Commit Graph
100 Commits
Author SHA1 Message Date
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
406695e167 Bump step-security/harden-runner from 2.12.0 to 2.12.1 (#3728)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.12.0 to 2.12.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Detection capabilities have been upgraded to better recognize
attempts at runner tampering. These improvements are informed by
real-world incident learnings, including analysis of anomalous behaviors
observed in the tj-actions and reviewdog supply chain attack.</li>
<li>Resolved an issue where the block policy was not enforced correctly
when the GitHub Actions job was running inside a container on a
self-hosted VM runner.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.1">https://github.com/step-security/harden-runner/compare/v2...v2.12.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/002fdce3c6a235733a90a27c80493a3241e56863"><code>002fdce</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/544">#544</a>
from step-security/rc-21</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/2489e3fcb3d00eac3cb27c9b490431a4d26eac58"><code>2489e3f</code></a>
Merge branch 'main' into rc-21</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/75dd441a816c3c7ea21313ec8ff21d9f7b69f534"><code>75dd441</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/555">#555</a>
from step-security/dependabot/github_actions/step-sec...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4381ace9c4db180c9cc8ff9a6dd4220f17a95690"><code>4381ace</code></a>
Bump step-security/publish-unit-test-result-action from 2.19.0 to
2.20.0</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/a9da90b635b492e68edb2a24949fcab1e313e9eb"><code>a9da90b</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/553">#553</a>
from h0x0er/feat/container-workflows</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/a60ef21c0c1f49c7ac6c8d65b6f4d16d419789c1"><code>a60ef21</code></a>
update</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4ad512f16553ff1c022684cc96be0329a7618db8"><code>4ad512f</code></a>
Merge branch 'rc-21' into feat/container-workflows</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6b41a3923518db2abe77790e47793760b5c47c28"><code>6b41a39</code></a>
fixed test case</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/fa70c45ca9a73bcef023a3e6afac49ffa3007480"><code>fa70c45</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/eb47845632e48a7532e7e363ba78b9bc48c09264"><code>eb47845</code></a>
self-hosted: refactored block-policy apply logic</li>
<li>Additional commits viewable in <a
href="https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...002fdce3c6a235733a90a27c80493a3241e56863">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.12.0&new-version=2.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 23:31:27 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5534f4b64a Bump io.swagger.core.v3:swagger-core-jakarta from 2.2.32 to 2.2.33 (#3734)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.32 to 2.2.33.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.swagger.core.v3:swagger-core-jakarta&package-manager=gradle&previous-version=2.2.32&new-version=2.2.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 23:30:56 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
e74dbf391c Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.8 to 2.8.9 (#3733)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi)
from 2.8.8 to 2.8.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's
releases</a>.</em></p>
<blockquote>
<h2>springdoc-openapi v2.8.9 released!</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for <a
href="https://github.com/Positive"><code>@​Positive</code></a> by <a
href="https://github.com/mpleine"><code>@​mpleine</code></a> in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3001">springdoc/springdoc-openapi#3001</a></li>
<li>Fixes for Spring Boot 3.5.0 API by <a
href="https://github.com/mschout"><code>@​mschout</code></a> in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3007">springdoc/springdoc-openapi#3007</a></li>
<li>feat: type-use for method parameters by <a
href="https://github.com/mymx2"><code>@​mymx2</code></a> in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3011">springdoc/springdoc-openapi#3011</a></li>
</ul>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Support for <a
href="https://github.com/Positive"><code>@​Positive</code></a></li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3011">#3011</a>
- type-use for method parameters</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade spring-boot to version 3.5.0</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a>
- application/problem+json content type is not set for
ProblemDetails</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2990">#2990</a>
- Issues with POST Request, application/x-www-form-urlencoded and only
one parameter</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2998">#2998</a>
- io.swagger.v3.oas.annotations.Webhook does not work when defined on
the method level</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a>
- Order of examples is (sometimes) not preserved</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mpleine"><code>@​mpleine</code></a> made
their first contribution in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3001">springdoc/springdoc-openapi#3001</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9">https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's
changelog</a>.</em></p>
<blockquote>
<h2>[2.8.9] - 2025-06-10</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Support for <a
href="https://github.com/Positive"><code>@​Positive</code></a></li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3011">#3011</a>
- type-use for method parameters</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade spring-boot to version 3.5.0</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a>
- application/problem+json content type is not set for
ProblemDetails</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2990">#2990</a>
- Issues with POST Request, application/x-www-form-urlencoded and only
one
parameter</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2998">#2998</a>
- io.swagger.v3.oas.annotations.Webhook does not work when defined on
the method
level</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a>
- Order of examples is (sometimes) not preserved</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/830a98a0deef6d4758513e61a420433b3bc7c6c4"><code>830a98a</code></a>
[maven-release-plugin] prepare release v2.8.9</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/976d8eccea8d99e8d5767073387f1053379d16b6"><code>976d8ec</code></a>
docs update</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/1ebf9b82a57ff05992c6a69a0306cd079cf8c86d"><code>1ebf9b8</code></a>
Order of examples is (sometimes) not preserved. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3012">#3012</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/10fd6ddf9e6fe2bec93425e74343b75a8a46f332"><code>10fd6dd</code></a>
io.swagger.v3.oas.annotations.Webhook does not work when defined on the
metho...</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/31ed191c1f530478ec2b4879a87fe94e0816a180"><code>31ed191</code></a>
Issues with POST Request, application/x-www-form-urlencoded and only one
para...</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/ceb4a10080f24755ac7cdef9707c7a3acfe3fc3b"><code>ceb4a10</code></a>
application/problem+json content type is not set for ProblemDetails.
Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2982">#2982</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/a23005bc5f3d9282c04f9f6cfba4d6b1ce91a0b8"><code>a23005b</code></a>
Merge branch 'mymx2-feat/type-use'</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/290162f58b9e290089f40f2bdb251babeb27151e"><code>290162f</code></a>
code review</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/9f05020341f745c8eb4140306bec606201f6d282"><code>9f05020</code></a>
Merge branch 'mschout-spring-boot-3.5-support'</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/6111073e41bb61bfbc76f580097fd120ff17b154"><code>6111073</code></a>
code review</li>
<li>Additional commits viewable in <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.8...v2.8.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springdoc:springdoc-openapi-starter-webmvc-ui&package-manager=gradle&previous-version=2.8.8&new-version=2.8.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 23:30:39 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3804dd3988 Bump com.opencsv:opencsv from 5.11 to 5.11.1 (#3630)
Bumps com.opencsv:opencsv from 5.11 to 5.11.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.opencsv:opencsv&package-manager=gradle&previous-version=5.11&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 23:30:21 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d219198b9b Bump org.postgresql:postgresql from 42.7.5 to 42.7.6 (#3667)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from
42.7.5 to 42.7.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's
releases</a>.</em></p>
<blockquote>
<h2>v42.7.6</h2>
<h2>Changes</h2>
<ul>
<li>Prepare release notes for release 42_7_6 (new format) <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li>
<li>fix: isValid incorrectly called execute, instead of executeWithFlags
fixes Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>
<a href="https://github.com/davecramer"><code>@​davecramer</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>)</li>
<li>add override <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li>
<li>add the ability to turn off automatic LSN flush <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li>
<li>test: add tests with reWriteBatchedInserts=true <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>)</li>
<li>test: add CI executions with adaptive_fetch=true by default <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>)</li>
<li>test: simplify TestUtil.openDB, add tests with various
assumeMinServerVersion values <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3614">#3614</a>)</li>
<li>Deprecate group startup parms <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>)</li>
<li>Add back application name setting <a
href="https://github.com/joejensen"><code>@​joejensen</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>)</li>
<li>Copr: Use Java 21 as the build dependency <a
href="https://github.com/mkoncek"><code>@​mkoncek</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>)</li>
<li>fix indentation of return child to allow built pass in Checkstyle's
CIs <a href="https://github.com/mohitsatr"><code>@​mohitsatr</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3611">#3611</a>)</li>
<li>Set column name explicitely when using
<code>current_database()</code> in queries <a
href="https://github.com/kneth"><code>@​kneth</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>)</li>
<li>add PgMessageType and use static variables for protocol literals <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>)</li>
<li>Handle protocol 3.2 and wider cancel keys. <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>)</li>
<li>refactor empty resultset to use empty result set if the catalog is
not correct <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>)</li>
<li>Use query to find the current catalog instead of relying on the
database in the connection URL or connection properties as this could be
different if connected through a pooler or proxy <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>)</li>
<li>ci: add Java 24 tests <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>)</li>
<li>docs: Relabel 42.7.4 as past version as it is no longer the latest
<a href="https://github.com/sehrope"><code>@​sehrope</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3586">#3586</a>)</li>
<li>test: remove stale logging message from SslTest <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>)</li>
<li>chore: appply the latest byte-buddy version for tests so we support
the latest Java versions <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>)</li>
<li>fix: make PgConnection#abort compatible with Java 24 <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>)</li>
<li>chore(deps): update plugin com.github.burrunan.s3-build-cache to
v1.8.5 <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3573">#3573</a>)</li>
<li>Fix JavadocTagContinuationIndentation in
AfterBeforeParameterResolver <a
href="https://github.com/Anmol202005"><code>@​Anmol202005</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3566">#3566</a>)</li>
<li>Revert &quot;use in row values instead of union all (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)&quot;
<a href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3524">#3524</a>)</li>
<li>use in row values instead of union all <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)</li>
<li>feat: enhanced DatabaseMetadata.getIndexInfo() method, added index
comment as REMARKS property <a
href="https://github.com/raminorujov"><code>@​raminorujov</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>)</li>
<li>Nit: correct message in main.yml test action <a
href="https://github.com/ecki"><code>@​ecki</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3503">#3503</a>)</li>
<li>chore: use import instead of require to support modern NodeJS <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3502">#3502</a>)</li>
<li>chore: use PostgreSQL 17 rather than 17rc1 for CI tests <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>)</li>
<li>chore: add ErrorProne verification to catch bugs ealier <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>)</li>
<li>fix: ArrayIndexOutOfBounds when write big object into GSS enabled
connection, make GSSInputStream robust in face of streams that produce
incomplete reads <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>)</li>
<li>refactor: factor out duplicated .getBytes() when converting
date/time to Date/Time/Timestamp <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3497">#3497</a>)</li>
<li>chore: exclude Oracle Java 17 from CI tests <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3499">#3499</a>)</li>
<li>chore: remove unused Travis CI configuration <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3498">#3498</a>)</li>
<li>Undeprecate sslfactoryarg connection property <a
href="https://github.com/sehrope"><code>@​sehrope</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>)</li>
<li>fix:Fix sending extra_float_digits <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>fix: EOFException on PreparedStatement#toString with unset bytea
parameter since 42.7.4 <a
href="https://github.com/MrEasy"><code>@​MrEasy</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3369">#3369</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>chore: use Java 21 for building pgjdbc by default <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>)</li>
</ul>
<h2>⬆️ Dependencies</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's
changelog</a>.</em></p>
<blockquote>
<h2>[42.7.6]</h2>
<h4>Features</h4>
<ul>
<li>fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index
comment as REMARKS property [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3513">pgjdbc/pgjdbc#3513</a>)</li>
</ul>
<h3>Performance Improvements</h3>
<ul>
<li>performance: Improve ResultSetMetadata.fetchFieldMetaData by using
IN row values instead of UNION ALL for improved query performance (later
reverted) [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3510">pgjdbc/pgjdbc#3510</a>)</li>
<li>feat:Use a single simple query for all startup parameters, so
groupStartupParameters is no longer needed [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3613">pgjdbc/pgjdbc#3613</a>)</li>
<li></li>
</ul>
<h2>Bug Fixes</h2>
<h3>Protocol &amp; Connection Handling</h3>
<ul>
<li>fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3491">pgjdbc/pgjdbc#3491</a>)</li>
<li>fix: Fixed handling of protocol 3.2 and wider cancel keys [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3592">pgjdbc/pgjdbc#3592</a>)</li>
<li>fix: Made PgConnection#abort compatible with Java 24 [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3582">pgjdbc/pgjdbc#3582</a>)</li>
<li>fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS
enabled connections [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3500">pgjdbc/pgjdbc#3500</a>)</li>
<li>fix: Added back application name setting [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3509">pgjdbc/pgjdbc#3509</a>)</li>
</ul>
<h3>Metadata &amp; Catalog Handling</h3>
<ul>
<li>fix: Set column name explicitly when using current_database() in
queries [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3526">pgjdbc/pgjdbc#3526</a>)</li>
<li>fix: Use query to find the current catalog instead of relying on the
database in the connection URL [pull <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3565">pgjdbc/pgjdbc#3565</a>)</li>
<li>fix: Refactored empty resultset to use empty result set if the
catalog is not correct [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3588">pgjdbc/pgjdbc#3588</a>)</li>
</ul>
<h3>API Improvements</h3>
<ul>
<li>fix: Undeprecated Fastpath API and fixed deprecation warnings [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
<li>fix: Undeprecated sslfactoryarg [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3496">pgjdbc/pgjdbc#3496</a>)</li>
<li>fix: Added PgMessageType and used static variables for protocol
literals [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3609">pgjdbc/pgjdbc#3609</a>)</li>
<li>fix: Add the ability to turn off automatic LSN flush [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3403">pgjdbc/pgjdbc#3403</a>)</li>
<li>fix: isValid incorrectly called execute, instead of executeWithFlags
[PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3631">pgjdbc/pgjdbc#3631</a>).
