a href="https://github.com/gradle/actions/commit/eb0816ba445e18a1e7ac1a49bd5ca8bc8f465d16"><code>eb0816b</code></a> Fix update-wrapper-checksums workflow</li> <li><a href="https://github.com/gradle/actions/commit/d408d6219d6bf78e0cd2e1435cc427c3cbaa6baf"><code>d408d62</code></a> Bump the npm-dependencies group across 1 directory with 5 updates</li> <li><a href="https://github.com/gradle/actions/commit/306df22de372eb96231a49348dab96fc2591fc58"><code>306df22</code></a> Bump the github-actions group across 1 directory with 3 updates</li> <li><a href="https://github.com/gradle/actions/commit/05baf32a7fe2ca8e9ccbfb97563526b6ea10749b"><code>05baf32</code></a> Bump org.gradle.toolchains.foojay-resolver-convention</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/8379f6a1328ee0e06e2bb424dadb7b159856a326...ac638b010cf58a27ee6c972d7336334ccaf61c96">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
aaa11fd3e3 |
Bump softprops/action-gh-release from 2.1.0 to 2.3.2 (#3729)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.1.0 to 2.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.3.2</h2> <ul> <li>fix: revert fs <code>readableWebStream</code> change</li> </ul> <h2>v2.3.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: fix file closing issue by <a href="https://github.com/WailGree"><code>@WailGree</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/629">softprops/action-gh-release#629</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/WailGree"><code>@WailGree</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/629">softprops/action-gh-release#629</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.3.0...v2.3.1">https://github.com/softprops/action-gh-release/compare/v2.3.0...v2.3.1</a></p> <h2>v2.3.0</h2> <!-- raw HTML omitted --> <ul> <li>Migrate from jest to vitest</li> <li>Replace <code>mime</code> with <code>mime-types</code></li> <li>Bump to use node 24</li> <li>Dependency updates</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.2.2...v2.3.0">https://github.com/softprops/action-gh-release/compare/v2.2.2...v2.3.0</a></p> <h2>v2.2.2</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: updating release draft status from true to false by <a href="https://github.com/galargh"><code>@galargh</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/316">softprops/action-gh-release#316</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore: simplify ref_type test by <a href="https://github.com/steinybot"><code>@steinybot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/598">softprops/action-gh-release#598</a></li> <li>fix(docs): clarify the default for tag_name by <a href="https://github.com/muzimuzhi"><code>@muzimuzhi</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/599">softprops/action-gh-release#599</a></li> <li>test(release): add unit tests when searching for a release by <a href="https://github.com/rwaskiewicz"><code>@rwaskiewicz</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/603">softprops/action-gh-release#603</a></li> <li>dependency updates</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/steinybot"><code>@steinybot</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/598">softprops/action-gh-release#598</a></li> <li><a href="https://github.com/muzimuzhi"><code>@muzimuzhi</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/599">softprops/action-gh-release#599</a></li> <li><a href="https://github.com/galargh"><code>@galargh</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/316">softprops/action-gh-release#316</a></li> <li><a href="https://github.com/rwaskiewicz"><code>@rwaskiewicz</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/603">softprops/action-gh-release#603</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.2.1...v2.2.2">https://github.com/softprops/action-gh-release/compare/v2.2.1...v2.2.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.3.2</h2> <ul> <li>fix: revert fs <code>readableWebStream</code> change</li> </ul> <h2>2.3.1</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: fix file closing issue by <a href="https://github.com/WailGree"><code>@WailGree</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/629">softprops/action-gh-release#629</a></li> </ul> <h2>2.3.0</h2> <ul> <li>Migrate from jest to vitest</li> <li>Replace <code>mime</code> with <code>mime-types</code></li> <li>Bump to use node 24</li> <li>Dependency updates</li> </ul> <h2>2.2.2</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: updating release draft status from true to false by <a href="https://github.com/galargh"><code>@galargh</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/316">softprops/action-gh-release#316</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore: simplify ref_type test by <a href="https://github.com/steinybot"><code>@steinybot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/598">softprops/action-gh-release#598</a></li> <li>fix(docs): clarify the default for tag_name by <a href="https://github.com/muzimuzhi"><code>@muzimuzhi</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/599">softprops/action-gh-release#599</a></li> <li>test(release): add unit tests when searching for a release by <a href="https://github.com/rwaskiewicz"><code>@rwaskiewicz</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/603">softprops/action-gh-release#603</a></li> <li>dependency updates</li> </ul> <h2>2.2.1</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: big file uploads by <a href="https://github.com/xen0n"><code>@xen0n</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/562">softprops/action-gh-release#562</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump <code>@types/node</code> from 22.10.1 to 22.10.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/559">softprops/action-gh-release#559</a></li> <li>chore(deps): bump <code>@types/node</code> from 22.10.2 to 22.10.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/569">softprops/action-gh-release#569</a></li> <li>chore: update error and warning messages for not matching files in files field by <a href="https://github.com/ytimocin"><code>@ytimocin</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/568">softprops/action-gh-release#568</a></li> </ul> <h2>2.2.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/72f2c25fcb47643c292f7107632f7a47c1df5cd8"><code>72f2c25</code></a> release 2.3.2</li> <li><a href="https://github.com/softprops/action-gh-release/commit/552dc5524b6417594f5158c07f0c66c77d722321"><code>552dc55</code></a> fix: revert <code>fs:readableWebStream</code> change (<a href="https://redirect.github.com/softprops/action-gh-release/issues/632">#632</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f3cad8bcbf209fe591aa1823e372c5d96b7fc800"><code>f3cad8b</code></a> release 2.3.1</li> <li><a href="https://github.com/softprops/action-gh-release/commit/07a22570031d9a32265642011cce81012b2147a9"><code>07a2257</code></a> fix: fix file closing issue (<a href="https://redirect.github.com/softprops/action-gh-release/issues/629">#629</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/d5382d3e6f2fa7bd53cb749d33091853d4985daf"><code>d5382d3</code></a> release 2.3.0</li> <li><a href="https://github.com/softprops/action-gh-release/commit/a0e2122208126237b9188c813878d8be13eebb6f"><code>a0e2122</code></a> feat: migrate from jest to vitest (<a href="https://redirect.github.com/softprops/action-gh-release/issues/626">#626</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/8836085300a2ae834cbd7afba966592f5f6db624"><code>8836085</code></a> chore: replace <code>mime</code> with <code>mime-types</code> (<a href="https://redirect.github.com/softprops/action-gh-release/issues/624">#624</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/86463358d88d57dec8e9c65bc1d9c9d2fe9ce180"><code>8646335</code></a> chore: bump node to 20.19.2</li> <li><a href="https://github.com/softprops/action-gh-release/commit/46b284799f564056ab627352b509055a106510fe"><code>46b2847</code></a> chore(deps): bump the npm group across 1 directory with 5 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/623">#623</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/37fd9d0351a2df198244c8ef9f56d02d1f921e20"><code>37fd9d0</code></a> chore(deps): bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/621">#621</a>)</li> <li>Additional commits viewable in <a href="https://github.com/softprops/action-gh-release/compare/01570a1f39cb168c169c802c3bceb9e93fb10974...72f2c25fcb47643c292f7107632f7a47c1df5cd8">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | softprops/action-gh-release | [>= 2.2.a, < 2.3] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ff6353d9ab |
Bump io.github.pixee:java-security-toolkit from 1.2.1 to 1.2.2 (#3731)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.github.pixee:java-security-toolkit](https://github.com/pixee/java-security-toolkit) from 1.2.1 to 1.2.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pixee/java-security-toolkit/commit/ade04b7fe058c21ff91375bb0fdce4681bc2621f"><code>ade04b7</code></a> Merge pull request <a href="https://redirect.github.com/pixee/java-security-toolkit/issues/51">#51</a> from pixee/renovate/logback-monorepo</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/ad4ccd9db02a989ca2ae7fa87dd8e8d9a43e60c7"><code>ad4ccd9</code></a> Update dependency ch.qos.logback:logback-classic to v1.5.18</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/7edc13946692e12c69b65ef10f260e00f9b5f70b"><code>7edc139</code></a> Merge pull request <a href="https://redirect.github.com/pixee/java-security-toolkit/issues/50">#50</a> from pixee/bump-1-2-2</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/29a27d6aaa0e403518ab3741cb3c4ebca98d5834"><code>29a27d6</code></a> take away versioned README</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/79b03f8d22b350bedd57545c3d061efe40e10420"><code>79b03f8</code></a> Merge pull request <a href="https://redirect.github.com/pixee/java-security-toolkit/issues/49">#49</a> from pixee/renovate/commons-io-commons-io-2.x</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/2a11b2b8522eb0e7aef42c96a678864c88e5f4f3"><code>2a11b2b</code></a> Update dependency commons-io:commons-io to v2.19.0</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/3a7ca01a1269339dd342a1a56e6aedcda61502f8"><code>3a7ca01</code></a> Merge pull request <a href="https://redirect.github.com/pixee/java-security-toolkit/issues/45">#45</a> from pixee/renovate/configure</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/01b12dda17722edf90c04d562e8ffb4b6c4ef093"><code>01b12dd</code></a> Add renovate.json</li> <li><a href="https://github.com/pixee/java-security-toolkit/commit/47ff3144d969a497714593e92980ee70e2bbb3cf"><code>47ff314</code></a> ✨ publish a single zip with signatures and MD5s that can be directly...</li> <li>See full diff in <a href="https://github.com/pixee/java-security-toolkit/compare/1.2.1...1.2.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
406695e167 |
Bump step-security/harden-runner from 2.12.0 to 2.12.1 (#3728)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.0 to 2.12.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.12.1</h2> <h2>What's Changed</h2> <ul> <li>Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.</li> <li>Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.1">https://github.com/step-security/harden-runner/compare/v2...v2.12.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/002fdce3c6a235733a90a27c80493a3241e56863"><code>002fdce</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/544">#544</a> from step-security/rc-21</li> <li><a href="https://github.com/step-security/harden-runner/commit/2489e3fcb3d00eac3cb27c9b490431a4d26eac58"><code>2489e3f</code></a> Merge branch 'main' into rc-21</li> <li><a href="https://github.com/step-security/harden-runner/commit/75dd441a816c3c7ea21313ec8ff21d9f7b69f534"><code>75dd441</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/555">#555</a> from step-security/dependabot/github_actions/step-sec...</li> <li><a href="https://github.com/step-security/harden-runner/commit/4381ace9c4db180c9cc8ff9a6dd4220f17a95690"><code>4381ace</code></a> Bump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0</li> <li><a href="https://github.com/step-security/harden-runner/commit/a9da90b635b492e68edb2a24949fcab1e313e9eb"><code>a9da90b</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/553">#553</a> from h0x0er/feat/container-workflows</li> <li><a href="https://github.com/step-security/harden-runner/commit/a60ef21c0c1f49c7ac6c8d65b6f4d16d419789c1"><code>a60ef21</code></a> update</li> <li><a href="https://github.com/step-security/harden-runner/commit/4ad512f16553ff1c022684cc96be0329a7618db8"><code>4ad512f</code></a> Merge branch 'rc-21' into feat/container-workflows</li> <li><a href="https://github.com/step-security/harden-runner/commit/6b41a3923518db2abe77790e47793760b5c47c28"><code>6b41a39</code></a> fixed test case</li> <li><a href="https://github.com/step-security/harden-runner/commit/fa70c45ca9a73bcef023a3e6afac49ffa3007480"><code>fa70c45</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/eb47845632e48a7532e7e363ba78b9bc48c09264"><code>eb47845</code></a> self-hosted: refactored block-policy apply logic</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...002fdce3c6a235733a90a27c80493a3241e56863">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5534f4b64a |
Bump io.swagger.core.v3:swagger-core-jakarta from 2.2.32 to 2.2.33 (#3734)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.32 to 2.2.33. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e74dbf391c |
Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.8 to 2.8.9 (#3733)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.8 to 2.8.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>springdoc-openapi v2.8.9 released!</h2> <h2>What's Changed</h2> <ul> <li>Support for <a href="https://github.com/Positive"><code>@Positive</code></a> by <a href="https://github.com/mpleine"><code>@mpleine</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3001">springdoc/springdoc-openapi#3001</a></li> <li>Fixes for Spring Boot 3.5.0 API by <a href="https://github.com/mschout"><code>@mschout</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3007">springdoc/springdoc-openapi#3007</a></li> <li>feat: type-use for method parameters by <a href="https://github.com/mymx2"><code>@mymx2</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3011">springdoc/springdoc-openapi#3011</a></li> </ul> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Support for <a href="https://github.com/Positive"><code>@Positive</code></a></li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3011">#3011</a> - type-use for method parameters</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to version 3.5.0</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a> - application/problem+json content type is not set for ProblemDetails</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2990">#2990</a> - Issues with POST Request, application/x-www-form-urlencoded and only one parameter</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2998">#2998</a> - io.swagger.v3.oas.annotations.Webhook does not work when defined on the method level</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a> - Order of examples is (sometimes) not preserved</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mpleine"><code>@mpleine</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3001">springdoc/springdoc-openapi#3001</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9">https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.9] - 2025-06-10</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Support for <a href="https://github.com/Positive"><code>@Positive</code></a></li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3011">#3011</a> - type-use for method parameters</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to version 3.5.0</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a> - application/problem+json content type is not set for ProblemDetails</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2990">#2990</a> - Issues with POST Request, application/x-www-form-urlencoded and only one parameter</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2998">#2998</a> - io.swagger.v3.oas.annotations.Webhook does not work when defined on the method level</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a> - Order of examples is (sometimes) not preserved</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/830a98a0deef6d4758513e61a420433b3bc7c6c4"><code>830a98a</code></a> [maven-release-plugin] prepare release v2.8.9</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/976d8eccea8d99e8d5767073387f1053379d16b6"><code>976d8ec</code></a> docs update</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/1ebf9b82a57ff05992c6a69a0306cd079cf8c86d"><code>1ebf9b8</code></a> Order of examples is (sometimes) not preserved. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/10fd6ddf9e6fe2bec93425e74343b75a8a46f332"><code>10fd6dd</code></a> io.swagger.v3.oas.annotations.Webhook does not work when defined on the metho...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/31ed191c1f530478ec2b4879a87fe94e0816a180"><code>31ed191</code></a> Issues with POST Request, application/x-www-form-urlencoded and only one para...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/ceb4a10080f24755ac7cdef9707c7a3acfe3fc3b"><code>ceb4a10</code></a> application/problem+json content type is not set for ProblemDetails. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/a23005bc5f3d9282c04f9f6cfba4d6b1ce91a0b8"><code>a23005b</code></a> Merge branch 'mymx2-feat/type-use'</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/290162f58b9e290089f40f2bdb251babeb27151e"><code>290162f</code></a> code review</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/9f05020341f745c8eb4140306bec606201f6d282"><code>9f05020</code></a> Merge branch 'mschout-spring-boot-3.5-support'</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/6111073e41bb61bfbc76f580097fd120ff17b154"><code>6111073</code></a> code review</li> <li>Additional commits viewable in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3804dd3988 |
Bump com.opencsv:opencsv from 5.11 to 5.11.1 (#3630)
Bumps com.opencsv:opencsv from 5.11 to 5.11.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d219198b9b |
Bump org.postgresql:postgresql from 42.7.5 to 42.7.6 (#3667)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.5 to 42.7.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's releases</a>.</em></p> <blockquote> <h2>v42.7.6</h2> <h2>Changes</h2> <ul> <li>Prepare release notes for release 42_7_6 (new format) <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li> <li>fix: isValid incorrectly called execute, instead of executeWithFlags fixes Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a> <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>)</li> <li>add override <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li> <li>add the ability to turn off automatic LSN flush <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li> <li>test: add tests with reWriteBatchedInserts=true <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>)</li> <li>test: add CI executions with adaptive_fetch=true by default <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>)</li> <li>test: simplify TestUtil.openDB, add tests with various assumeMinServerVersion values <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3614">#3614</a>)</li> <li>Deprecate group startup parms <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>)</li> <li>Add back application name setting <a href="https://github.com/joejensen"><code>@joejensen</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>)</li> <li>Copr: Use Java 21 as the build dependency <a href="https://github.com/mkoncek"><code>@mkoncek</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>)</li> <li>fix indentation of return child to allow built pass in Checkstyle's CIs <a href="https://github.com/mohitsatr"><code>@mohitsatr</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3611">#3611</a>)</li> <li>Set column name explicitely when using <code>current_database()</code> in queries <a href="https://github.com/kneth"><code>@kneth</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>)</li> <li>add PgMessageType and use static variables for protocol literals <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>)</li> <li>Handle protocol 3.2 and wider cancel keys. <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>)</li> <li>refactor empty resultset to use empty result set if the catalog is not correct <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>)</li> <li>Use query to find the current catalog instead of relying on the database in the connection URL or connection properties as this could be different if connected through a pooler or proxy <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>)</li> <li>ci: add Java 24 tests <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>)</li> <li>docs: Relabel 42.7.4 as past version as it is no longer the latest <a href="https://github.com/sehrope"><code>@sehrope</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3586">#3586</a>)</li> <li>test: remove stale logging message from SslTest <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>)</li> <li>chore: appply the latest byte-buddy version for tests so we support the latest Java versions <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>)</li> <li>fix: make PgConnection#abort compatible with Java 24 <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>)</li> <li>chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.5 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3573">#3573</a>)</li> <li>Fix JavadocTagContinuationIndentation in AfterBeforeParameterResolver <a href="https://github.com/Anmol202005"><code>@Anmol202005</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3566">#3566</a>)</li> <li>Revert "use in row values instead of union all (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)" <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3524">#3524</a>)</li> <li>use in row values instead of union all <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)</li> <li>feat: enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property <a href="https://github.com/raminorujov"><code>@raminorujov</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>)</li> <li>Nit: correct message in main.yml test action <a href="https://github.com/ecki"><code>@ecki</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3503">#3503</a>)</li> <li>chore: use import instead of require to support modern NodeJS <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3502">#3502</a>)</li> <li>chore: use PostgreSQL 17 rather than 17rc1 for CI tests <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>)</li> <li>chore: add ErrorProne verification to catch bugs ealier <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>)</li> <li>fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>)</li> <li>refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3497">#3497</a>)</li> <li>chore: exclude Oracle Java 17 from CI tests <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3499">#3499</a>)</li> <li>chore: remove unused Travis CI configuration <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3498">#3498</a>)</li> <li>Undeprecate sslfactoryarg connection property <a href="https://github.com/sehrope"><code>@sehrope</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>)</li> <li>fix:Fix sending extra_float_digits <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li>fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 <a href="https://github.com/MrEasy"><code>@MrEasy</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3369">#3369</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: use Java 21 for building pgjdbc by default <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>)</li> </ul> <h2>⬆️ Dependencies</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's changelog</a>.</em></p> <blockquote> <h2>[42.7.6]</h2> <h4>Features</h4> <ul> <li>fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3513">pgjdbc/pgjdbc#3513</a>)</li> </ul> <h3>Performance Improvements</h3> <ul> <li>performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3510">pgjdbc/pgjdbc#3510</a>)</li> <li>feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3613">pgjdbc/pgjdbc#3613</a>)</li> <li></li> </ul> <h2>Bug Fixes</h2> <h3>Protocol & Connection Handling</h3> <ul> <li>fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3491">pgjdbc/pgjdbc#3491</a>)</li> <li>fix: Fixed handling of protocol 3.2 and wider cancel keys [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3592">pgjdbc/pgjdbc#3592</a>)</li> <li>fix: Made PgConnection#abort compatible with Java 24 [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3582">pgjdbc/pgjdbc#3582</a>)</li> <li>fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3500">pgjdbc/pgjdbc#3500</a>)</li> <li>fix: Added back application name setting [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3509">pgjdbc/pgjdbc#3509</a>)</li> </ul> <h3>Metadata & Catalog Handling</h3> <ul> <li>fix: Set column name explicitly when using current_database() in queries [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3526">pgjdbc/pgjdbc#3526</a>)</li> <li>fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3565">pgjdbc/pgjdbc#3565</a>)</li> <li>fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3588">pgjdbc/pgjdbc#3588</a>)</li> </ul> <h3>API Improvements</h3> <ul> <li>fix: Undeprecated Fastpath API and fixed deprecation warnings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> <li>fix: Undeprecated sslfactoryarg [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3496">pgjdbc/pgjdbc#3496</a>)</li> <li>fix: Added PgMessageType and used static variables for protocol literals [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3609">pgjdbc/pgjdbc#3609</a>)</li> <li>fix: Add the ability to turn off automatic LSN flush [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3403">pgjdbc/pgjdbc#3403</a>)</li> <li>fix: isValid incorrectly called execute, instead of executeWithFlags [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3631">pgjdbc/pgjdbc#3631</a>). Fixes [Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">pgjdbc/pgjdbc#3630</a>)</li> <li>fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 <a href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98">Commit 0a88ea4</a>. Fixes [Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">#3365</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">pgjdbc/pgjdbc#3365</a>)</li> </ul> <h2>Infrastructure & Build Improvements</h2> <h3>Java Support</h3> <ul> <li>update: Updated to use Java 21 for building pgjdbc by default [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3612">pgjdbc/pgjdbc#3612</a>)</li> <li>update: Updated Java 21 as the build dependency for copr [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3607">pgjdbc/pgjdbc#3607</a>)</li> <li>update: Updated latest JDK to version 24 [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3580">pgjdbc/pgjdbc#3580</a>)</li> <li>update: Applied the latest byte-buddy version for tests to support the latest Java versions [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3583">pgjdbc/pgjdbc#3583</a>)</li> </ul> <h3>Testing & Quality</h3> <ul> <li>test: Added ErrorProne verification to detect bugs earlier [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> <li>test: Simplified TestUtil.openDB, added tests with various assumeMinServerVersion values [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3624">#3624</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3614">pgjdbc/pgjdbc#3614</a>)</li> <li>test: Updated to use PostgreSQL 17 rather than 17rc1 for CI tests [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3501">pgjdbc/pgjdbc#3501</a>)</li> <li>test: Removed stale logging message from SslTest [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3584">pgjdbc/pgjdbc#3584</a>)</li> <li>test: Added CI executions with adaptive_fetch=true by default for performance testing [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3615">pgjdbc/pgjdbc#3615</a>)</li> <li>test: Added tests with reWriteBatchedInserts=true [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3616">pgjdbc/pgjdbc#3616</a>)</li> </ul> <h3>Code Quality</h3> <ul> <li>doc: Fixed javadoc warnings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/689708f96d446993cd264cbf5bd5696a726cf8b7"><code>689708f</code></a> Prepare release notes for release 42_7_6 (new format) (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98"><code>0a88ea4</code></a> fix: EOFException on PreparedStatement#toString with unset bytea parameter si...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/2de9b943c693c745ea9280444d72b408165caa11"><code>2de9b94</code></a> fix: make sure Connection.isValid correctly uses executeWithFlags fixes Issu...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/d9e20874590f59543c39a99b824e09344f00a813"><code>d9e2087</code></a> add override (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/665b27b8656c8288d9d6c1f8e8d6a7072c238d64"><code>665b27b</code></a> add the ability to turn off automatic LSN flush (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/253c68243c9794644d3cbd9d61b4505b9d079ea5"><code>253c682</code></a> chore(deps): update burrunan/gradle-cache-action action to v3</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/2d1ae0cbd44660a9d172c9b4a90e16e198f43d43"><code>2d1ae0c</code></a> chore(deps): update plugin com.gradle.develocity to v4</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/baeb89321b26a1a13d430d50ed1102ba80bff183"><code>baeb893</code></a> fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/e24d599952af46cca3c03ced4f574c7e205bdda0"><code>e24d599</code></a> fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/1617c68d510b86cd5500b0e9d1a1427156bffcbf"><code>1617c68</code></a> fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.p...</li> <li>Additional commits viewable in <a href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.5...REL42.7.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4cb0caaee1 |
Bump io.micrometer:micrometer-core from 1.14.6 to 1.15.1 (#3671)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.15.1</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>IndexProviderFactory throws ConcurrentModificationException <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6243">#6243</a></li> <li>Make InstrumentationVerificationTests compatible with JUnit 5.13 and earlier versions <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6344">#6344</a></li> <li>gRPC client interceptor incorrectly registers status CANCELLED as error <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6261">#6261</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump software.amazon.awssdk:cloudwatch from 2.31.41 to 2.31.58 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6372">#6372</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.8.12 to 1.8.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6336">#6336</a></li> <li>Bump dropwizard-metrics from 4.2.30 to 4.2.32 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6307">#6307</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.3.7 to 1.3.8 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6306">#6306</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.3.6 to 1.3.7 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6241">#6241</a></li> </ul> <h2>📝 Tasks</h2> <ul> <li>Remove AtomicReference from StatsdMeterRegistryTest <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6311">#6311</a></li> <li>Remove java11Test setup from micrometer-test <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6293">#6293</a></li> <li>Polish StatsD line builders <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6285">#6285</a></li> <li>Improve StatsD tests <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6284">#6284</a></li> <li>Resolve StringSplitter from Error Prone <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6271">#6271</a></li> <li>Resolve EqualsGetClass from Error Prone <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6263">#6263</a></li> <li>Resolve ClassCanBeStatic from Error Prone <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6253">#6253</a></li> <li>Resolve InlineFormatString from Error Prone <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6232">#6232</a></li> <li>Add more tests for TimedHandler <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6227">#6227</a></li> <li>Replace TimeUtils usage to TimeUnit where applicable <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6224">#6224</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/izeye"><code>@izeye</code></a>, <a href="https://github.com/kwondh5217"><code>@kwondh5217</code></a>, <a href="https://github.com/cfredri4"><code>@cfredri4</code></a>, and <a href="https://github.com/ngocnhan-tran1996"><code>@ngocnhan-tran1996</code></a></p> <h2>1.15.0</h2> <h2>⭐ New Features</h2> <ul> <li>Further enhancement to OtlpMetricsSender <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6025">#6025</a></li> <li>Make Prometheus Metric and Label naming conventions consistent <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5923">#5923</a></li> <li>Metrics for Executors.newVirtualThreadPerTaskExecutor() <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5488">#5488</a></li> <li>Metrics for live virtual threads <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5950">#5950</a></li> <li>More flexible OTLP per meter configuration <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6099">#6099</a></li> <li>Prometheus/OpenMetrics <code>_created</code> timestamp <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/2625">#2625</a></li> <li>Make jvm.classes.unloaded description generic <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5745">#5745</a></li> <li>Use String.toLowerCase()/toUpperCase() with Locale.ROOT consistently <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5711">#5711</a></li> <li>Use failWithActualExpectedAndMessage() where possible <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5696">#5696</a></li> <li>Provide target host/port info in ObservationExecChainHandler when HttpHostConnectException is thrown <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5615">#5615</a></li> <li>Enable Gauge builders to take a subclass of Number <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5601">#5601</a></li> <li>micrometer-observation-test support for assertions on events <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5576">#5576</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/315a851d7cffac0fc6dc1e36dedde4a00999f171"><code>315a851</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/17ff40ba6028202305caff45ab143d13bc0c32a2"><code>17ff40b</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/606afafe2f9e6b6ee6f5be9335089e9635622d46"><code>606afaf</code></a> Resolve StringSplitter from Error Prone (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6271">#6271</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0bfe23baef6de29449f6dc1362c058e742b1cdc0"><code>0bfe23b</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/aa61a2cafa16e2a70eb3acd6970012a493bb1684"><code>aa61a2c</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/b1c5697c4726ab679cb573343af9b584284b05f1"><code>b1c5697</code></a> Migrate to gradle/actions/wrapper-validation@v4</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/f5ad95f06a5910bd633f2e55953355149879be8b"><code>f5ad95f</code></a> Bump software.amazon.awssdk:cloudwatch from 2.31.57 to 2.31.58 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6372">#6372</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/ec25823593f46ff538fbecc596a7bb6c3a4f59b3"><code>ec25823</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/046236ea9204afad735e01d3b722783744c0571d"><code>046236e</code></a> Fix ConcurrentModificationException in Exponential Histogram (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6363">#6363</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0c56034818a868edefbda9d5d29684cc5fecd419"><code>0c56034</code></a> Merge branch '1.14.x' into 1.15.x</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.15.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e1fc94929d |
Bump org.apache.xmlgraphics:batik-all from 1.18 to 1.19 (#3672)
Bumps org.apache.xmlgraphics:batik-all from 1.18 to 1.19. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a2db47d3af |
Bump bouncycastleVersion from 1.80 to 1.81 (#3673)
Bumps `bouncycastleVersion` from 1.80 to 1.81. Updates `org.bouncycastle:bcprov-jdk18on` from 1.80 to 1.81 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.81<!-- raw HTML omitted --> Date: 2025, 4th June.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.81 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcpkix-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.81<!-- raw HTML omitted --> Date: 2025, 4th June.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0ca23e6835 |
Bump io.swagger.core.v3:swagger-core-jakarta from 2.2.30 to 2.2.32 (#3669)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.30 to 2.2.32. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
06db69ed91 |