Fixes [Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">pgjdbc/pgjdbc#3630</a>)</li>
<li>fix: EOFException on PreparedStatement#toString with unset bytea
parameter since 42.7.4 <a
href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98">Commit
0a88ea4</a>. Fixes [Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">#3365</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">pgjdbc/pgjdbc#3365</a>)</li>
</ul>
<h2>Infrastructure &amp; Build Improvements</h2>
<h3>Java Support</h3>
<ul>
<li>update: Updated to use Java 21 for building pgjdbc by default [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3612">pgjdbc/pgjdbc#3612</a>)</li>
<li>update: Updated Java 21 as the build dependency for copr [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3607">pgjdbc/pgjdbc#3607</a>)</li>
<li>update: Updated latest JDK to version 24 [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3580">pgjdbc/pgjdbc#3580</a>)</li>
<li>update: Applied the latest byte-buddy version for tests to support
the latest Java versions [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3583">pgjdbc/pgjdbc#3583</a>)</li>
</ul>
<h3>Testing &amp; Quality</h3>
<ul>
<li>test: Added ErrorProne verification to detect bugs earlier [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
<li>test: Simplified TestUtil.openDB, added tests with various
assumeMinServerVersion values [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3624">#3624</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3614">pgjdbc/pgjdbc#3614</a>)</li>
<li>test: Updated to use PostgreSQL 17 rather than 17rc1 for CI tests
[PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3501">pgjdbc/pgjdbc#3501</a>)</li>
<li>test: Removed stale logging message from SslTest [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3584">pgjdbc/pgjdbc#3584</a>)</li>
<li>test: Added CI executions with adaptive_fetch=true by default for
performance testing [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3615">pgjdbc/pgjdbc#3615</a>)</li>
<li>test: Added tests with reWriteBatchedInserts=true [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3616">pgjdbc/pgjdbc#3616</a>)</li>
</ul>
<h3>Code Quality</h3>
<ul>
<li>doc: Fixed javadoc warnings [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/689708f96d446993cd264cbf5bd5696a726cf8b7"><code>689708f</code></a>
Prepare release notes for release 42_7_6 (new format) (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98"><code>0a88ea4</code></a>
fix: EOFException on PreparedStatement#toString with unset bytea
parameter si...</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/2de9b943c693c745ea9280444d72b408165caa11"><code>2de9b94</code></a>
fix: make sure Connection.isValid correctly uses executeWithFlags fixes
Issu...</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/d9e20874590f59543c39a99b824e09344f00a813"><code>d9e2087</code></a>
add override (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/665b27b8656c8288d9d6c1f8e8d6a7072c238d64"><code>665b27b</code></a>
add the ability to turn off automatic LSN flush (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/253c68243c9794644d3cbd9d61b4505b9d079ea5"><code>253c682</code></a>
chore(deps): update burrunan/gradle-cache-action action to v3</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/2d1ae0cbd44660a9d172c9b4a90e16e198f43d43"><code>2d1ae0c</code></a>
chore(deps): update plugin com.gradle.develocity to v4</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/baeb89321b26a1a13d430d50ed1102ba80bff183"><code>baeb893</code></a>
fix(deps): update dependency
org.openrewrite.rewrite:org.openrewrite.rewrite....</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/e24d599952af46cca3c03ced4f574c7e205bdda0"><code>e24d599</code></a>
fix(deps): update dependency com.google.errorprone:error_prone_core to
v2.38.0</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/1617c68d510b86cd5500b0e9d1a1427156bffcbf"><code>1617c68</code></a>
fix(deps): update dependency
net.ltgt.errorprone:net.ltgt.errorprone.gradle.p...</li>
<li>Additional commits viewable in <a
href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.5...REL42.7.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.postgresql:postgresql&package-manager=gradle&previous-version=42.7.5&new-version=42.7.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:15:12 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4cb0caaee1 Bump io.micrometer:micrometer-core from 1.14.6 to 1.15.1 (#3671)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer)
from 1.14.6 to 1.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's
releases</a>.</em></p>
<blockquote>
<h2>1.15.1</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>IndexProviderFactory throws ConcurrentModificationException <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6243">#6243</a></li>
<li>Make InstrumentationVerificationTests compatible with JUnit 5.13 and
earlier versions <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6344">#6344</a></li>
<li>gRPC client interceptor incorrectly registers status CANCELLED as
error <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6261">#6261</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump software.amazon.awssdk:cloudwatch from 2.31.41 to 2.31.58 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6372">#6372</a></li>
<li>Bump com.netflix.spectator:spectator-reg-atlas from 1.8.12 to 1.8.14
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6336">#6336</a></li>
<li>Bump dropwizard-metrics from 4.2.30 to 4.2.32 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6307">#6307</a></li>
<li>Bump io.prometheus:prometheus-metrics-bom from 1.3.7 to 1.3.8 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6306">#6306</a></li>
<li>Bump io.prometheus:prometheus-metrics-bom from 1.3.6 to 1.3.7 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6241">#6241</a></li>
</ul>
<h2>📝 Tasks</h2>
<ul>
<li>Remove AtomicReference from StatsdMeterRegistryTest <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6311">#6311</a></li>
<li>Remove java11Test setup from micrometer-test <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6293">#6293</a></li>
<li>Polish StatsD line builders <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6285">#6285</a></li>
<li>Improve StatsD tests <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6284">#6284</a></li>
<li>Resolve StringSplitter from Error Prone <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6271">#6271</a></li>
<li>Resolve EqualsGetClass from Error Prone <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6263">#6263</a></li>
<li>Resolve ClassCanBeStatic from Error Prone <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6253">#6253</a></li>
<li>Resolve InlineFormatString from Error Prone <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6232">#6232</a></li>
<li>Add more tests for TimedHandler <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6227">#6227</a></li>
<li>Replace TimeUtils usage to TimeUnit where applicable <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6224">#6224</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/izeye"><code>@​izeye</code></a>, <a
href="https://github.com/kwondh5217"><code>@​kwondh5217</code></a>, <a
href="https://github.com/cfredri4"><code>@​cfredri4</code></a>, and <a
href="https://github.com/ngocnhan-tran1996"><code>@​ngocnhan-tran1996</code></a></p>
<h2>1.15.0</h2>
<h2> New Features</h2>
<ul>
<li>Further enhancement to OtlpMetricsSender <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6025">#6025</a></li>
<li>Make Prometheus Metric and Label naming conventions consistent <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5923">#5923</a></li>
<li>Metrics for Executors.newVirtualThreadPerTaskExecutor() <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5488">#5488</a></li>
<li>Metrics for live virtual threads <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5950">#5950</a></li>
<li>More flexible OTLP per meter configuration <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6099">#6099</a></li>
<li>Prometheus/OpenMetrics <code>_created</code> timestamp <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/2625">#2625</a></li>
<li>Make jvm.classes.unloaded description generic <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5745">#5745</a></li>
<li>Use String.toLowerCase()/toUpperCase() with Locale.ROOT consistently
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5711">#5711</a></li>
<li>Use failWithActualExpectedAndMessage() where possible <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5696">#5696</a></li>
<li>Provide target host/port info in ObservationExecChainHandler when
HttpHostConnectException is thrown <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5615">#5615</a></li>
<li>Enable Gauge builders to take a subclass of Number <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5601">#5601</a></li>
<li>micrometer-observation-test support for assertions on events <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5576">#5576</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/315a851d7cffac0fc6dc1e36dedde4a00999f171"><code>315a851</code></a>
Merge branch '1.14.x' into 1.15.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/17ff40ba6028202305caff45ab143d13bc0c32a2"><code>17ff40b</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/606afafe2f9e6b6ee6f5be9335089e9635622d46"><code>606afaf</code></a>
Resolve StringSplitter from Error Prone (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6271">#6271</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/0bfe23baef6de29449f6dc1362c058e742b1cdc0"><code>0bfe23b</code></a>
Merge branch '1.14.x' into 1.15.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/aa61a2cafa16e2a70eb3acd6970012a493bb1684"><code>aa61a2c</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/b1c5697c4726ab679cb573343af9b584284b05f1"><code>b1c5697</code></a>
Migrate to gradle/actions/wrapper-validation@v4</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/f5ad95f06a5910bd633f2e55953355149879be8b"><code>f5ad95f</code></a>
Bump software.amazon.awssdk:cloudwatch from 2.31.57 to 2.31.58 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6372">#6372</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/ec25823593f46ff538fbecc596a7bb6c3a4f59b3"><code>ec25823</code></a>
Merge branch '1.14.x' into 1.15.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/046236ea9204afad735e01d3b722783744c0571d"><code>046236e</code></a>
Fix ConcurrentModificationException in Exponential Histogram (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6363">#6363</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/0c56034818a868edefbda9d5d29684cc5fecd419"><code>0c56034</code></a>
Merge branch '1.14.x' into 1.15.x</li>
<li>Additional commits viewable in <a
href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.15.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.6&new-version=1.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:14:44 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
e1fc94929d Bump org.apache.xmlgraphics:batik-all from 1.18 to 1.19 (#3672)
Bumps org.apache.xmlgraphics:batik-all from 1.18 to 1.19.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.xmlgraphics:batik-all&package-manager=gradle&previous-version=1.18&new-version=1.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:14:28 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
a2db47d3af Bump bouncycastleVersion from 1.80 to 1.81 (#3673)
Bumps `bouncycastleVersion` from 1.80 to 1.81.