Bump github/codeql-action from 3.28.18 to 3.28.19 (#3666)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.18 to 3.28.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.28.19</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <ul> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> <li>Update default CodeQL bundle version to 2.20.7. <a href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li> </ul> <h2>3.28.11 - 07 Mar 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.6. <a href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/fca7ace96b7d713c7035871441bd52efbe39e27e"><code>fca7ace</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2918">#2918</a> from github/update-v3.28.19-4a00331d4</li> <li><a href="https://github.com/github/codeql-action/commit/1dcd2bebbb31e92a94fd28ed1885b2e6331afdd3"><code>1dcd2be</code></a> Update changelog for v3.28.19</li> <li><a href="https://github.com/github/codeql-action/commit/4a00331d4ecf79a214751520faf8e540e60c7567"><code>4a00331</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2910">#2910</a> from github/update-bundle/codeql-bundle-v2.21.4</li> <li><a href="https://github.com/github/codeql-action/commit/c0a821da119108a26c647de84b1e6a857fda1279"><code>c0a821d</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/d6216866b42d1cb95b8942447efe91161628ccfd"><code>d621686</code></a> Update default bundle to codeql-bundle-v2.21.4</li> <li><a href="https://github.com/github/codeql-action/commit/dc138d4f519ecc58013d8fcef428272e2436cafd"><code>dc138d4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2913">#2913</a> from github/henrymercer/win-2019-deprecated</li> <li><a href="https://github.com/github/codeql-action/commit/3201e46e2615110190ca536fbf1280ccc7f3a247"><code>3201e46</code></a> Stop running CI on <code>windows-2019</code></li> <li><a href="https://github.com/github/codeql-action/commit/7fd62151d9daff11d4b981415ffb365dcd93f75a"><code>7fd6215</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2911">#2911</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/31eae5e821e97c8b2903ca297cc8894bd9b609fb"><code>31eae5e</code></a> Update supported GitHub Enterprise Server versions</li> <li><a href="https://github.com/github/codeql-action/commit/bc02a25f6449997c5e9d5a368879b28f56ae19a1"><code>bc02a25</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2908">#2908</a> from github/henrymercer/dependabot</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...fca7ace96b7d713c7035871441bd52efbe39e27e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c66bf56260 |
Bump requests from 2.32.3 to 2.32.4 in /testing/cucumber in the pip group across 1 directory (#3674)
Bumps the pip group with 1 update in the /testing/cucumber directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3cc3037408 |
Bump me.friwi:jcefmaven from 132.3.1 to 135.0.20 (#3548)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [me.friwi:jcefmaven](https://github.com/jcefmaven/jcefmaven) from 132.3.1 to 135.0.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jcefmaven/jcefmaven/releases">me.friwi:jcefmaven's releases</a>.</em></p> <blockquote> <h2>JCEF Maven 135.0.20</h2> <p><strong>Update JCEF to <a href="https://bitbucket.org/chromiumembedded/java-cef/commits/ca49ada5c7e3fc98cd7058b6253b59f967530a65">ca49ada</a></strong></p> <p>Build: [GitHub Actions <a href="https://redirect.github.com/jcefmaven/jcefmaven/issues/94">#94</a>](<a href="https://github.com/jcefmaven/jcefmaven/actions/runs/15018447852">https://github.com/jcefmaven/jcefmaven/actions/runs/15018447852</a>) MVN version: 135.0.20 JCEF commit: ca49ada CEF version: 135.0.20+ge7de5c3+chromium-135.0.7049.85</p> <p><strong>Use with Maven:</strong></p> <pre><code><dependency> <groupId>me.friwi</groupId> <artifactId>jcefmaven</artifactId> <version>135.0.20</version> </dependency> </code></pre> <!-- raw HTML omitted --> <h5>Linux AMD64</h5> <pre><code><dependency> <groupId>me.friwi</groupId> <artifactId>jcef-natives-linux-amd64</artifactId> <version>jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85</version> </dependency> </code></pre> <h5>Linux ARM</h5> <pre><code><dependency> <groupId>me.friwi</groupId> <artifactId>jcef-natives-linux-arm</artifactId> <version>jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85</version> </dependency> </code></pre> <h5>Linux ARM64</h5> <pre><code><dependency> <groupId>me.friwi</groupId> <artifactId>jcef-natives-linux-arm64</artifactId> <version>jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85</version> </dependency> </code></pre> <h5>Macosx AMD64</h5> <pre><code><dependency> </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jcefmaven/jcefmaven/commit/91b0aca9c0fbe76cd9df609aa6f10230dddf54c6"><code>91b0aca</code></a> Update README.md to 135.0.20</li> <li>See full diff in <a href="https://github.com/jcefmaven/jcefmaven/compare/132.3.1...135.0.20">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
70a9b5f009 |
Bump jakarta.servlet:jakarta.servlet-api from 6.0.0 to 6.1.0 (#3631)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [jakarta.servlet:jakarta.servlet-api](https://github.com/eclipse-ee4j/servlet-api) from 6.0.0 to 6.1.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/eclipse-ee4j/servlet-api/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b08bc191fc |
Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.6 to 2.8.8 (#3628)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.6 to 2.8.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>v2.8.8</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8">https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8</a></p> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a> - Handle projects not using kotlin-reflect <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> </ul> <h2>springdoc-openapi v2.8.7 released!</h2> <h2>What's Changed</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Introducing springdoc-openapi-bom project</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a> - Customize Servers via application.yml</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a> - Set default content type for problem details object to application/problem+jso</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a> - List of value classes in Kotlin</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.21.0</li> <li>Upgrade swagger-core to 2.2.30</li> <li>Upgrade spring-boot to version 3.4.5</li> <li>Upgrade spring-security-oauth2-authorization-server to version 1.4.3</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a> - Unexpected warning "Appended trailing slash to static resource location"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a> - NPE when customizing group's open-api without specifying any schema</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a> - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a> - Cannot add custom description and example for java.time.Duration since v2.8.6</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a> - <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a> - Build Failure due to Private Inner Class.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2556">#2556</a> - Unable to determine if it is a Kotlin type</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lagoshny"><code>@lagoshny</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2970">springdoc/springdoc-openapi#2970</a></li> <li><a href="https://github.com/mymx2"><code>@mymx2</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2950">springdoc/springdoc-openapi#2950</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7">https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.8] - 2025-05-04</h2> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a> - Handle projects not using kotlin-reflect <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> </ul> <h2>[2.8.7] - 2025-05-04</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Introducing springdoc-openapi-bom project</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a> - Customize Servers via application.yml</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a> - Set default content type for problem details object to application/problem+jso</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a> - List of value classes in Kotlin</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.21.0</li> <li>Upgrade swagger-core to 2.2.30</li> <li>Upgrade spring-boot to version 3.4.5</li> <li>Upgrade spring-security-oauth2-authorization-server to version 1.4.3</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a> - Unexpected warning "Appended trailing slash to static resource location"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a> - NPE when customizing group's open-api without specifying any schema</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a> - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a> - Cannot add custom description and example for java.time.Duration since v2.8.6</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a> - <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a> - Build Failure due to Private Inner Class.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/bce44dbe502cbaeeff6188fe210042859aa0ed54"><code>bce44db</code></a> [maven-release-plugin] prepare release v2.8.8</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/707fce0271fda0c713c412488247dba4cc32d98c"><code>707fce0</code></a> Handle projects not using kotlin-reflect. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/7a3546cb733d3ca493b6e622778a97c73b39b04a"><code>7a3546c</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/764ef2fd42040232a7a9280d826ed72a591da3df"><code>764ef2f</code></a> [maven-release-plugin] prepare release v2.8.7</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/98dacbda5cbdb0a278aa407ddc6aa05c8f23f031"><code>98dacbd</code></a> Prepare for the next release</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/5eb7d77e55df6b1b4ea1964fb146233f88b71e2d"><code>5eb7d77</code></a> pom.xml cleanup for <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/9dffa3d7d43e11ee1abfa86c7bf9b1886fc23e11"><code>9dffa3d</code></a> pom.xml cleanup for <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/a68b42edf1465f1888c42263dac5547622ebd4cc"><code>a68b42e</code></a> List of value classes in Kotlin. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/95fa3bbb71859e428092034efbb3deae9bf4c892"><code>95fa3bb</code></a> Regression: <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or bro...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/3d056d8c55ec3139fc3e2d4a2f0eed7d8384d5f0"><code>3d056d8</code></a> Build Failure due to Private Inner Class. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a></li> <li>Additional commits viewable in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d12aca0ca6 |
Bump org.postgresql:postgresql from 42.7.5 to 42.7.6 (#3629)
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.5 to 42.7.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's releases</a>.</em></p> <blockquote> <h2>v42.7.6</h2> <h2>Changes</h2> <ul> <li>Prepare release notes for release 42_7_6 (new format) <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li> <li>fix: isValid incorrectly called execute, instead of executeWithFlags fixes Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a> <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>)</li> <li>add override <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li> <li>add the ability to turn off automatic LSN flush <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li> <li>test: add tests with reWriteBatchedInserts=true <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>)</li> <li>test: add CI executions with adaptive_fetch=true by default <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>)</li> <li>test: simplify TestUtil.openDB, add tests with various assumeMinServerVersion values <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3614">#3614</a>)</li> <li>Deprecate group startup parms <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>)</li> <li>Add back application name setting <a href="https://github.com/joejensen"><code>@joejensen</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>)</li> <li>Copr: Use Java 21 as the build dependency <a href="https://github.com/mkoncek"><code>@mkoncek</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>)</li> <li>fix indentation of return child to allow built pass in Checkstyle's CIs <a href="https://github.com/mohitsatr"><code>@mohitsatr</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3611">#3611</a>)</li> <li>Set column name explicitely when using <code>current_database()</code> in queries <a href="https://github.com/kneth"><code>@kneth</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>)</li> <li>add PgMessageType and use static variables for protocol literals <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>)</li> <li>Handle protocol 3.2 and wider cancel keys. <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>)</li> <li>refactor empty resultset to use empty result set if the catalog is not correct <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>)</li> <li>Use query to find the current catalog instead of relying on the database in the connection URL or connection properties as this could be different if connected through a pooler or proxy <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>)</li> <li>ci: add Java 24 tests <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>)</li> <li>docs: Relabel 42.7.4 as past version as it is no longer the latest <a href="https://github.com/sehrope"><code>@sehrope</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3586">#3586</a>)</li> <li>test: remove stale logging message from SslTest <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>)</li> <li>chore: appply the latest byte-buddy version for tests so we support the latest Java versions <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>)</li> <li>fix: make PgConnection#abort compatible with Java 24 <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>)</li> <li>chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.5 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3573">#3573</a>)</li> <li>Fix JavadocTagContinuationIndentation in AfterBeforeParameterResolver <a href="https://github.com/Anmol202005"><code>@Anmol202005</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3566">#3566</a>)</li> <li>Revert "use in row values instead of union all (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)" <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3524">#3524</a>)</li> <li>use in row values instead of union all <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)</li> <li>feat: enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property <a href="https://github.com/raminorujov"><code>@raminorujov</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>)</li> <li>Nit: correct message in main.yml test action <a href="https://github.com/ecki"><code>@ecki</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3503">#3503</a>)</li> <li>chore: use import instead of require to support modern NodeJS <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3502">#3502</a>)</li> <li>chore: use PostgreSQL 17 rather than 17rc1 for CI tests <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>)</li> <li>chore: add ErrorProne verification to catch bugs ealier <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>)</li> <li>fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>)</li> <li>refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3497">#3497</a>)</li> <li>chore: exclude Oracle Java 17 from CI tests <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3499">#3499</a>)</li> <li>chore: remove unused Travis CI configuration <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3498">#3498</a>)</li> <li>Undeprecate sslfactoryarg connection property <a href="https://github.com/sehrope"><code>@sehrope</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>)</li> <li>fix:Fix sending extra_float_digits <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li>fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 <a href="https://github.com/MrEasy"><code>@MrEasy</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3369">#3369</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: use Java 21 for building pgjdbc by default <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>)</li> </ul> <h2>⬆️ Dependencies</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's changelog</a>.</em></p> <blockquote> <h2>[42.7.6]</h2> <h4>Features</h4> <ul> <li>fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3513">pgjdbc/pgjdbc#3513</a>)</li> </ul> <h3>Performance Improvements</h3> <ul> <li>performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3510">pgjdbc/pgjdbc#3510</a>)</li> <li>feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3613">pgjdbc/pgjdbc#3613</a>)</li> <li></li> </ul> <h2>Bug Fixes</h2> <h3>Protocol & Connection Handling</h3> <ul> <li>fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3491">pgjdbc/pgjdbc#3491</a>)</li> <li>fix: Fixed handling of protocol 3.2 and wider cancel keys [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3592">pgjdbc/pgjdbc#3592</a>)</li> <li>fix: Made PgConnection#abort compatible with Java 24 [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3582">pgjdbc/pgjdbc#3582</a>)</li> <li>fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3500">pgjdbc/pgjdbc#3500</a>)</li> <li>fix: Added back application name setting [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3509">pgjdbc/pgjdbc#3509</a>)</li> </ul> <h3>Metadata & Catalog Handling</h3> <ul> <li>fix: Set column name explicitly when using current_database() in queries [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3526">pgjdbc/pgjdbc#3526</a>)</li> <li>fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3565">pgjdbc/pgjdbc#3565</a>)</li> <li>fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3588">pgjdbc/pgjdbc#3588</a>)</li> </ul> <h3>API Improvements</h3> <ul> <li>fix: Undeprecated Fastpath API and fixed deprecation warnings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> <li>fix: Undeprecated sslfactoryarg [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3496">pgjdbc/pgjdbc#3496</a>)</li> <li>fix: Added PgMessageType and used static variables for protocol literals [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3609">pgjdbc/pgjdbc#3609</a>)</li> <li>fix: Add the ability to turn off automatic LSN flush [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3403">pgjdbc/pgjdbc#3403</a>)</li> <li>fix: isValid incorrectly called execute, instead of executeWithFlags [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3631">pgjdbc/pgjdbc#3631</a>). Fixes [Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">pgjdbc/pgjdbc#3630</a>)</li> <li>fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 <a href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98">Commit 0a88ea4</a>. Fixes [Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">#3365</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">pgjdbc/pgjdbc#3365</a>)</li> </ul> <h2>Infrastructure & Build Improvements</h2> <h3>Java Support</h3> <ul> <li>update: Updated to use Java 21 for building pgjdbc by default [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3612">pgjdbc/pgjdbc#3612</a>)</li> <li>update: Updated Java 21 as the build dependency for copr [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3607">pgjdbc/pgjdbc#3607</a>)</li> <li>update: Updated latest JDK to version 24 [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3580">pgjdbc/pgjdbc#3580</a>)</li> <li>update: Applied the latest byte-buddy version for tests to support the latest Java versions [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3583">pgjdbc/pgjdbc#3583</a>)</li> </ul> <h3>Testing & Quality</h3> <ul> <li>test: Added ErrorProne verification to detect bugs earlier [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> <li>test: Simplified TestUtil.openDB, added tests with various assumeMinServerVersion values [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3624">#3624</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3614">pgjdbc/pgjdbc#3614</a>)</li> <li>test: Updated to use PostgreSQL 17 rather than 17rc1 for CI tests [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3501">pgjdbc/pgjdbc#3501</a>)</li> <li>test: Removed stale logging message from SslTest [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3584">pgjdbc/pgjdbc#3584</a>)</li> <li>test: Added CI executions with adaptive_fetch=true by default for performance testing [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3615">pgjdbc/pgjdbc#3615</a>)</li> <li>test: Added tests with reWriteBatchedInserts=true [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3616">pgjdbc/pgjdbc#3616</a>)</li> </ul> <h3>Code Quality</h3> <ul> <li>doc: Fixed javadoc warnings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/689708f96d446993cd264cbf5bd5696a726cf8b7"><code>689708f</code></a> Prepare release notes for release 42_7_6 (new format) (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98"><code>0a88ea4</code></a> fix: EOFException on PreparedStatement#toString with unset bytea parameter si...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/2de9b943c693c745ea9280444d72b408165caa11"><code>2de9b94</code></a> fix: make sure Connection.isValid correctly uses executeWithFlags fixes Issu...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/d9e20874590f59543c39a99b824e09344f00a813"><code>d9e2087</code></a> add override (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/665b27b8656c8288d9d6c1f8e8d6a7072c238d64"><code>665b27b</code></a> add the ability to turn off automatic LSN flush (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/253c68243c9794644d3cbd9d61b4505b9d079ea5"><code>253c682</code></a> chore(deps): update burrunan/gradle-cache-action action to v3</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/2d1ae0cbd44660a9d172c9b4a90e16e198f43d43"><code>2d1ae0c</code></a> chore(deps): update plugin com.gradle.develocity to v4</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/baeb89321b26a1a13d430d50ed1102ba80bff183"><code>baeb893</code></a> fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/e24d599952af46cca3c03ced4f574c7e205bdda0"><code>e24d599</code></a> fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/1617c68d510b86cd5500b0e9d1a1427156bffcbf"><code>1617c68</code></a> fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.p...</li> <li>Additional commits viewable in <a href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.5...REL42.7.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5ec78b5425 |
Bump org.springframework.boot:spring-boot-dependencies from 3.4.5 to 3.5.0 (#3627)
Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.4.5 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3bec51f4e5 |
Bump com.diffplug.spotless from 7.0.3 to 7.0.4 (#3626)
Bumps com.diffplug.spotless from 7.0.3 to 7.0.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d83d8b4748 |
Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#3625)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.2</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a> release notes.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde"><code>05b42c6</code></a> 🌱 bump docker to ghcr v2.4.2 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1548">#1548</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011"><code>b225da6</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1550">#1550</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe"><code>9399f6f</code></a> 🌱 Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae"><code>e1daa8c</code></a> 🌱 Bump the github-actions group across 1 directory with 5 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402"><code>9fe6511</code></a> 🌱 Bump golang.org/x/net from 0.39.0 to 0.40.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1542">#1542</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129"><code>25b9cd9</code></a> 🌱 Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1547">#1547</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42"><code>18cc9b8</code></a> 🌱 Bump golang.org/x/net from 0.38.0 to 0.39.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1536">#1536</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e"><code>db78142</code></a> 🌱 Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1538">#1538</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f"><code>de386ed</code></a> 🌱 Bump golang from 1.24.1 to 1.24.2 in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1534">#1534</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00"><code>5b7cedb</code></a> 🌱 Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1537">#1537</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
03d27013d6 |
Bump alpine from 3.21.3 to 3.22.0 (#3623)
Bumps alpine from 3.21.3 to 3.22.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
679ecdd50d |
Bump docker/build-push-action from 6.17.0 to 6.18.0 (#3624)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.17.0 to 6.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.18.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1 in <a href="https://redirect.github.com/docker/build-push-action/pull/1381">docker/build-push-action#1381</a></li> </ul> <blockquote> <p>[!NOTE] <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build summary</a> is now supported with <a href="https://docs.docker.com/build-cloud/">Docker Build Cloud</a>.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0">https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/263435318d21b8e681c14492fe198d362a7d2c83"><code>2634353</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1381">#1381</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/c0432d2e016ab17a336cee48256683e74d5c4c9e"><code>c0432d2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/0bb1f27d6b9fc90993f41febd9b53ee89397d3f8"><code>0bb1f27</code></a> set builder driver and endpoint attributes for dbc summary support</li> <li><a href="https://github.com/docker/build-push-action/commit/5f9dbf956c8481ecf630d0e53941d9d3afaa53bb"><code>5f9dbf9</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1</li> <li><a href="https://github.com/docker/build-push-action/commit/0788c444d8b4d67580213712e34a148cae3a6c4e"><code>0788c44</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1375">#1375</a> from crazy-max/remove-gcr</li> <li><a href="https://github.com/docker/build-push-action/commit/aa179ca4f405fed7a76dad90a23bd02d6f2a8d2d"><code>aa179ca</code></a> e2e: remove GCR</li> <li>See full diff in <a href="https://github.com/docker/build-push-action/compare/1dc73863535b631f98b2378be8619f83b136f4a0...263435318d21b8e681c14492fe198d362a7d2c83">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
feb84f001c |
Bump org.springframework.session:spring-session-core from 3.4.3 to 3.5.0 (#3591)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.session:spring-session-core](https://github.com/spring-projects/spring-session) from 3.4.3 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-session/releases">org.springframework.session:spring-session-core's releases</a>.</em></p> <blockquote> <h2>3.5.0</h2> <h2>🪲 Bug Fixes</h2> <ul> <li>Fix Race Condition in Integration Tests Using Redis SessionEventRegistry <a href="https://redirect.github.com/spring-projects/spring-session/issues/3400">#3400</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.18.4 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3393">#3393</a></li> <li>Bump io.projectreactor:reactor-bom from 2024.0.5 to 2024.0.6 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3395">#3395</a></li> <li>Bump io.projectreactor:reactor-core from 3.6.16 to 3.6.17 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3394">#3394</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3392">#3392</a></li> <li>Bump io.spring.javaformat:spring-javaformat-checkstyle from 0.0.43 to 0.0.45 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3402">#3402</a></li> <li>Bump io.spring.javaformat:spring-javaformat-gradle-plugin from 0.0.43 to 0.0.45 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3404">#3404</a></li> <li>Bump org.springframework.data:spring-data-bom from 2025.0.0-RC1 to 2025.0.1-SNAPSHOT <a href="https://redirect.github.com/spring-projects/spring-session/pull/3397">#3397</a></li> <li>Bump org.springframework.security:spring-security-bom from 6.5.0-RC1 to 6.5.1-SNAPSHOT <a href="https://redirect.github.com/spring-projects/spring-session/pull/3401">#3401</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3403">#3403</a></li> <li>Spring Security 6.5.0 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3406">#3406</a></li> <li>Update to Spring Data 2025.0.0 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3405">#3405</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/rwinch"><code>@rwinch</code></a></p> <h2>3.5.0-RC1</h2> <h2>⭐ New Features</h2> <ul> <li>Introduce CompositeHttpSessionIdResolver <a href="https://redirect.github.com/spring-projects/spring-session/pull/3264">#3264</a></li> <li>Start JDBC transactions only when there is an update <a href="https://redirect.github.com/spring-projects/spring-session/pull/3330">#3330</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>Explicitly use junit-platform-launcher <a href="https://redirect.github.com/spring-projects/spring-session/issues/3367">#3367</a></li> <li>Fix jdbc session with special characters <a href="https://redirect.github.com/spring-projects/spring-session/pull/3316">#3316</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump io.projectreactor:reactor-bom from 2024.0.4 to 2024.0.5 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3380">#3380</a></li> <li>Bump io.projectreactor:reactor-core from 3.6.15 to 3.6.16 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3381">#3381</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3377">#3377</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.4 to 1.0.5 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3387">#3387</a></li> <li>Bump org.aspectj:aspectjweaver from 1.9.23 to 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3378">#3378</a></li> <li>Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3369">#3369</a></li> <li>Bump org.mariadb.jdbc:mariadb-java-client from 3.5.2 to 3.5.3 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3371">#3371</a></li> <li>Bump org.springframework.boot:spring-boot-gradle-plugin from 3.5.0-M3 to 3.5.0-SNAPSHOT <a href="https://redirect.github.com/spring-projects/spring-session/pull/3373">#3373</a></li> <li>Bump org.springframework.data:spring-data-bom from 2025.0.0-M2 to 2025.0.0-SNAPSHOT <a href="https://redirect.github.com/spring-projects/spring-session/pull/3372">#3372</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3384">#3384</a></li> <li>Update to Spring Boot 3.5.0 (dependencies) <a href="https://redirect.github.com/spring-projects/spring-session/issues/3368">#3368</a></li> <li>Update to Spring Security 6.5.0-rc1 <a href="https://redirect.github.com/spring-projects/spring-session/pull/3386">#3386</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-session/commit/817b17251ab34a473a03b9707f55c42d687c7758"><code>817b172</code></a> Release 3.5.0</li> <li><a href="https://github.com/spring-projects/spring-session/commit/5a9c22000aa1ed5f38dea04ec99883a71728875b"><code>5a9c220</code></a> Update to Spring Security 6.5.0</li> <li><a href="https://github.com/spring-projects/spring-session/commit/ce5efb7e51910a49591c015c8a1a2bbf67b73fd3"><code>ce5efb7</code></a> Update to Spring Data 2025.0.0</li> <li><a href="https://github.com/spring-projects/spring-session/commit/d6391a8a42c03f4307eea2edfb926d7310b11632"><code>d6391a8</code></a> Revert "Bump io.spring.javaformat:spring-javaformat-checkstyle"</li> <li><a href="https://github.com/spring-projects/spring-session/commit/f75cd2454a5d52406d8e8c4822ee654fbd72309f"><code>f75cd24</code></a> Revert "Bump org.springframework.security:spring-security-bom"</li> <li><a href="https://github.com/spring-projects/spring-session/commit/ca4694310104e6ecb76e089805fc0810788e5efe"><code>ca46943</code></a> Bump org.springframework.security:spring-security-bom</li> <li><a href="https://github.com/spring-projects/spring-session/commit/bf09912a7f697168a21a90ba47ab275a765f8608"><code>bf09912</code></a> Bump io.spring.javaformat:spring-javaformat-checkstyle</li> <li><a href="https://github.com/spring-projects/spring-session/commit/ae2f60668bcf026e651ee65589ecf6a1c082bffc"><code>ae2f606</code></a> Bump io.spring.javaformat:spring-javaformat-gradle-plugin</li> <li><a href="https://github.com/spring-projects/spring-session/commit/05e9a3ec755d212de4dff85811ea8e2c27ec9c28"><code>05e9a3e</code></a> Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7</li> <li><a href="https://github.com/spring-projects/spring-session/commit/6fb972d633e144ef3c9eea8577e0074e24caab8b"><code>6fb972d</code></a> Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-session/compare/3.4.3...3.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8c061ea644 |
Bump springBootVersion from 3.4.5 to 3.5.0 (#3592)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `springBootVersion` from 3.4.5 to 3.5.0. Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-web's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-jetty's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-thymeleaf's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-security` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-security's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-data-jpa` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-data-jpa's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-oauth2-client's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-mail` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-mail's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.5 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-test's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a... _Description has been truncated_ Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ea5515b614 |
Bump org.mockito:mockito-core from 5.17.0 to 5.18.0 (#3593)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.17.0 to 5.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mockito/mockito/releases">org.mockito:mockito-core's releases</a>.</em></p> <blockquote> <h2>v5.18.0</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>5.18.0</h4> <ul> <li>2025-05-20 - <a href="https://github.com/mockito/mockito/compare/v5.17.0...v5.18.0">5 commit(s)</a> by Eugene Platonov, Patrick Doyle, Tim van der Lippe, dependabot[bot]</li> <li>Make vararg checks Scala friendly (for mockito-scala) [(<a href="https://redirect.github.com/mockito/mockito/issues/3651">#3651</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3651">mockito/mockito#3651</a>)</li> <li>For UnfinishedStubbingException, suggest the possibility of another thread [(<a href="https://redirect.github.com/mockito/mockito/issues/3636">#3636</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3636">mockito/mockito#3636</a>)</li> <li>UnfinishedStubbingException ought to suggest the possibility of another thread [(<a href="https://redirect.github.com/mockito/mockito/issues/3635">#3635</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3635">mockito/mockito#3635</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mockito/mockito/commit/06737471ea19ca023581351eeac778ffbce8da74"><code>0673747</code></a> Force Jacoco version for Android</li> <li><a href="https://github.com/mockito/mockito/commit/65388f01eb8a555c4df5dec692ba9abf8a2591b8"><code>65388f0</code></a> Update Jacoco version to 0.8.13</li> <li><a href="https://github.com/mockito/mockito/commit/60179ca10dbd29ff959d7eae670ce95b3f19f5fd"><code>60179ca</code></a> Bump bytebuddy from 1.15.11 to 1.16.1</li> <li><a href="https://github.com/mockito/mockito/commit/8f15169774cb639b5757f121f27d6c0d8ca18c97"><code>8f15169</code></a> Make vararg checks Scala friendly (<a href="https://redirect.github.com/mockito/mockito/issues/3651">#3651</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/3a631cb87082fff212bc00c00970508b4ce63072"><code>3a631cb</code></a> Add hint for multithreading in <code>UnfinishedStubbingException</code> (<a href="https://redirect.github.com/mockito/mockito/issues/3636">#3636</a>)</li> <li>See full diff in <a href="https://github.com/mockito/mockito/compare/v5.17.0...v5.18.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b1a6e1b481 |