Updates `org.bouncycastle:bcprov-jdk18on` from 1.80 to 1.81
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's
changelog</a>.</em></p>
<blockquote>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!--
raw HTML omitted --><!-- raw HTML omitted -->
Release: 1.81<!-- raw HTML omitted -->
Date:      2025, 4th June.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/bcgit/bc-java/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.81
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcpkix-jdk18on's
changelog</a>.</em></p>
<blockquote>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!--
raw HTML omitted --><!-- raw HTML omitted -->
Release: 1.81<!-- raw HTML omitted -->
Date:      2025, 4th June.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/bcgit/bc-java/commits">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:14:13 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
0ca23e6835 Bump io.swagger.core.v3:swagger-core-jakarta from 2.2.30 to 2.2.32 (#3669)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.30 to 2.2.32.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.swagger.core.v3:swagger-core-jakarta&package-manager=gradle&previous-version=2.2.30&new-version=2.2.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:14:03 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
06db69ed91 Bump github/codeql-action from 3.28.18 to 3.28.19 (#3666)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.18 to 3.28.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.19</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/fca7ace96b7d713c7035871441bd52efbe39e27e"><code>fca7ace</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2918">#2918</a>
from github/update-v3.28.19-4a00331d4</li>
<li><a
href="https://github.com/github/codeql-action/commit/1dcd2bebbb31e92a94fd28ed1885b2e6331afdd3"><code>1dcd2be</code></a>
Update changelog for v3.28.19</li>
<li><a
href="https://github.com/github/codeql-action/commit/4a00331d4ecf79a214751520faf8e540e60c7567"><code>4a00331</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2910">#2910</a>
from github/update-bundle/codeql-bundle-v2.21.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/c0a821da119108a26c647de84b1e6a857fda1279"><code>c0a821d</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/d6216866b42d1cb95b8942447efe91161628ccfd"><code>d621686</code></a>
Update default bundle to codeql-bundle-v2.21.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/dc138d4f519ecc58013d8fcef428272e2436cafd"><code>dc138d4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2913">#2913</a>
from github/henrymercer/win-2019-deprecated</li>
<li><a
href="https://github.com/github/codeql-action/commit/3201e46e2615110190ca536fbf1280ccc7f3a247"><code>3201e46</code></a>
Stop running CI on <code>windows-2019</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/7fd62151d9daff11d4b981415ffb365dcd93f75a"><code>7fd6215</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2911">#2911</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/31eae5e821e97c8b2903ca297cc8894bd9b609fb"><code>31eae5e</code></a>
Update supported GitHub Enterprise Server versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/bc02a25f6449997c5e9d5a368879b28f56ae19a1"><code>bc02a25</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2908">#2908</a>
from github/henrymercer/dependabot</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...fca7ace96b7d713c7035871441bd52efbe39e27e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.18&new-version=3.28.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:13:53 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c66bf56260 Bump requests from 2.32.3 to 2.32.4 in /testing/cucumber in the pip group across 1 directory (#3674)
Bumps the pip group with 1 update in the /testing/cucumber directory:
[requests](https://github.com/psf/requests).

Updates `requests` from 2.32.3 to 2.32.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.32.4</h2>
<h2>2.32.4 (2025-06-10)</h2>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and
trusted
environment will retrieve credentials for the wrong hostname/machine
from a
netrc file. (<a
href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Numerous documentation improvements</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Added support for pypy 3.11 for Linux and macOS. (<a
href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li>
<li>Dropped support for pypy 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.32.4 (2025-06-10)</h2>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and
trusted
environment will retrieve credentials for the wrong hostname/machine
from a
netrc file.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Numerous documentation improvements</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Added support for pypy 3.11 for Linux and macOS.</li>
<li>Dropped support for pypy 3.9 following its end of support.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a>
Polish up release tooling for last manual release</li>
<li><a
href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a>
Bump version and add release notes for v2.32.4</li>
<li><a
href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a>
Add netrc file search information to authentication documentation (<a
href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a>
Add more tests to prevent regression of CVE 2024 47081</li>
<li><a
href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a>
Add new test to check netrc auth leak (<a
href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a>
Only use hostname to do netrc lookup instead of netloc</li>
<li><a
href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6951">#6951</a>
from tswast/patch-1</li>
<li><a
href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a>
remove links</li>
<li><a
href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a>
Update docs/conf.py</li>
<li><a
href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a>
docs: fix dead links to kenreitz.org</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.3&new-version=2.32.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 18:04:54 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3cc3037408 Bump me.friwi:jcefmaven from 132.3.1 to 135.0.20 (#3548)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [me.friwi:jcefmaven](https://github.com/jcefmaven/jcefmaven) from
132.3.1 to 135.0.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jcefmaven/jcefmaven/releases">me.friwi:jcefmaven's
releases</a>.</em></p>
<blockquote>
<h2>JCEF Maven 135.0.20</h2>
<p><strong>Update JCEF to <a
href="https://bitbucket.org/chromiumembedded/java-cef/commits/ca49ada5c7e3fc98cd7058b6253b59f967530a65">ca49ada</a></strong></p>
<p>Build: [GitHub Actions <a
href="https://redirect.github.com/jcefmaven/jcefmaven/issues/94">#94</a>](<a
href="https://github.com/jcefmaven/jcefmaven/actions/runs/15018447852">https://github.com/jcefmaven/jcefmaven/actions/runs/15018447852</a>)
MVN version: 135.0.20
JCEF commit: ca49ada
CEF version: 135.0.20+ge7de5c3+chromium-135.0.7049.85</p>
<p><strong>Use with Maven:</strong></p>
<pre><code>&lt;dependency&gt;
    &lt;groupId&gt;me.friwi&lt;/groupId&gt;
    &lt;artifactId&gt;jcefmaven&lt;/artifactId&gt;
    &lt;version&gt;135.0.20&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<!-- raw HTML omitted -->
<h5>Linux AMD64</h5>
<pre><code>&lt;dependency&gt;
    &lt;groupId&gt;me.friwi&lt;/groupId&gt;
    &lt;artifactId&gt;jcef-natives-linux-amd64&lt;/artifactId&gt;

&lt;version&gt;jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h5>Linux ARM</h5>
<pre><code>&lt;dependency&gt;
    &lt;groupId&gt;me.friwi&lt;/groupId&gt;
    &lt;artifactId&gt;jcef-natives-linux-arm&lt;/artifactId&gt;

&lt;version&gt;jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h5>Linux ARM64</h5>
<pre><code>&lt;dependency&gt;
    &lt;groupId&gt;me.friwi&lt;/groupId&gt;
    &lt;artifactId&gt;jcef-natives-linux-arm64&lt;/artifactId&gt;

&lt;version&gt;jcef-ca49ada+cef-135.0.20+ge7de5c3+chromium-135.0.7049.85&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h5>Macosx AMD64</h5>
<pre><code>&lt;dependency&gt;
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jcefmaven/jcefmaven/commit/91b0aca9c0fbe76cd9df609aa6f10230dddf54c6"><code>91b0aca</code></a>
Update README.md to 135.0.20</li>
<li>See full diff in <a
href="https://github.com/jcefmaven/jcefmaven/compare/132.3.1...135.0.20">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=me.friwi:jcefmaven&package-manager=gradle&previous-version=132.3.1&new-version=135.0.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 20:09:42 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
70a9b5f009 Bump jakarta.servlet:jakarta.servlet-api from 6.0.0 to 6.1.0 (#3631)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[jakarta.servlet:jakarta.servlet-api](https://github.com/eclipse-ee4j/servlet-api)
from 6.0.0 to 6.1.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/eclipse-ee4j/servlet-api/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jakarta.servlet:jakarta.servlet-api&package-manager=gradle&previous-version=6.0.0&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 20:09:22 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b08bc191fc Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.6 to 2.8.8 (#3628)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi)
from 2.8.6 to 2.8.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.8</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8">https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8</a></p>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a>
- Handle projects not using kotlin-reflect <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
</ul>
<h2>springdoc-openapi v2.8.7 released!</h2>
<h2>What's Changed</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Introducing springdoc-openapi-bom project</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a>
- Customize Servers via application.yml</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a>
- Set default content type for problem details object to
application/problem+jso</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a>
- List of value classes in Kotlin</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade swagger-ui to v5.21.0</li>
<li>Upgrade swagger-core to 2.2.30</li>
<li>Upgrade spring-boot to version 3.4.5</li>
<li>Upgrade spring-security-oauth2-authorization-server to version
1.4.3</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a>
- Unexpected warning &quot;Appended trailing slash to static resource
location&quot;</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a>
- NPE when customizing group's open-api without specifying any
schema</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a>
- fix path to register resource handler to work
SwaggerIndexPageTransformer considering /webjar path prefix</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a>
- Cannot add custom description and example for java.time.Duration since
v2.8.6</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a>
- <a href="https://github.com/Header"><code>@​Header</code></a>(schema =
<a href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or broken schema in OpenAPI output
since 2.8.0</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a>
- Build Failure due to Private Inner Class.</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2556">#2556</a>
- Unable to determine if it is a Kotlin type</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lagoshny"><code>@​lagoshny</code></a>
made their first contribution in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2970">springdoc/springdoc-openapi#2970</a></li>
<li><a href="https://github.com/mymx2"><code>@​mymx2</code></a> made
their first contribution in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2950">springdoc/springdoc-openapi#2950</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7">https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's
changelog</a>.</em></p>
<blockquote>
<h2>[2.8.8] - 2025-05-04</h2>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a>
- Handle projects not using kotlin-reflect <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
</ul>
<h2>[2.8.7] - 2025-05-04</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Introducing springdoc-openapi-bom project</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a>
- Customize Servers via application.yml</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a>
- Set default content type for problem details object to
application/problem+jso</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a>
- List of value classes in Kotlin</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade swagger-ui to v5.21.0</li>
<li>Upgrade swagger-core to 2.2.30</li>
<li>Upgrade spring-boot to version 3.4.5</li>
<li>Upgrade spring-security-oauth2-authorization-server to version
1.4.3</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a>
- Unexpected warning &quot;Appended trailing slash to static resource
location&quot;</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a>
- NPE when customizing group's open-api without specifying any
schema</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a>
- fix path to register resource handler to work
SwaggerIndexPageTransformer considering /webjar path prefix</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a>
- Cannot add custom description and example for java.time.Duration since
v2.8.6</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a>
- <a href="https://github.com/Header"><code>@​Header</code></a>(schema =
<a href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or broken schema in OpenAPI output
since 2.8.0</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a>
- Build Failure due to Private Inner Class.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/bce44dbe502cbaeeff6188fe210042859aa0ed54"><code>bce44db</code></a>
[maven-release-plugin] prepare release v2.8.8</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/707fce0271fda0c713c412488247dba4cc32d98c"><code>707fce0</code></a>
Handle projects not using kotlin-reflect. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/7a3546cb733d3ca493b6e622778a97c73b39b04a"><code>7a3546c</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/764ef2fd42040232a7a9280d826ed72a591da3df"><code>764ef2f</code></a>
[maven-release-plugin] prepare release v2.8.7</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/98dacbda5cbdb0a278aa407ddc6aa05c8f23f031"><code>98dacbd</code></a>
Prepare for the next release</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/5eb7d77e55df6b1b4ea1964fb146233f88b71e2d"><code>5eb7d77</code></a>
pom.xml cleanup for <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/9dffa3d7d43e11ee1abfa86c7bf9b1886fc23e11"><code>9dffa3d</code></a>
pom.xml cleanup for <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/a68b42edf1465f1888c42263dac5547622ebd4cc"><code>a68b42e</code></a>
List of value classes in Kotlin. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/95fa3bbb71859e428092034efbb3deae9bf4c892"><code>95fa3bb</code></a>
Regression: <a
href="https://github.com/Header"><code>@​Header</code></a>(schema = <a
href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or bro...</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/3d056d8c55ec3139fc3e2d4a2f0eed7d8384d5f0"><code>3d056d8</code></a>
Build Failure due to Private Inner Class. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a></li>
<li>Additional commits viewable in <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springdoc:springdoc-openapi-starter-webmvc-ui&package-manager=gradle&previous-version=2.8.6&new-version=2.8.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 20:08:06 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d12aca0ca6 Bump org.postgresql:postgresql from 42.7.5 to 42.7.6 (#3629)
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from
42.7.5 to 42.7.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's
releases</a>.</em></p>
<blockquote>
<h2>v42.7.6</h2>
<h2>Changes</h2>
<ul>
<li>Prepare release notes for release 42_7_6 (new format) <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li>
<li>fix: isValid incorrectly called execute, instead of executeWithFlags
fixes Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>
<a href="https://github.com/davecramer"><code>@​davecramer</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>)</li>
<li>add override <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li>
<li>add the ability to turn off automatic LSN flush <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li>
<li>test: add tests with reWriteBatchedInserts=true <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>)</li>
<li>test: add CI executions with adaptive_fetch=true by default <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>)</li>
<li>test: simplify TestUtil.openDB, add tests with various
assumeMinServerVersion values <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3614">#3614</a>)</li>
<li>Deprecate group startup parms <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>)</li>
<li>Add back application name setting <a
href="https://github.com/joejensen"><code>@​joejensen</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>)</li>
<li>Copr: Use Java 21 as the build dependency <a
href="https://github.com/mkoncek"><code>@​mkoncek</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>)</li>
<li>fix indentation of return child to allow built pass in Checkstyle's
CIs <a href="https://github.com/mohitsatr"><code>@​mohitsatr</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3611">#3611</a>)</li>
<li>Set column name explicitely when using
<code>current_database()</code> in queries <a
href="https://github.com/kneth"><code>@​kneth</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>)</li>
<li>add PgMessageType and use static variables for protocol literals <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>)</li>
<li>Handle protocol 3.2 and wider cancel keys. <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>)</li>
<li>refactor empty resultset to use empty result set if the catalog is
not correct <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>)</li>
<li>Use query to find the current catalog instead of relying on the
database in the connection URL or connection properties as this could be
different if connected through a pooler or proxy <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>)</li>
<li>ci: add Java 24 tests <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>)</li>
<li>docs: Relabel 42.7.4 as past version as it is no longer the latest
<a href="https://github.com/sehrope"><code>@​sehrope</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3586">#3586</a>)</li>
<li>test: remove stale logging message from SslTest <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>)</li>
<li>chore: appply the latest byte-buddy version for tests so we support
the latest Java versions <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>)</li>
<li>fix: make PgConnection#abort compatible with Java 24 <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>)</li>
<li>chore(deps): update plugin com.github.burrunan.s3-build-cache to
v1.8.5 <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
(<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3573">#3573</a>)</li>
<li>Fix JavadocTagContinuationIndentation in
AfterBeforeParameterResolver <a
href="https://github.com/Anmol202005"><code>@​Anmol202005</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3566">#3566</a>)</li>
<li>Revert &quot;use in row values instead of union all (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)&quot;
<a href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3524">#3524</a>)</li>
<li>use in row values instead of union all <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>)</li>
<li>feat: enhanced DatabaseMetadata.getIndexInfo() method, added index
comment as REMARKS property <a
href="https://github.com/raminorujov"><code>@​raminorujov</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>)</li>
<li>Nit: correct message in main.yml test action <a
href="https://github.com/ecki"><code>@​ecki</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3503">#3503</a>)</li>
<li>chore: use import instead of require to support modern NodeJS <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3502">#3502</a>)</li>
<li>chore: use PostgreSQL 17 rather than 17rc1 for CI tests <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>)</li>
<li>chore: add ErrorProne verification to catch bugs ealier <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>)</li>
<li>fix: ArrayIndexOutOfBounds when write big object into GSS enabled
connection, make GSSInputStream robust in face of streams that produce
incomplete reads <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>)</li>
<li>refactor: factor out duplicated .getBytes() when converting
date/time to Date/Time/Timestamp <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3497">#3497</a>)</li>
<li>chore: exclude Oracle Java 17 from CI tests <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3499">#3499</a>)</li>
<li>chore: remove unused Travis CI configuration <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3498">#3498</a>)</li>
<li>Undeprecate sslfactoryarg connection property <a
href="https://github.com/sehrope"><code>@​sehrope</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>)</li>
<li>fix:Fix sending extra_float_digits <a
href="https://github.com/davecramer"><code>@​davecramer</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>fix: EOFException on PreparedStatement#toString with unset bytea
parameter since 42.7.4 <a
href="https://github.com/MrEasy"><code>@​MrEasy</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3369">#3369</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>chore: use Java 21 for building pgjdbc by default <a
href="https://github.com/vlsi"><code>@​vlsi</code></a> (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>)</li>
</ul>
<h2>⬆️ Dependencies</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's
changelog</a>.</em></p>
<blockquote>
<h2>[42.7.6]</h2>
<h4>Features</h4>
<ul>
<li>fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index
comment as REMARKS property [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3513">#3513</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3513">pgjdbc/pgjdbc#3513</a>)</li>
</ul>
<h3>Performance Improvements</h3>
<ul>
<li>performance: Improve ResultSetMetadata.fetchFieldMetaData by using
IN row values instead of UNION ALL for improved query performance (later
reverted) [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3510">#3510</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3510">pgjdbc/pgjdbc#3510</a>)</li>
<li>feat:Use a single simple query for all startup parameters, so
groupStartupParameters is no longer needed [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3613">#3613</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3613">pgjdbc/pgjdbc#3613</a>)</li>
<li></li>
</ul>
<h2>Bug Fixes</h2>
<h3>Protocol &amp; Connection Handling</h3>
<ul>
<li>fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3491">#3491</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3491">pgjdbc/pgjdbc#3491</a>)</li>
<li>fix: Fixed handling of protocol 3.2 and wider cancel keys [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3592">#3592</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3592">pgjdbc/pgjdbc#3592</a>)</li>
<li>fix: Made PgConnection#abort compatible with Java 24 [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3582">#3582</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3582">pgjdbc/pgjdbc#3582</a>)</li>
<li>fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS
enabled connections [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3500">#3500</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3500">pgjdbc/pgjdbc#3500</a>)</li>
<li>fix: Added back application name setting [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3509">#3509</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3509">pgjdbc/pgjdbc#3509</a>)</li>
</ul>
<h3>Metadata &amp; Catalog Handling</h3>
<ul>
<li>fix: Set column name explicitly when using current_database() in
queries [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3526">#3526</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3526">pgjdbc/pgjdbc#3526</a>)</li>
<li>fix: Use query to find the current catalog instead of relying on the
database in the connection URL [pull <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3565">#3565</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3565">pgjdbc/pgjdbc#3565</a>)</li>
<li>fix: Refactored empty resultset to use empty result set if the
catalog is not correct [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3588">#3588</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3588">pgjdbc/pgjdbc#3588</a>)</li>
</ul>
<h3>API Improvements</h3>
<ul>
<li>fix: Undeprecated Fastpath API and fixed deprecation warnings [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
<li>fix: Undeprecated sslfactoryarg [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3496">#3496</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3496">pgjdbc/pgjdbc#3496</a>)</li>
<li>fix: Added PgMessageType and used static variables for protocol
literals [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3609">#3609</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3609">pgjdbc/pgjdbc#3609</a>)</li>
<li>fix: Add the ability to turn off automatic LSN flush [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3403">pgjdbc/pgjdbc#3403</a>)</li>
<li>fix: isValid incorrectly called execute, instead of executeWithFlags
[PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3631">#3631</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3631">pgjdbc/pgjdbc#3631</a>).
Fixes [Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">#3630</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3630">pgjdbc/pgjdbc#3630</a>)</li>
<li>fix: EOFException on PreparedStatement#toString with unset bytea
parameter since 42.7.4 <a
href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98">Commit
0a88ea4</a>. Fixes [Issue <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">#3365</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3365">pgjdbc/pgjdbc#3365</a>)</li>
</ul>
<h2>Infrastructure &amp; Build Improvements</h2>
<h3>Java Support</h3>
<ul>
<li>update: Updated to use Java 21 for building pgjdbc by default [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3612">#3612</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3612">pgjdbc/pgjdbc#3612</a>)</li>
<li>update: Updated Java 21 as the build dependency for copr [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3607">#3607</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3607">pgjdbc/pgjdbc#3607</a>)</li>
<li>update: Updated latest JDK to version 24 [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3580">#3580</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3580">pgjdbc/pgjdbc#3580</a>)</li>
<li>update: Applied the latest byte-buddy version for tests to support
the latest Java versions [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3583">#3583</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3583">pgjdbc/pgjdbc#3583</a>)</li>
</ul>
<h3>Testing &amp; Quality</h3>
<ul>
<li>test: Added ErrorProne verification to detect bugs earlier [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
<li>test: Simplified TestUtil.openDB, added tests with various
assumeMinServerVersion values [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3624">#3624</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3614">pgjdbc/pgjdbc#3614</a>)</li>
<li>test: Updated to use PostgreSQL 17 rather than 17rc1 for CI tests
[PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3501">#3501</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3501">pgjdbc/pgjdbc#3501</a>)</li>
<li>test: Removed stale logging message from SslTest [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3584">#3584</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3584">pgjdbc/pgjdbc#3584</a>)</li>
<li>test: Added CI executions with adaptive_fetch=true by default for
performance testing [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3615">#3615</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3615">pgjdbc/pgjdbc#3615</a>)</li>
<li>test: Added tests with reWriteBatchedInserts=true [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3616">#3616</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3616">pgjdbc/pgjdbc#3616</a>)</li>
</ul>
<h3>Code Quality</h3>
<ul>
<li>doc: Fixed javadoc warnings [PR <a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3493">#3493</a>](<a
href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3493">pgjdbc/pgjdbc#3493</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/689708f96d446993cd264cbf5bd5696a726cf8b7"><code>689708f</code></a>
Prepare release notes for release 42_7_6 (new format) (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3628">#3628</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/0a88ea425e86dce691a96d6aa7023c20ac887b98"><code>0a88ea4</code></a>
fix: EOFException on PreparedStatement#toString with unset bytea
parameter si...</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/2de9b943c693c745ea9280444d72b408165caa11"><code>2de9b94</code></a>
fix: make sure Connection.isValid correctly uses executeWithFlags fixes
Issu...</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/d9e20874590f59543c39a99b824e09344f00a813"><code>d9e2087</code></a>
add override (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3629">#3629</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/665b27b8656c8288d9d6c1f8e8d6a7072c238d64"><code>665b27b</code></a>
add the ability to turn off automatic LSN flush (<a
href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3403">#3403</a>)</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/253c68243c9794644d3cbd9d61b4505b9d079ea5"><code>253c682</code></a>
chore(deps): update burrunan/gradle-cache-action action to v3</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/2d1ae0cbd44660a9d172c9b4a90e16e198f43d43"><code>2d1ae0c</code></a>
chore(deps): update plugin com.gradle.develocity to v4</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/baeb89321b26a1a13d430d50ed1102ba80bff183"><code>baeb893</code></a>
fix(deps): update dependency
org.openrewrite.rewrite:org.openrewrite.rewrite....</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/e24d599952af46cca3c03ced4f574c7e205bdda0"><code>e24d599</code></a>
fix(deps): update dependency com.google.errorprone:error_prone_core to
v2.38.0</li>
<li><a
href="https://github.com/pgjdbc/pgjdbc/commit/1617c68d510b86cd5500b0e9d1a1427156bffcbf"><code>1617c68</code></a>
fix(deps): update dependency
net.ltgt.errorprone:net.ltgt.errorprone.gradle.p...</li>
<li>Additional commits viewable in <a
href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.5...REL42.7.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.postgresql:postgresql&package-manager=gradle&previous-version=42.7.5&new-version=42.7.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 20:07:28 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5ec78b5425 Bump org.springframework.boot:spring-boot-dependencies from 3.4.5 to 3.5.0 (#3627)
Bumps
[org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot)
from 3.4.5 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot-dependencies&package-manager=gradle&previous-version=3.4.5&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 19:59:57 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3bec51f4e5 Bump com.diffplug.spotless from 7.0.3 to 7.0.4 (#3626)
Bumps com.diffplug.spotless from 7.0.3 to 7.0.4.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.diffplug.spotless&package-manager=gradle&previous-version=7.0.3&new-version=7.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 19:58:31 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d83d8b4748 Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#3625)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.4.1 to 2.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.2</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.2.1 release. For a
complete list of changes, please refer to the Scorecard <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a>
release notes.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde"><code>05b42c6</code></a>
🌱 bump docker to ghcr v2.4.2 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1548">#1548</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011"><code>b225da6</code></a>
Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1550">#1550</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe"><code>9399f6f</code></a>
🌱 Bump the docker-images group across 1 directory with 2
updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae"><code>e1daa8c</code></a>
🌱 Bump the github-actions group across 1 directory with 5
updates (#...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402"><code>9fe6511</code></a>
🌱 Bump golang.org/x/net from 0.39.0 to 0.40.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1542">#1542</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129"><code>25b9cd9</code></a>
🌱 Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1547">#1547</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42"><code>18cc9b8</code></a>
🌱 Bump golang.org/x/net from 0.38.0 to 0.39.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1536">#1536</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e"><code>db78142</code></a>
🌱 Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1538">#1538</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f"><code>de386ed</code></a>
🌱 Bump golang from 1.24.1 to 1.24.2 in the docker-images group
(<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1534">#1534</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00"><code>5b7cedb</code></a>
🌱 Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1537">#1537</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.4.1&new-version=2.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 19:58:03 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
03d27013d6 Bump alpine from 3.21.3 to 3.22.0 (#3623)
Bumps alpine from 3.21.3 to 3.22.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=alpine&package-manager=docker&previous-version=3.21.3&new-version=3.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 19:51:52 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
679ecdd50d Bump docker/build-push-action from 6.17.0 to 6.18.0 (#3624)
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.17.0 to 6.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.18.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.61.0 to 0.62.1 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1381">docker/build-push-action#1381</a></li>
</ul>
<blockquote>
<p>[!NOTE]
<a
href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build
summary</a> is now supported with <a
href="https://docs.docker.com/build-cloud/">Docker Build Cloud</a>.</p>
</blockquote>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0">https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/263435318d21b8e681c14492fe198d362a7d2c83"><code>2634353</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1381">#1381</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="https://github.com/docker/build-push-action/commit/c0432d2e016ab17a336cee48256683e74d5c4c9e"><code>c0432d2</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0bb1f27d6b9fc90993f41febd9b53ee89397d3f8"><code>0bb1f27</code></a>
set builder driver and endpoint attributes for dbc summary support</li>
<li><a
href="https://github.com/docker/build-push-action/commit/5f9dbf956c8481ecf630d0e53941d9d3afaa53bb"><code>5f9dbf9</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.61.0 to