Bump org.springframework.boot from 3.4.5 to 3.5.0 (#3594)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.4.5 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <p>Full <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release notes for Spring Boot 3.5</a> are available on the wiki.</p> <h2>⭐ New Features</h2> <ul> <li>Make heapdump endpoint restricted by default <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li> <li>Remove SSL status tag from metrics <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li> <li>Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Unable to override/set nested ConfigurationProperties by passing as a system property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li> <li>ValidationAutoConfiguration triggers early initialization of properties binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li> <li>Micrometer "enable" annotations property does not cover observed aspect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li> <li>spring.graphql.sse.timeout is no longer exposed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li> <li>SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li> <li>IllegalStateException when extracting using layers a module with no code of its own <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li> <li>Removed spring.batch.initialize-schema property is still considered <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li> <li>ReactorHttpClientBuilder does not offer a factory method to create the HttpClient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li> <li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li> <li>Custom default units declared on a field are ignored when binding properties in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li> <li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li> <li>Various spring.datasource properties are mistakenly marked as ignored <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li> <li>JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li> <li>DockerRegistryConfigAuthentication does not align with Docker CLI <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li> <li>Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password <a href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li> <li>CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method <a href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Document the java info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li> <li>Document the process info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li> <li>Document the os info contribution <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li> <li>Document typical spring.application.group and name use <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li> <li>Document that bean methods should be static when annotated with <code>@ConfigurationPropertiesBinding</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li> <li>Document the way that primary Kotlin constructors are used when binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li> <li>Improve "profile" reference documentation with additional admonitions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li> <li>Improve setEnvironmentPrefix(...) reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li> <li>Document all the available Testcontainers integrations <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li> <li>Document when a spring.config.import value is relative and when it is fixed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li> <li>Update org.cyclonedx.bom version in docs to 2.3.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li> <li>Update link to "Parameter Name Retention" section of Spring Framework's release notes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Prevent upgrade to Prometheus Client 1.3.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li> <li>Upgrade to Couchbase Client 3.8.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li> <li>Upgrade to Elasticsearch 8.18.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li> <li>Upgrade to GraphQL Java 24.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li> <li>Upgrade to Hibernate 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a> Release v3.5.0</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a> Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a> Ensure descendants are always recalculated on cache refresh</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a> Next development version (v3.4.7-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a> Merge branch '3.4.x'</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a> Next development version (v3.3.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a> Merge branch '3.4.x'</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d59e39b4b6 |
Bump org.mockito:mockito-core from 5.11.0 to 5.17.0 (#3551)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.11.0 to 5.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mockito/mockito/releases">org.mockito:mockito-core's releases</a>.</em></p> <blockquote> <h2>v5.17.0</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>5.17.0</h4> <ul> <li>2025-04-04 - <a href="https://github.com/mockito/mockito/compare/v5.16.1...v5.17.0">7 commit(s)</a> by Adrian Roos, Andre Kurait, Jan Ouwens, Rafael Winterhalter, Taeik Lim, Thach Le, Tim van der Lippe</li> <li>Fixes <a href="https://redirect.github.com/mockito/mockito/issues/3631">#3631</a>: Fix broken banner image link [(<a href="https://redirect.github.com/mockito/mockito/issues/3632">#3632</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3632">mockito/mockito#3632</a>)</li> <li>Banner image is broken [(<a href="https://redirect.github.com/mockito/mockito/issues/3631">#3631</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3631">mockito/mockito#3631</a>)</li> <li>Update exception message with mockito-inline [(<a href="https://redirect.github.com/mockito/mockito/issues/3628">#3628</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3628">mockito/mockito#3628</a>)</li> <li>Clarify structure of commit messages [(<a href="https://redirect.github.com/mockito/mockito/issues/3626">#3626</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3626">mockito/mockito#3626</a>)</li> <li>Fixes <a href="https://redirect.github.com/mockito/mockito/issues/3622">#3622</a>: MockitoExtension fails cleanup when aborted before setup [(<a href="https://redirect.github.com/mockito/mockito/issues/3623">#3623</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3623">mockito/mockito#3623</a>)</li> <li>MockitoExtension fails cleanup when aborted before setup [(<a href="https://redirect.github.com/mockito/mockito/issues/3622">#3622</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3622">mockito/mockito#3622</a>)</li> <li>Since mockito-inline has been removed, the exception messages with <code>mockito-inline</code> should be modified. [(<a href="https://redirect.github.com/mockito/mockito/issues/3621">#3621</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3621">mockito/mockito#3621</a>)</li> <li>Fixes <a href="https://redirect.github.com/mockito/mockito/issues/3171">#3171</a>: Fall back to Throwable Location strategy on Android [(<a href="https://redirect.github.com/mockito/mockito/issues/3619">#3619</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3619">mockito/mockito#3619</a>)</li> <li>Fixes <a href="https://redirect.github.com/mockito/mockito/issues/3615">#3615</a> : broken links to javadoc.io [(<a href="https://redirect.github.com/mockito/mockito/issues/3616">#3616</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3616">mockito/mockito#3616</a>)</li> <li>Broken links to javadoc.io [(<a href="https://redirect.github.com/mockito/mockito/issues/3615">#3615</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3615">mockito/mockito#3615</a>)</li> <li>Mocks are not working on particular devices after update Android SDK from 33 to 34 [(<a href="https://redirect.github.com/mockito/mockito/issues/3171">#3171</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3171">mockito/mockito#3171</a>)</li> </ul> <h2>v5.16.1</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>5.16.1</h4> <ul> <li>2025-03-15 - <a href="https://github.com/mockito/mockito/compare/v5.16.0...v5.16.1">3 commit(s)</a> by Adrian Roos, Jérôme Prinet, Rafael Winterhalter</li> <li>Remove Arrays.asList from critical stubbing path in GenericMetadataSu… [(<a href="https://redirect.github.com/mockito/mockito/issues/3610">#3610</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3610">mockito/mockito#3610</a>)</li> <li>Rework of injection strategy in the context of modules [(<a href="https://redirect.github.com/mockito/mockito/issues/3608">#3608</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3608">mockito/mockito#3608</a>)</li> <li>Adjust inline mocking snippet to allow task relocatability [(<a href="https://redirect.github.com/mockito/mockito/issues/3606">#3606</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3606">mockito/mockito#3606</a>)</li> <li>Inline mocking configuration snippet for Gradle should allow task relocatability [(<a href="https://redirect.github.com/mockito/mockito/issues/3605">#3605</a>)](<a href="https://redirect.github.com/mockito/mockito/issues/3605">mockito/mockito#3605</a>)</li> </ul> <h2>v5.16.0</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>5.16.0</h4> <ul> <li>2025-03-03 - <a href="https://github.com/mockito/mockito/compare/v5.15.2...v5.16.0">10 commit(s)</a> by Brice Dutheil, Rafael Winterhalter, TDL, dependabot[bot]</li> <li>Add support for including module-info in Mockito. [(<a href="https://redirect.github.com/mockito/mockito/issues/3597">#3597</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3597">mockito/mockito#3597</a>)</li> <li>Bump com.gradle.develocity from 3.19 to 3.19.1 [(<a href="https://redirect.github.com/mockito/mockito/issues/3579">#3579</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3579">mockito/mockito#3579</a>)</li> <li>Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 [(<a href="https://redirect.github.com/mockito/mockito/issues/3577">#3577</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3577">mockito/mockito#3577</a>)</li> <li>Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.1 to 7.0.2 [(<a href="https://redirect.github.com/mockito/mockito/issues/3574">#3574</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3574">mockito/mockito#3574</a>)</li> <li>Bump com.diffplug.spotless:spotless-plugin-gradle from 6.25.0 to 7.0.1 [(<a href="https://redirect.github.com/mockito/mockito/issues/3571">#3571</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3571">mockito/mockito#3571</a>)</li> <li>Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 [(<a href="https://redirect.github.com/mockito/mockito/issues/3569">#3569</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3569">mockito/mockito#3569</a>)</li> <li>Tweaks documentation on mockito agent config for maven [(<a href="https://redirect.github.com/mockito/mockito/issues/3568">#3568</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3568">mockito/mockito#3568</a>)</li> <li>Adds <code>--info</code> to diagnose closeAndReleaseStagingRepositories issues [(<a href="https://redirect.github.com/mockito/mockito/issues/3567">#3567</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3567">mockito/mockito#3567</a>)</li> <li>Refine reflection when calling management factory [(<a href="https://redirect.github.com/mockito/mockito/issues/3566">#3566</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3566">mockito/mockito#3566</a>)</li> <li>Avoid warning when dynamic attach is enabled [(<a href="https://redirect.github.com/mockito/mockito/issues/3551">#3551</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3551">mockito/mockito#3551</a>)</li> </ul> <h2>v5.15.2</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>5.15.2</h4> <ul> <li>2025-01-02 - <a href="https://github.com/mockito/mockito/compare/v5.15.1...v5.15.2">2 commit(s)</a> by Brice Dutheil, dependabot[bot]</li> <li>Fix javadoc publication [(<a href="https://redirect.github.com/mockito/mockito/issues/3561">#3561</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3561">mockito/mockito#3561</a>)</li> <li>Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 [(<a href="https://redirect.github.com/mockito/mockito/issues/3560">#3560</a>)](<a href="https://redirect.github.com/mockito/mockito/pull/3560">mockito/mockito#3560</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mockito/mockito/commit/7764992d1250f4e7f6ffd10f650dc89516139c8d"><code>7764992</code></a> Remove mention of <code>mockito-inline</code> from mockmaker exception (<a href="https://redirect.github.com/mockito/mockito/issues/3628">#3628</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/ee92ad4916d9f3f6ae6836bdba5c30f8404d3d50"><code>ee92ad4</code></a> Fix broken banner image link (<a href="https://redirect.github.com/mockito/mockito/issues/3632">#3632</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/3edab5283552c3c6c393d8c818c8d6a8fa1f94a5"><code>3edab52</code></a> Clarify structure of commit messages (<a href="https://redirect.github.com/mockito/mockito/issues/3626">#3626</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/bfab74365e91135b2f88ccb0228372a8799d9279"><code>bfab743</code></a> Fall back to Throwable Location strategy on Android (<a href="https://redirect.github.com/mockito/mockito/issues/3619">#3619</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/4f469c830b2f6ab0e1f061e9383aff2e6f9f8376"><code>4f469c8</code></a> MockitoExtension fails cleanup when aborted before setup (<a href="https://redirect.github.com/mockito/mockito/issues/3623">#3623</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/1764e62102f525ff9a82b8166b8596edd25f5b7f"><code>1764e62</code></a> Update links to javadoc.io (<a href="https://redirect.github.com/mockito/mockito/issues/3616">#3616</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/1e029d767b33ee8de42e58459a2c3e63ab3f7c41"><code>1e029d7</code></a> Add missing requirement to objenesis.</li> <li><a href="https://github.com/mockito/mockito/commit/d000e630775cfa45752eeb491a197283e7370621"><code>d000e63</code></a> Rework of injection strategy in the context of modules (<a href="https://redirect.github.com/mockito/mockito/issues/3608">#3608</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/0215884a5e68016504be98599b3045070a558002"><code>0215884</code></a> Remove Arrays.asList from critical stubbing path in GenericMetadataSupport (#...</li> <li><a href="https://github.com/mockito/mockito/commit/d18503512b01eed650f5fdf78f7e3c02755c8ee5"><code>d185035</code></a> Add reference to Gradle documentation on how to make task relocatable (<a href="https://redirect.github.com/mockito/mockito/issues/3606">#3606</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mockito/mockito/compare/v5.11.0...v5.17.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9514370cc3 |
Bump org.gradle.toolchains.foojay-resolver-convention from 0.10.0 to 1.0.0 (#3552)
Bumps org.gradle.toolchains.foojay-resolver-convention from 0.10.0 to 1.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b9dd78ced6 |
Bump io.micrometer:micrometer-core from 1.14.7 to 1.15.0 (#3550)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.15.0</h2> <h2>⭐ New Features</h2> <ul> <li>Further enhancement to OtlpMetricsSender <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6025">#6025</a></li> <li>Make Prometheus Metric and Label naming conventions consistent <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5923">#5923</a></li> <li>Metrics for Executors.newVirtualThreadPerTaskExecutor() <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5488">#5488</a></li> <li>Metrics for live virtual threads <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5950">#5950</a></li> <li>More flexible OTLP per meter configuration <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6099">#6099</a></li> <li>Prometheus/OpenMetrics <code>_created</code> timestamp <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/2625">#2625</a></li> <li>Make jvm.classes.unloaded description generic <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5745">#5745</a></li> <li>Use String.toLowerCase()/toUpperCase() with Locale.ROOT consistently <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5711">#5711</a></li> <li>Use failWithActualExpectedAndMessage() where possible <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5696">#5696</a></li> <li>Provide target host/port info in ObservationExecChainHandler when HttpHostConnectException is thrown <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5615">#5615</a></li> <li>Enable Gauge builders to take a subclass of Number <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5601">#5601</a></li> <li>micrometer-observation-test support for assertions on events <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5576">#5576</a></li> <li>Log delta count in addition to throughput in LoggingMeterRegistry <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5548">#5548</a></li> <li>Add peer name and port to gRPC observation contexts <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/3512">#3512</a></li> <li>Use direct equals call instead of Objects.equals wrapper <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5840">#5840</a></li> <li>Remove special handling of 404/301 from JDK HTTP client instrumentation <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5838">#5838</a></li> <li>Make Timer and LongTaskTimer output similar in LoggingMeterRegistry <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5835">#5835</a></li> <li>Remove special handling of 404 and redirection statuses from Jetty client instrumentation <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5825">#5825</a></li> <li>Log deprecation warning when creating SignalFxMeterRegistry <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5824">#5824</a></li> <li>Log metrics recording failures in CountedAspect and TimedAspect <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5820">#5820</a></li> <li>Remove special handling of 404/301 from OkHttp instrumentation <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5814">#5814</a></li> <li>Support AutoShutdownDelegatedExecutorService in ExecutorServiceMetrics <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5811">#5811</a></li> <li>Deprecate micrometer-registry-signalfx in favor of micrometer-registry-otlp <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5807">#5807</a></li> <li>Rebind <code>Log4j2Metrics</code> when <code>LoggerContext#reconfigure</code> is called <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5756">#5756</a></li> <li>Send metrics via any protocol in the OTLP Registry <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5690">#5690</a></li> <li>Improve average performance of DefaultLongTaskTimer for out-of-order stopping <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5591">#5591</a></li> <li>Improve OtlpMetricsSender API <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5994">#5994</a></li> <li>Support configuring exponential histograms at the meter level <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5459">#5459</a></li> <li>Allow TimedAspect/CountedAspect to create tags based on method result <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/3058">#3058</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Do not leak OTLP types on public-facing API <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5699">#5699</a></li> <li>micrometer-observation-test brings unnecessary JUnit dependencies, leading to conflicts <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6012">#6012</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump io.opentelemetry.proto:opentelemetry-proto from 1.4.0-alpha to 1.5.0-alpha <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5798">#5798</a></li> <li>Bump com.google.cloud:libraries-bom from 26.55.0 to 26.56.0 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5991">#5991</a></li> <li>Bump com.google.cloud:google-cloud-monitoring from 3.59.0 to 3.60.0 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5986">#5986</a></li> <li>Bump com.google.auth:google-auth-library-oauth2-http from 1.32.1 to 1.33.0 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5963">#5963</a></li> <li>Bump software.amazon.awssdk:cloudwatch from 2.29.46 to 2.30.11 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5863">#5863</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e13042badcc34c2ca833bfd692924bd86e9d4c1e"><code>e13042b</code></a> Bump software.amazon.awssdk:cloudwatch from 2.31.40 to 2.31.41 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6228">#6228</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/571793b84ed71c90012b378b94df02fdb417ecf2"><code>571793b</code></a> Merge branch '1.14.x'</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/315c1b1817ca77b6d91b890586ae1826186b57c4"><code>315c1b1</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/a3ae027d8c6dd0fbd7851eb59a61e29341498f2b"><code>a3ae027</code></a> Bump com.tngtech.archunit:archunit-junit5 from 1.3.1 to 1.3.2 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6225">#6225</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/ac6c26f7baf6c742a5daf509113d0197a23361d0"><code>ac6c26f</code></a> Merge branch '1.14.x'</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/163203f98102e4e7bb8e9e4bc893257b162e2d49"><code>163203f</code></a> Add missing colons in "Environment" section in bug_report.md (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6223">#6223</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/1713feed26a18f676b0e9f395354e4b8688731b1"><code>1713fee</code></a> Bump maven-resolver from 1.9.22 to 1.9.23 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6222">#6222</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e31548477ade9ab7933d2ff7f2a8817540598c5c"><code>e315484</code></a> Bump software.amazon.awssdk:cloudwatch from 2.31.39 to 2.31.40 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6221">#6221</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d6b8d4e8472dda214252a184ff8d244a7934e13a"><code>d6b8d4e</code></a> Bump com.google.cloud:libraries-bom from 26.59.0 to 26.60.0 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6220">#6220</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/121056e6d59fb6995b65adf0b4a53aabbb47d63d"><code>121056e</code></a> Bump software.amazon.awssdk:cloudwatch from 2.31.38 to 2.31.39 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6217">#6217</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.15.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f50f7230d0 |
Bump org.springframework.security:spring-security-saml2-service-provider from 6.4.5 to 6.5.0 (#3549)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.security:spring-security-saml2-service-provider](https://github.com/spring-projects/spring-security) from 6.4.5 to 6.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's releases</a>.</em></p> <blockquote> <h2>6.5.0</h2> <h2>⭐ New Features</h2> <ul> <li>Add documentation for DPoP support <a href="https://redirect.github.com/spring-projects/spring-security/issues/17072">#17072</a></li> <li>Add logging to CsrfTokenRequestHandler implementations <a href="https://redirect.github.com/spring-projects/spring-security/pull/16994">#16994</a></li> <li>Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter <a href="https://redirect.github.com/spring-projects/spring-security/pull/16806">#16806</a></li> <li>Bump Gradle Wrapper from 8.13 to 8.14 <a href="https://redirect.github.com/spring-projects/spring-security/issues/17018">#17018</a></li> <li>ClientRegistrations.fromIssuerLocation does not include failure information <a href="https://redirect.github.com/spring-projects/spring-security/issues/17015">#17015</a></li> <li>Fix Typo In SubjectDnX509PrincipalExtractorTests <a href="https://redirect.github.com/spring-projects/spring-security/pull/16997">#16997</a></li> <li>Implement internal cache in JtiClaimValidator <a href="https://redirect.github.com/spring-projects/spring-security/issues/17107">#17107</a></li> <li>Polish javadoc <a href="https://redirect.github.com/spring-projects/spring-security/pull/16924">#16924</a></li> <li>Remove unused classes <a href="https://redirect.github.com/spring-projects/spring-security/pull/16935">#16935</a></li> <li>Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation <a href="https://redirect.github.com/spring-projects/spring-security/pull/16962">#16962</a></li> <li>RequestHeaderAuthenticationFilter creates a session even if not configured to do so <a href="https://redirect.github.com/spring-projects/spring-security/issues/17147">#17147</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>Add FunctionalInterface To X509PrincipalExtractor <a href="https://redirect.github.com/spring-projects/spring-security/pull/16952">#16952</a></li> <li>Change NonNull import from reactor to spring <a href="https://redirect.github.com/spring-projects/spring-security/pull/16571">#16571</a></li> <li>Fix DPoP jkt claim to be JWK SHA-256 thumbprint <a href="https://redirect.github.com/spring-projects/spring-security/pull/17080">#17080</a></li> <li>Minor error in the Handling Logouts documentation <a href="https://redirect.github.com/spring-projects/spring-security/issues/17049">#17049</a></li> <li>SecurityAnnotationScanner's method comparison should use .equals <a href="https://redirect.github.com/spring-projects/spring-security/issues/17145">#17145</a></li> <li>Use proper configuration key in Opaque Token documentation <a href="https://redirect.github.com/spring-projects/spring-security/issues/17014">#17014</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 <a href="https://redirect.github.com/spring-projects/spring-security/issues/17069">#17069</a></li> <li>Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 <a href="https://redirect.github.com/spring-projects/spring-security/pull/16995">#16995</a></li> <li>Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 <a href="https://redirect.github.com/spring-projects/spring-security/pull/16990">#16990</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17024">#17024</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17095">#17095</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17096">#17096</a></li> <li>Bump io.mockk:mockk from 1.14.0 to 1.14.2 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17019">#17019</a></li> <li>Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 <a href="https://redirect.github.com/spring-projects/spring-security/issues/17111">#17111</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17040">#17040</a></li> <li>Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17088">#17088</a></li> <li>Bump org-eclipse-jetty from 11.0.24 to 11.0.25 <a href="https://redirect.github.com/spring-projects/spring-security/pull/16761">#16761</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17089">#17089</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17105">#17105</a></li> <li>Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17037">#17037</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 <a href="https://redirect.github.com/spring-projects/spring-security/pull/16981">#16981</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17137">#17137</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17124">#17124</a></li> </ul> <h2>🔩 Build Updates</h2> <ul> <li>Release 6.5.0 <a href="https://redirect.github.com/spring-projects/spring-security/issues/17138">#17138</a></li> </ul> <h2>❤️ Contributors</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/0fd0e9335ae3a6ff3538045d098dd6b94679d99e"><code>0fd0e93</code></a> Release 6.5.0</li> <li><a href="https://github.com/spring-projects/spring-security/commit/78dd02a4c18502fa668ca7736581eaed8193891c"><code>78dd02a</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/edc8735eb8ba1c378826499db5160cea44db462a"><code>edc8735</code></a> Merge branch '6.3.x' into 6.4.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/cae3467a8d5fdf4ef0f5c2343d48aa9c48445be2"><code>cae3467</code></a> Improve AbstractPreAuthenticatedProcessingFilter docs</li> <li><a href="https://github.com/spring-projects/spring-security/commit/9a8f9a91bc1e4b97cd47dd3c61ac7451e62c15ca"><code>9a8f9a9</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb"><code>c972de5</code></a> Use .equals to Compare Methods</li> <li><a href="https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b"><code>bf2aaa1</code></a> Use .equals to Compare Methods</li> <li><a href="https://github.com/spring-projects/spring-security/commit/6fb0591109e3c6d9fef9ee2d1a4f215c738c22da"><code>6fb0591</code></a> Merge branch 'gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.6'...</li> <li><a href="https://github.com/spring-projects/spring-security/commit/390972c4a05b3a664c0e1b936d63712559c53a1f"><code>390972c</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/36905173951d20085c226b82da552ec4ff9ab9ee"><code>3690517</code></a> Merge branch 'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6'...</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/6.4.5...6.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8ecd4e9c36 |
Bump org.springframework:spring-webmvc from 6.2.6 to 6.2.7 (#3547)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework) from 6.2.6 to 6.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-webmvc's releases</a>.</em></p> <blockquote> <h2>v6.2.7</h2> <h2>⭐ New Features</h2> <ul> <li>Forward more methods to underlying InputStream in NonClosingInputStream <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34893">#34893</a></li> <li>Introduce Spring property for the default property placeholder escape character <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34865">#34865</a></li> <li>Close ApplicationContext once AOT processing has completed <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34841">#34841</a></li> <li>Fix <code>AbstractJackson2HttpMessageConverter#getObjectMappersForType</code> nullness <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34811">#34811</a></li> <li>Add option for case-insensitive match to PatternMatchUtils <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34801">#34801</a></li> <li>RestClient <code>@RequestBody</code> parameters lose generic type information when creating HTTP service beans <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34793">#34793</a></li> <li>Adds option to set Principal in MockServerWebExchange <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34789">#34789</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Beans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34902">#34902</a></li> <li><code>PropertySourcesPlaceholderConfigurer</code> placeholder resolution fails in several scenarios <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34861">#34861</a></li> <li>HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34851">#34851</a></li> <li>Fragment.create() requires mutable map - which is unusable when used with Kotlin <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34848">#34848</a></li> <li>Duplicate <code>BeanOverrideHandler</code> discovered in <code>@Nested</code> test case with superclass from different class or in interface implemented multiple times <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34844">#34844</a></li> <li>Accidental ClassLoader defineClass enforcement after <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34824">#34824</a></li> <li>HttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34812">#34812</a></li> <li>AbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34796">#34796</a></li> <li>Correctly expand query param with same name from URI variables array <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34783">#34783</a></li> <li>R2DBC <code>NamedParameterUtils</code> only expands reused collection parameter once <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34768">#34768</a></li> <li><code>PathMatchingResourcePatternResolver</code> wrongly assumes that <code>target/classes</code> always exists <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34764">#34764</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Clarify <code>CompositePropertySource</code> behavior for <code>EnumerablePropertySource</code> contract <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34886">#34886</a></li> <li>Javadoc and <code>@Nullable</code> annotation for <code>servletContext</code> parameter of <code>ConfigurableWebEnvironment.initPropertySources</code> are contradictory <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34845">#34845</a></li> <li>Spring MVC: <code>@EnableAsync</code> needs to be redeclared for each ApplicationContext <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34843">#34843</a></li> <li>Provide a working example instead of unclear placeholders <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34828">#34828</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Micrometer 1.14.7 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34889">#34889</a></li> <li>Upgrade to Reactor 2024.0.6 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34898">#34898</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/Artur"><code>@Artur</code></a>-, <a href="https://github.com/blake-bauman"><code>@blake-bauman</code></a>, <a href="https://github.com/iifawzi"><code>@iifawzi</code></a>, <a href="https://github.com/kilink"><code>@kilink</code></a>, <a href="https://github.com/quaff"><code>@quaff</code></a>, <a href="https://github.com/whlit"><code>@whlit</code></a>, and <a href="https://github.com/zzoe2346"><code>@zzoe2346</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b"><code>ba590ac</code></a> Release v6.2.7</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332"><code>ee62701</code></a> Make use of PatternMatchUtils ignoreCase option</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1"><code>fa168ca</code></a> Revise FactoryBean locking behavior for strict/lenient consistency</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22"><code>3c228a5</code></a> Add missing <a href="https://github.com/since"><code>@since</code></a> tags in PatternMatchUtils</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f"><code>9bf6b8c</code></a> Upgrade to Reactor 2024.0.6</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8"><code>37ecdd1</code></a> Forward more methods to underlying InputStream in NonClosingInputStream</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c"><code>73f1c5a</code></a> Polishing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d"><code>4d296fb</code></a> Upgrade to Micrometer 1.14.7</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512"><code>6a94444</code></a> Clarify CompositePropertySource behavior for EnumerablePropertySource contract</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd"><code>03ae97b</code></a> Introduce Spring property for default escape character for placeholders</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9aa692674f |
Bump org.sonarqube from 6.1.0.5360 to 6.2.0.5505 (#3546)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.sonarqube from 6.1.0.5360 to 6.2.0.5505. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
89992fe643 |
Bump org.springframework:spring-jdbc from 6.2.6 to 6.2.7 (#3545)
Bumps [org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework) from 6.2.6 to 6.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-jdbc's releases</a>.</em></p> <blockquote> <h2>v6.2.7</h2> <h2>⭐ New Features</h2> <ul> <li>Forward more methods to underlying InputStream in NonClosingInputStream <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34893">#34893</a></li> <li>Introduce Spring property for the default property placeholder escape character <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34865">#34865</a></li> <li>Close ApplicationContext once AOT processing has completed <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34841">#34841</a></li> <li>Fix <code>AbstractJackson2HttpMessageConverter#getObjectMappersForType</code> nullness <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34811">#34811</a></li> <li>Add option for case-insensitive match to PatternMatchUtils <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34801">#34801</a></li> <li>RestClient <code>@RequestBody</code> parameters lose generic type information when creating HTTP service beans <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34793">#34793</a></li> <li>Adds option to set Principal in MockServerWebExchange <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34789">#34789</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>Beans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34902">#34902</a></li> <li><code>PropertySourcesPlaceholderConfigurer</code> placeholder resolution fails in several scenarios <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34861">#34861</a></li> <li>HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34851">#34851</a></li> <li>Fragment.create() requires mutable map - which is unusable when used with Kotlin <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34848">#34848</a></li> <li>Duplicate <code>BeanOverrideHandler</code> discovered in <code>@Nested</code> test case with superclass from different class or in interface implemented multiple times <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34844">#34844</a></li> <li>Accidental ClassLoader defineClass enforcement after <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a> <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34824">#34824</a></li> <li>HttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34812">#34812</a></li> <li>AbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34796">#34796</a></li> <li>Correctly expand query param with same name from URI variables array <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34783">#34783</a></li> <li>R2DBC <code>NamedParameterUtils</code> only expands reused collection parameter once <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34768">#34768</a></li> <li><code>PathMatchingResourcePatternResolver</code> wrongly assumes that <code>target/classes</code> always exists <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34764">#34764</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Clarify <code>CompositePropertySource</code> behavior for <code>EnumerablePropertySource</code> contract <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34886">#34886</a></li> <li>Javadoc and <code>@Nullable</code> annotation for <code>servletContext</code> parameter of <code>ConfigurableWebEnvironment.initPropertySources</code> are contradictory <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34845">#34845</a></li> <li>Spring MVC: <code>@EnableAsync</code> needs to be redeclared for each ApplicationContext <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34843">#34843</a></li> <li>Provide a working example instead of unclear placeholders <a href="https://redirect.github.com/spring-projects/spring-framework/pull/34828">#34828</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Micrometer 1.14.7 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34889">#34889</a></li> <li>Upgrade to Reactor 2024.0.6 <a href="https://redirect.github.com/spring-projects/spring-framework/issues/34898">#34898</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/Artur"><code>@Artur</code></a>-, <a href="https://github.com/blake-bauman"><code>@blake-bauman</code></a>, <a href="https://github.com/iifawzi"><code>@iifawzi</code></a>, <a href="https://github.com/kilink"><code>@kilink</code></a>, <a href="https://github.com/quaff"><code>@quaff</code></a>, <a href="https://github.com/whlit"><code>@whlit</code></a>, and <a href="https://github.com/zzoe2346"><code>@zzoe2346</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b"><code>ba590ac</code></a> Release v6.2.7</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332"><code>ee62701</code></a> Make use of PatternMatchUtils ignoreCase option</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1"><code>fa168ca</code></a> Revise FactoryBean locking behavior for strict/lenient consistency</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22"><code>3c228a5</code></a> Add missing <a href="https://github.com/since"><code>@since</code></a> tags in PatternMatchUtils</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f"><code>9bf6b8c</code></a> Upgrade to Reactor 2024.0.6</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8"><code>37ecdd1</code></a> Forward more methods to underlying InputStream in NonClosingInputStream</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c"><code>73f1c5a</code></a> Polishing</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d"><code>4d296fb</code></a> Upgrade to Micrometer 1.14.7</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512"><code>6a94444</code></a> Clarify CompositePropertySource behavior for EnumerablePropertySource contract</li> <li><a href="https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd"><code>03ae97b</code></a> Introduce Spring property for default escape character for placeholders</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1f56ccfc99 |