0.62.1</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0788c444d8b4d67580213712e34a148cae3a6c4e"><code>0788c44</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1375">#1375</a>
from crazy-max/remove-gcr</li>
<li><a
href="https://github.com/docker/build-push-action/commit/aa179ca4f405fed7a76dad90a23bd02d6f2a8d2d"><code>aa179ca</code></a>
e2e: remove GCR</li>
<li>See full diff in <a
href="https://github.com/docker/build-push-action/compare/1dc73863535b631f98b2378be8619f83b136f4a0...263435318d21b8e681c14492fe198d362a7d2c83">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.17.0&new-version=6.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 19:51:22 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
feb84f001c Bump org.springframework.session:spring-session-core from 3.4.3 to 3.5.0 (#3591)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springframework.session:spring-session-core](https://github.com/spring-projects/spring-session)
from 3.4.3 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-session/releases">org.springframework.session:spring-session-core's
releases</a>.</em></p>
<blockquote>
<h2>3.5.0</h2>
<h2>🪲 Bug Fixes</h2>
<ul>
<li>Fix Race Condition in Integration Tests Using Redis
SessionEventRegistry <a
href="https://redirect.github.com/spring-projects/spring-session/issues/3400">#3400</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump com.fasterxml.jackson.core:jackson-databind from 2.18.3 to
2.18.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3393">#3393</a></li>
<li>Bump io.projectreactor:reactor-bom from 2024.0.5 to 2024.0.6 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3395">#3395</a></li>
<li>Bump io.projectreactor:reactor-core from 3.6.16 to 3.6.17 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3394">#3394</a></li>
<li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to
1.0.6 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3392">#3392</a></li>
<li>Bump io.spring.javaformat:spring-javaformat-checkstyle from 0.0.43
to 0.0.45 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3402">#3402</a></li>
<li>Bump io.spring.javaformat:spring-javaformat-gradle-plugin from
0.0.43 to 0.0.45 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3404">#3404</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2025.0.0-RC1 to
2025.0.1-SNAPSHOT <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3397">#3397</a></li>
<li>Bump org.springframework.security:spring-security-bom from 6.5.0-RC1
to 6.5.1-SNAPSHOT <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3401">#3401</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3403">#3403</a></li>
<li>Spring Security 6.5.0 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3406">#3406</a></li>
<li>Update to Spring Data 2025.0.0 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3405">#3405</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/rwinch"><code>@​rwinch</code></a></p>
<h2>3.5.0-RC1</h2>
<h2> New Features</h2>
<ul>
<li>Introduce CompositeHttpSessionIdResolver <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3264">#3264</a></li>
<li>Start JDBC transactions only when there is an update <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3330">#3330</a></li>
</ul>
<h2>🪲 Bug Fixes</h2>
<ul>
<li>Explicitly use junit-platform-launcher <a
href="https://redirect.github.com/spring-projects/spring-session/issues/3367">#3367</a></li>
<li>Fix jdbc session with special characters <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3316">#3316</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump io.projectreactor:reactor-bom from 2024.0.4 to 2024.0.5 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3380">#3380</a></li>
<li>Bump io.projectreactor:reactor-core from 3.6.15 to 3.6.16 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3381">#3381</a></li>
<li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to
1.0.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3377">#3377</a></li>
<li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.4 to
1.0.5 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3387">#3387</a></li>
<li>Bump org.aspectj:aspectjweaver from 1.9.23 to 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3378">#3378</a></li>
<li>Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3369">#3369</a></li>
<li>Bump org.mariadb.jdbc:mariadb-java-client from 3.5.2 to 3.5.3 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3371">#3371</a></li>
<li>Bump org.springframework.boot:spring-boot-gradle-plugin from
3.5.0-M3 to 3.5.0-SNAPSHOT <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3373">#3373</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2025.0.0-M2 to
2025.0.0-SNAPSHOT <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3372">#3372</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3384">#3384</a></li>
<li>Update to Spring Boot 3.5.0 (dependencies) <a
href="https://redirect.github.com/spring-projects/spring-session/issues/3368">#3368</a></li>
<li>Update to Spring Security 6.5.0-rc1 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3386">#3386</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-session/commit/817b17251ab34a473a03b9707f55c42d687c7758"><code>817b172</code></a>
Release 3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/5a9c22000aa1ed5f38dea04ec99883a71728875b"><code>5a9c220</code></a>
Update to Spring Security 6.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/ce5efb7e51910a49591c015c8a1a2bbf67b73fd3"><code>ce5efb7</code></a>
Update to Spring Data 2025.0.0</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/d6391a8a42c03f4307eea2edfb926d7310b11632"><code>d6391a8</code></a>
Revert &quot;Bump
io.spring.javaformat:spring-javaformat-checkstyle&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/f75cd2454a5d52406d8e8c4822ee654fbd72309f"><code>f75cd24</code></a>
Revert &quot;Bump
org.springframework.security:spring-security-bom&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/ca4694310104e6ecb76e089805fc0810788e5efe"><code>ca46943</code></a>
Bump org.springframework.security:spring-security-bom</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/bf09912a7f697168a21a90ba47ab275a765f8608"><code>bf09912</code></a>
Bump io.spring.javaformat:spring-javaformat-checkstyle</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/ae2f60668bcf026e651ee65589ecf6a1c082bffc"><code>ae2f606</code></a>
Bump io.spring.javaformat:spring-javaformat-gradle-plugin</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/05e9a3ec755d212de4dff85811ea8e2c27ec9c28"><code>05e9a3e</code></a>
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/6fb972d633e144ef3c9eea8577e0074e24caab8b"><code>6fb972d</code></a>
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to
1.0.6</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-session/compare/3.4.3...3.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.session:spring-session-core&package-manager=gradle&previous-version=3.4.3&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 12:14:42 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8c061ea644 Bump springBootVersion from 3.4.5 to 3.5.0 (#3592)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps `springBootVersion` from 3.4.5 to 3.5.0.
Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.5 to
3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-web's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.5
to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-jetty's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from
3.4.5 to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-thymeleaf's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-security` from
3.4.5 to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-security's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-data-jpa` from
3.4.5 to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-data-jpa's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-oauth2-client`
from 3.4.5 to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-oauth2-client's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-mail` from 3.4.5
to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-mail's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.5
to 3.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-test's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a...

_Description has been truncated_

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 12:14:30 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ea5515b614 Bump org.mockito:mockito-core from 5.17.0 to 5.18.0 (#3593)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito)
from 5.17.0 to 5.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mockito/mockito/releases">org.mockito:mockito-core's
releases</a>.</em></p>
<blockquote>
<h2>v5.18.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog
generated by <a
href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog
Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted
--></p>
<h4>5.18.0</h4>
<ul>
<li>2025-05-20 - <a
href="https://github.com/mockito/mockito/compare/v5.17.0...v5.18.0">5
commit(s)</a> by Eugene Platonov, Patrick Doyle, Tim van der Lippe,
dependabot[bot]</li>
<li>Make vararg checks Scala friendly (for mockito-scala) [(<a
href="https://redirect.github.com/mockito/mockito/issues/3651">#3651</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3651">mockito/mockito#3651</a>)</li>
<li>For UnfinishedStubbingException, suggest the possibility of another
thread [(<a
href="https://redirect.github.com/mockito/mockito/issues/3636">#3636</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3636">mockito/mockito#3636</a>)</li>
<li>UnfinishedStubbingException ought to suggest the possibility of
another thread [(<a
href="https://redirect.github.com/mockito/mockito/issues/3635">#3635</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3635">mockito/mockito#3635</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mockito/mockito/commit/06737471ea19ca023581351eeac778ffbce8da74"><code>0673747</code></a>
Force Jacoco version for Android</li>
<li><a
href="https://github.com/mockito/mockito/commit/65388f01eb8a555c4df5dec692ba9abf8a2591b8"><code>65388f0</code></a>
Update Jacoco version to 0.8.13</li>
<li