Bump gradle/actions from 4.3.1 to 4.4.0 (#3544)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [gradle/actions](https://github.com/gradle/actions) from 4.3.1 to 4.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.0</h2> <p>This release updates 2 downstream components:</p> <ul> <li>Develocity injection has been updated to <a href="https://github.com/gradle/develocity-ci-injection/releases/tag/v2.0">v2.0</a> <ul> <li>Some environment variables related to Develocity injection have been renamed. All vars now being with <code>DEVELOCITY_INJECTION_</code>. Check <a href="https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-develocity-injection">the docs</a> for more details.</li> </ul> </li> <li>Dependency-graph plugin has been updated to <a href="https://github.com/gradle/github-dependency-graph-gradle-plugin/releases/tag/v1.4.0">v1.4.0</a> <ul> <li>The 'detector' values included in the generated graph can now be configured via environment variables.</li> </ul> </li> </ul> <h2>What's Changed</h2> <ul> <li>Update develocity-injection init script to v1.3 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/592">gradle/actions#592</a></li> <li>Update develocity-injection init script to v2.0 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/593">gradle/actions#593</a></li> <li>[StepSecurity] ci: Harden GitHub Actions by <a href="https://github.com/step-security-bot"><code>@step-security-bot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li> <li>Use v1.4.0 of dependency graph plugin by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/638">gradle/actions#638</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/step-security-bot"><code>@step-security-bot</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.3.1...v4.4.0">https://github.com/gradle/actions/compare/v4.3.1...v4.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/8379f6a1328ee0e06e2bb424dadb7b159856a326"><code>8379f6a</code></a> Use v1.4.0 of dependency graph plugin (<a href="https://redirect.github.com/gradle/actions/issues/638">#638</a>)</li> <li><a href="https://github.com/gradle/actions/commit/9f79b5fa2c0d6f1157051630d2fb45b9f10ca6a5"><code>9f79b5f</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/e093fac84ca6df405f28ca0317458de1a4c7ad65"><code>e093fac</code></a> Bump the npm-dependencies group in /sources with 5 updates (<a href="https://redirect.github.com/gradle/actions/issues/636">#636</a>)</li> <li><a href="https://github.com/gradle/actions/commit/768a17f3488dc3fe0155ff431553e1f53d57e22e"><code>768a17f</code></a> Bump the npm-dependencies group in /sources with 2 updates (<a href="https://redirect.github.com/gradle/actions/issues/635">#635</a>)</li> <li><a href="https://github.com/gradle/actions/commit/36541137722dacf3739105e1b760c6856d5369e4"><code>3654113</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/2ad385cb2aee647fa33b18e52b479ae14fed4c6c"><code>2ad385c</code></a> Replace use of typed-rest-client with <code>@actions/http-client</code> (<a href="https://redirect.github.com/gradle/actions/issues/634">#634</a>)</li> <li><a href="https://github.com/gradle/actions/commit/95dcf96b0d6e55b48ba036a7d7480ce25a00e6ef"><code>95dcf96</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/2e3238a6642725202f6a5656922bbe434f25b03e"><code>2e3238a</code></a> Bump actions/download-artifact from 4.2.1 to 4.3.0 in /.github/actions/init-i...</li> <li><a href="https://github.com/gradle/actions/commit/39dddb8ae7ff59c7416189aac27a8980abd89bd0"><code>39dddb8</code></a> Remove direct use of octokit/request-error (<a href="https://redirect.github.com/gradle/actions/issues/632">#632</a>)</li> <li><a href="https://github.com/gradle/actions/commit/755ed7db09daddecb584fd9d200146c632f1af98"><code>755ed7d</code></a> [bot] Update dist directory</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/06832c7b30a0129d7fb559bcc6e43d26f6374244...8379f6a1328ee0e06e2bb424dadb7b159856a326">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f290f62e23 |
Bump actions/dependency-review-action from 4.7.0 to 4.7.1 (#3543)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.0 to 4.7.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.7.1</h2> <ul> <li>Packages added to <code>allow-dependencies-licenses</code> will be allowed even if the package in question has no license information <a href="https://redirect.github.com/actions/dependency-review-action/issues/889">#889</a></li> <li>License expressions (e.g. <code>Ruby OR GPL-2.0</code>) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. <code>Ruby</code>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/da24556b548a50705dd671f47852072ea4c105d9"><code>da24556</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/933">#933</a> from actions/dangoor/471-release</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9af0caf0e50bd16cea055a1319f959e718f9cd5d"><code>9af0caf</code></a> Bump version number for 4.7.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d8f2df20d5605f0dd46db3bd283002c24e357724"><code>d8f2df2</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/932">#932</a> from actions/907-disallow-expression</li> <li><a href="https://github.com/actions/dependency-review-action/commit/6e9307a3d4e5049e0dd8b5f9d51dfa0544391d3a"><code>6e9307a</code></a> Discard allow list entries that are not SPDX IDs</li> <li><a href="https://github.com/actions/dependency-review-action/commit/8805179dc9a63c54224914839d370dd93bd37b2e"><code>8805179</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/930">#930</a> from actions/889-allow-no-license</li> <li><a href="https://github.com/actions/dependency-review-action/commit/014300b08cd78d8944f631eb3415e4c079cdb3e8"><code>014300b</code></a> Update build</li> <li><a href="https://github.com/actions/dependency-review-action/commit/34486f306eacc0b5ba73c8d12b5af19a58d22364"><code>34486f3</code></a> Check namespaces when excluding license checks</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9b155d6432a2e91d56f1d2ad084483e8cd766a23"><code>9b155d6</code></a> Update build</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f199659a6a39762ca0753d8a2fb41192144f257a"><code>f199659</code></a> Allowing dependencies works with no licenses</li> <li>See full diff in <a href="https://github.com/actions/dependency-review-action/compare/38ecb5b593bf0eb19e335c03f97670f792489a8b...da24556b548a50705dd671f47852072ea4c105d9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
74fcf01d03 |
Bump github/codeql-action from 3.28.17 to 3.28.18 (#3542)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.17 to 3.28.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.28.18</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.18/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> <li>Update default CodeQL bundle version to 2.20.7. <a href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li> </ul> <h2>3.28.11 - 07 Mar 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.6. <a href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li> </ul> <h2>3.28.10 - 21 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.5. <a href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li> <li>Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. <a href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li> </ul> <h2>3.28.9 - 07 Feb 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/ff0a06e83cb2de871e5a09832bc6a81e7276941f"><code>ff0a06e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2896">#2896</a> from github/update-v3.28.18-b86edfc27</li> <li><a href="https://github.com/github/codeql-action/commit/a41e0844be4d25fcef7ce7fa536f3e30275a9a1c"><code>a41e084</code></a> Update changelog for v3.28.18</li> <li><a href="https://github.com/github/codeql-action/commit/b86edfc27a1e0d3b55127a7496a1c770a02b2f84"><code>b86edfc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2893">#2893</a> from github/update-bundle/codeql-bundle-v2.21.3</li> <li><a href="https://github.com/github/codeql-action/commit/e93b90025f7c49dccc3ee640c4155b63eb9a6b39"><code>e93b900</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.21.3</li> <li><a href="https://github.com/github/codeql-action/commit/510dfa3460b15b34a807ab5609b4691aed5ebbee"><code>510dfa3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2894">#2894</a> from github/henrymercer/skip-validating-codeql-sarif</li> <li><a href="https://github.com/github/codeql-action/commit/492d7832457da825a964331d860789f3f19d105b"><code>492d783</code></a> Merge branch 'main' into henrymercer/skip-validating-codeql-sarif</li> <li><a href="https://github.com/github/codeql-action/commit/83bdf3b7f92061d2f6d74e2a4555ecf719adad68"><code>83bdf3b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2859">#2859</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/cffc916774454a5ead1c8fb7925abad20cda85e4"><code>cffc916</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2891">#2891</a> from austinpray-mixpanel/patch-1</li> <li><a href="https://github.com/github/codeql-action/commit/4420887272f1c68c7c58ca2970bdfb5eb657cf08"><code>4420887</code></a> Add deprecation warning for CodeQL 2.16.5 and earlier</li> <li><a href="https://github.com/github/codeql-action/commit/4e178c584157c51ff3d6fb87c764e7ed0715f82a"><code>4e178c5</code></a> Update supported versions table in README</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/60168efe1c415ce0f5521ea06d5c2062adbeed1b...ff0a06e83cb2de871e5a09832bc6a81e7276941f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1346abf0e5 |
Bump docker/build-push-action from 6.16.0 to 6.17.0 (#3541)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.16.0 to 6.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.17.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.59.0 to 0.61.0 by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1364">docker/build-push-action#1364</a></li> </ul> <blockquote> <p>[!NOTE] Build record is now exported using the <a href="https://docs.docker.com/reference/cli/docker/buildx/history/export/"><code>buildx history export</code></a> command instead of the legacy export-build tool.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0">https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/1dc73863535b631f98b2378be8619f83b136f4a0"><code>1dc7386</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1364">#1364</a> from crazy-max/history-export-cmd</li> <li><a href="https://github.com/docker/build-push-action/commit/9c9803f36437c54a2bf7b2c9a4a9011c2a812d71"><code>9c9803f</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/db1f6c46e8d64f89ec10010e409681bcf7951c05"><code>db1f6c4</code></a> DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export</li> <li><a href="https://github.com/docker/build-push-action/commit/721e8c79de660781840d3a69a11e39e1e836ef8e"><code>721e8c7</code></a> Bump <code>@docker/actions-toolkit</code> from 0.59.0 to 0.61.0</li> <li>See full diff in <a href="https://github.com/docker/build-push-action/compare/14487ce63c7a62a4a324b0bfb37086795e31c6c1...1dc73863535b631f98b2378be8619f83b136f4a0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
70717813f6 |
Bump io.micrometer:micrometer-core from 1.14.6 to 1.14.7 (#3521)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.14.7</h2> <h2>⭐ New Features</h2> <ul> <li>Replace Meter.Id.getTags() with cheaper alternatives <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6147">#6147</a></li> </ul> <h2>🐞 Bug Fixes</h2> <ul> <li>MultiGauge doesn't work with MeterFilter.map() <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6146">#6146</a></li> <li>Record cache.size in CaffeineCacheMetrics without enabling recordStats() <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6128">#6128</a></li> <li>TimedHandler shutdown hanging indefinitely <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6194">#6194</a></li> <li>Use snapshot consistently in AppOpticsMeterRegistry.writeSummary() <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6181">#6181</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/AlexElin"><code>@AlexElin</code></a>, <a href="https://github.com/RafeArnold"><code>@RafeArnold</code></a>, and <a href="https://github.com/izeye"><code>@izeye</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/b6e5031303afbdf43073dc19377d84d8e858c048"><code>b6e5031</code></a> Bump com.tngtech.archunit:archunit-junit5 from 1.3.1 to 1.3.2 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6226">#6226</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6567cdccd3440b9fb1624463f4470e255d449314"><code>6567cdc</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/80d4c9d986dfddee331a22f16a533ee3e4725116"><code>80d4c9d</code></a> Call Shutdown#check after finishing timing (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6194">#6194</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/7f82709bb221470065f23c312e7441952ff78cb4"><code>7f82709</code></a> Bump maven-resolver from 1.9.22 to 1.9.23 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6219">#6219</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/a1a4f3d83dfaef791949c5cd042e28535e60165b"><code>a1a4f3d</code></a> Bump maven-resolver from 1.9.22 to 1.9.23 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6218">#6218</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/a6adb3a05862e5c8896a997a755daa159e06eba5"><code>a6adb3a</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/fb2d4da16e9388852064b10b6004441848c69dce"><code>fb2d4da</code></a> Get Google Cloud project ID from env var for integration tests</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/4f0cf532a923f31c89f80e4a85e1bf3eb61a58e9"><code>4f0cf53</code></a> Bump com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.18.4 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6214">#6214</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/33d1f7ebfd4e33bd027ced975adcd044d83fad12"><code>33d1f7e</code></a> Merge branch '1.13.x' into 1.14.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/79939c3958fe95b03da844c55e9ce4f03d5e2d3d"><code>79939c3</code></a> Fix JavaDurationGetSecondsToToSeconds warnings for tests (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6207">#6207</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
662c2a4dfe |
Bump org.apache.xmlgraphics:batik-all from 1.18 to 1.19 (#3520)
Bumps org.apache.xmlgraphics:batik-all from 1.18 to 1.19. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9fc174d12d |
Bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#3519)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.6.0 to 4.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.7.0</h2> <ul> <li>Handle complex license expressions (e.g. <code>MIT AND GPL-2.0</code>) in allow lists (fixes <a href="https://redirect.github.com/actions/dependency-review-action/issues/809">#809</a> and probably others)</li> <li>Replace <code>OTHER</code> in package licenses with <code>LicenseRef-clearlydefined-OTHER</code> so that parsing passes</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/38ecb5b593bf0eb19e335c03f97670f792489a8b"><code>38ecb5b</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/929">#929</a> from actions/dangoor/4.7-release</li> <li><a href="https://github.com/actions/dependency-review-action/commit/0e9e935cc870609b60e95f0ca9c5439df6c5a001"><code>0e9e935</code></a> Version 4.7.0 release</li> <li><a href="https://github.com/actions/dependency-review-action/commit/69d2faa36575aaf6f3b6e83344dccafd1434b31e"><code>69d2faa</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/926">#926</a> from dangoor/dangoor/replace-other</li> <li><a href="https://github.com/actions/dependency-review-action/commit/7e14978e0e6d56c5c368d665cfe64859530ae43e"><code>7e14978</code></a> Merge branch 'actions:main' into dangoor/replace-other</li> <li><a href="https://github.com/actions/dependency-review-action/commit/8477905b0e5eb937fce8d6d92309aee88f4a4295"><code>8477905</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/927">#927</a> from dangoor/dangoor/multilicense</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f3ff3564fad5f71b84386e8dd99dcdd5f25b6e9e"><code>f3ff356</code></a> Update dist</li> <li><a href="https://github.com/actions/dependency-review-action/commit/c7565d44ece013dd49742989a6bd8f2042aed16a"><code>c7565d4</code></a> Fix tests and respond to review feedback</li> <li><a href="https://github.com/actions/dependency-review-action/commit/82299c3bbe54c01331889c2b0f62af249dfb0ee8"><code>82299c3</code></a> Replace OTHER with a LicenseRef</li> <li><a href="https://github.com/actions/dependency-review-action/commit/2013ccccfe108a74501d552608b81853e407307a"><code>2013ccc</code></a> Update type definition for spdx-satisfies</li> <li><a href="https://github.com/actions/dependency-review-action/commit/3a2b68706a35b3507491b524adfe1c822821e706"><code>3a2b687</code></a> Handle complex licenses (e.g. X AND Y)</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/ce3cf9537a52e8119d91fd484ab5b8a807627bf8...38ecb5b593bf0eb19e335c03f97670f792489a8b">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1aff1d3480 |
Bump com.opencsv:opencsv from 5.10 to 5.11 (#3476)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps com.opencsv:opencsv from 5.10 to 5.11. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bfaffe5050 |
Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.6 to 2.8.8 (#3482)
Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.6 to 2.8.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>v2.8.8</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8">https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8</a></p> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a> - Handle projects not using kotlin-reflect <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> </ul> <h2>springdoc-openapi v2.8.7 released!</h2> <h2>What's Changed</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Introducing springdoc-openapi-bom project</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a> - Customize Servers via application.yml</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a> - Set default content type for problem details object to application/problem+jso</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a> - List of value classes in Kotlin</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.21.0</li> <li>Upgrade swagger-core to 2.2.30</li> <li>Upgrade spring-boot to version 3.4.5</li> <li>Upgrade spring-security-oauth2-authorization-server to version 1.4.3</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a> - Unexpected warning "Appended trailing slash to static resource location"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a> - NPE when customizing group's open-api without specifying any schema</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a> - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a> - Cannot add custom description and example for java.time.Duration since v2.8.6</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a> - <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a> - Build Failure due to Private Inner Class.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2556">#2556</a> - Unable to determine if it is a Kotlin type</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lagoshny"><code>@lagoshny</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2970">springdoc/springdoc-openapi#2970</a></li> <li><a href="https://github.com/mymx2"><code>@mymx2</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2950">springdoc/springdoc-openapi#2950</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7">https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.8] - 2025-05-04</h2> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a> - Handle projects not using kotlin-reflect <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> </ul> <h2>[2.8.7] - 2025-05-04</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a> - Introducing springdoc-openapi-bom project</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a> - Customize Servers via application.yml</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a> - Set default content type for problem details object to application/problem+jso</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a> - List of value classes in Kotlin</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.21.0</li> <li>Upgrade swagger-core to 2.2.30</li> <li>Upgrade spring-boot to version 3.4.5</li> <li>Upgrade spring-security-oauth2-authorization-server to version 1.4.3</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a> - Unexpected warning "Appended trailing slash to static resource location"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a> - NPE when customizing group's open-api without specifying any schema</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a> - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a> - Cannot add custom description and example for java.time.Duration since v2.8.6</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a> - <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a> - Build Failure due to Private Inner Class.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/bce44dbe502cbaeeff6188fe210042859aa0ed54"><code>bce44db</code></a> [maven-release-plugin] prepare release v2.8.8</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/707fce0271fda0c713c412488247dba4cc32d98c"><code>707fce0</code></a> Handle projects not using kotlin-reflect. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/7a3546cb733d3ca493b6e622778a97c73b39b04a"><code>7a3546c</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/764ef2fd42040232a7a9280d826ed72a591da3df"><code>764ef2f</code></a> [maven-release-plugin] prepare release v2.8.7</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/98dacbda5cbdb0a278aa407ddc6aa05c8f23f031"><code>98dacbd</code></a> Prepare for the next release</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/5eb7d77e55df6b1b4ea1964fb146233f88b71e2d"><code>5eb7d77</code></a> pom.xml cleanup for <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/9dffa3d7d43e11ee1abfa86c7bf9b1886fc23e11"><code>9dffa3d</code></a> pom.xml cleanup for <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/a68b42edf1465f1888c42263dac5547622ebd4cc"><code>a68b42e</code></a> List of value classes in Kotlin. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a></li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/95fa3bbb71859e428092034efbb3deae9bf4c892"><code>95fa3bb</code></a> Regression: <a href="https://github.com/Header"><code>@Header</code></a>(schema = <a href="https://github.com/Schema"><code>@Schema</code></a>(type = "string")) generates empty or bro...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/3d056d8c55ec3139fc3e2d4a2f0eed7d8384d5f0"><code>3d056d8</code></a> Build Failure due to Private Inner Class. Fixes <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>, <a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a></li> <li>Additional commits viewable in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3a615360a0 |
Bump actions/create-github-app-token from 2.0.5 to 2.0.6 (#3475)
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.5 to 2.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v2.0.6</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.5...v2.0.6">2.0.6</a> (2025-05-03)</h2> <h3>Bug Fixes</h3> <ul> <li>replace <code>-</code> with <code>_</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>) (<a href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5">3336784</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/create-github-app-token/commit/df432ceedc7162793a195dd1713ff69aefc7379e"><code>df432ce</code></a> build(release): 2.0.6 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5"><code>3336784</code></a> fix: replace <code>-</code> with <code>_</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>)</li> <li>See full diff in <a href="https://github.com/actions/create-github-app-token/compare/db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959...df432ceedc7162793a195dd1713ff69aefc7379e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
20f0cf1ac3 |
Bump pdfboxVersion from 3.0.4 to 3.0.5 (#3465)
Bumps `pdfboxVersion` from 3.0.4 to 3.0.5. Updates `org.apache.pdfbox:pdfbox` from 3.0.4 to 3.0.5 Updates `org.apache.pdfbox:preflight` from 3.0.4 to 3.0.5 Updates `org.apache.pdfbox:xmpbox` from 3.0.4 to 3.0.5 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
561d3f4eed |
Bump actions/create-github-app-token from 2.0.2 to 2.0.5 (#3466)
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.2 to 2.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v2.0.5</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.4...v2.0.5">2.0.5</a> (2025-05-02)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump the production-dependencies group with 3 updates (<a href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>) (<a href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905">d64d7d7</a>)</li> </ul> <h2>v2.0.4</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4">2.0.4</a> (2025-05-02)</h2> <h3>Bug Fixes</h3> <ul> <li>permission input handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>) (<a href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5">2950cbc</a>)</li> </ul> <h2>v2.0.3</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.3">2.0.3</a> (2025-05-01)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>README:</strong> use <code>v2</code> in examples (<a href="https://redirect.github.com/actions/create-github-app-token/issues/234">#234</a>) (<a href="https://github.com/actions/create-github-app-token/commit/9ba274d954c9af64fbf4cec63082d0e3f57e9b5f">9ba274d</a>), closes <a href="https://redirect.github.com/actions/create-github-app-token/issues/232">#232</a></li> <li>use <code>core.getBooleanInput()</code> to retrieve boolean input values (<a href="https://redirect.github.com/actions/create-github-app-token/issues/223">#223</a>) (<a href="https://github.com/actions/create-github-app-token/commit/c3c17c79ccedec31f588e88d6ad5ff9036afe580">c3c17c7</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/create-github-app-token/commit/db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959"><code>db3cdf4</code></a> build(release): 2.0.5 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905"><code>d64d7d7</code></a> fix(deps): bump the production-dependencies group with 3 updates (<a href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/1b6f53e48e3bd5e9fbd610599fc41fca986c51e9"><code>1b6f53e</code></a> build(deps-dev): bump the development-dependencies group across 1 directory w...</li> <li><a href="https://github.com/actions/create-github-app-token/commit/061a84d5f55008a6dfb441735e1568fcb8da8b50"><code>061a84d</code></a> build(deps-dev): bump <code>@octokit/openapi</code> from 18.2.0 to 19.0.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/242">#242</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/c8f34a61a85667dfbbbc74c5468935fc8a369720"><code>c8f34a6</code></a> build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in...</li> <li><a href="https://github.com/actions/create-github-app-token/commit/4821f52fa7a8e45784f1d99cdb1c27bec9f00720"><code>4821f52</code></a> build(release): 2.0.4 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5"><code>2950cbc</code></a> fix: permission input handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/30bf6253fa41bdc8d1501d202ad15287582246b4"><code>30bf625</code></a> build(release): 2.0.3 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/c3c17c79ccedec31f588e88d6ad5ff9036afe580"><code>c3c17c7</code></a> fix: use <code>core.getBooleanInput()</code> to retrieve boolean input values (<a href="https://redirect.github.com/actions/create-github-app-token/issues/223">#223</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/9ba274d954c9af64fbf4cec63082d0e3f57e9b5f"><code>9ba274d</code></a> fix(README): use <code>v2</code> in examples (<a href="https://redirect.github.com/actions/create-github-app-token/issues/234">#234</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/create-github-app-token/compare/3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5...db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e239bbf89a |
Bump github/codeql-action from 3.28.16 to 3.28.17 (#3467)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.28.17</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> <li>Update default CodeQL bundle version to 2.20.7. <a href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li> </ul> <h2>3.28.11 - 07 Mar 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.6. <a href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li> </ul> <h2>3.28.10 - 21 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.5. <a href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li> <li>Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. <a href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li> </ul> <h2>3.28.9 - 07 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li> </ul> <h2>3.28.8 - 29 Jan 2025</h2> <ul> <li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. <a href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/60168efe1c415ce0f5521ea06d5c2062adbeed1b"><code>60168ef</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2886">#2886</a> from github/update-v3.28.17-97a2bfd2a</li> <li><a href="https://github.com/github/codeql-action/commit/0d5a3115da6459f8ab4333164184f8292c0c7a7f"><code>0d5a311</code></a> Update changelog for v3.28.17</li> <li><a href="https://github.com/github/codeql-action/commit/97a2bfd2a3d26d458da69e548f7f859d6fca634d"><code>97a2bfd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2872">#2872</a> from github/update-bundle/codeql-bundle-v2.21.2</li> <li><a href="https://github.com/github/codeql-action/commit/9aba20e4c91fd8c3a71d5ab2bdeba0da11713864"><code>9aba20e</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li> <li><a href="https://github.com/github/codeql-action/commit/81a9508deb02898c1a7be79bd5b49bb0ab9c787e"><code>81a9508</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2876">#2876</a> from github/henrymercer/fix-diff-informed-multiple-a...</li> <li><a href="https://github.com/github/codeql-action/commit/1569f4c145413fbce7d6573c6ee9212d2612d27f"><code>1569f4c</code></a> Disable diff-informed queries in code scanning config tests</li> <li><a href="https://github.com/github/codeql-action/commit/62fbeb66b359bfbdec7d4d96af8f68aece59b4db"><code>62fbeb6</code></a> Merge branch 'main' into henrymercer/fix-diff-informed-multiple-analyze</li> <li><a href="https://github.com/github/codeql-action/commit/f122d1dc9eb83b12dc16b38495b667a2dddfa6f9"><code>f122d1d</code></a> Address test failures from computing temporary directory too early</li> <li><a href="https://github.com/github/codeql-action/commit/083772aae48a3be5654921bb6e6ccb00e0e1d563"><code>083772a</code></a> Do not fail diff informed analyses when <code>analyze</code> is run twice in the same job</li> <li><a href="https://github.com/github/codeql-action/commit/5db14d0471303d6eee1e2a51393f5ae1669b6703"><code>5db14d0</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...60168efe1c415ce0f5521ea06d5c2062adbeed1b">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9635e573d8 |
Bump gradle from 8.13-jdk21 to 8.14-jdk21 (#3439)
Bumps gradle from 8.13-jdk21 to 8.14-jdk21. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ffb8e98dcd |
Bump springBootVersion from 3.4.4 to 3.4.5 (#3440)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `springBootVersion` from 3.4.4 to 3.4.5. Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-web's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-jetty's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-thymeleaf's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-security` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-security's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-data-jpa` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-data-jpa's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-oauth2-client's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-test's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li> <li>MessageSourceMessageInterpolator does not replace a parameter when the message matches its code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li> <li>IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li> <li>OAuth2AuthorizationServerJwtAutoConfiguration uses <code>@ConditionalOnClass</code> incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li> <li>MongoDB's dependency management is missing Kotlin coroutine driver modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li> <li>ImagePlatform can cause "OS must not be empty" IllegalArgumentException <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li> <li>TypeUtils does not handle generics with identical names in different positions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li> <li>HttpClient5 5.4.3 breaks local Docker transport <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li> <li>spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li> <li>Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li> <li>DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li> <li>SSL config does not watch for symlink file changes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li> <li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li> <li>DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li> <li>JsonValueWriter can throw StackOverflowError on deeply nested items <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li> <li>In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li> <li>Logging a Path object using structured logging throws StackOverflowError <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Make <code>@Component</code> a javadoc link <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li> <li>Fix documentation links to buildpacks.io <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li> <li>Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li> <li>Show the use of token properties in authorization server clients configuration example <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li> <li>Add details of the purpose of the metrics endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li> <li>Escape the asterisk in spring-application.adoc <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li> <li>Add reference to Styra (OPA) Spring Boot SDK <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li> <li>Update CDS documentation to cover AOTCache <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li> <li>WebFlux security documentation incorrectly links to servlet classes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li> <li>Replace mentions of deprecated MockBean annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li> <li>TaskExecution documentation should describe what happens when multiple Executor beans are present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li> <li>Documentation lists coordinates for some dependencies that are not actually managed <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li> <li>Polish javadoc of SpringProfileAction <a href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to AspectJ 1.9.24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li> <li>Upgrade to Couchbase Client 3.7.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li> <li>Upgrade to Hibernate 6.6.13.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li> <li>Upgrade to HttpClient5 5.4.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li> <li>Upgrade to HttpCore5 5.3.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li> <li>Upgrade to Jaybird 5.0.7.java11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li> <li>Upgrade to Jetty 12.0.19 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li> <li>Upgrade to jOOQ 3.19.22 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li> <li>Upgrade to Lombok 1.18.38 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a> Release v3.4.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a> Next development version (v3.3.12-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a> Revert "Upgrade to Netty 4.1.120.Final"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a> Upgrade to Netty 4.1.120.Final</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a> Merge branch '3.3.x' into 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a> Fix potential null problem in actuator</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.4.4 to 3.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-actuator's releases</a>.</em></p> <blockquote> <h2>v3.4.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Spring Boot with native image container image build fails on podman due to directory permissions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li> <li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are available <a href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li> <li>Wrong jOOQ exception translator with empty db name <a href="ht... _Description has been truncated_ Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |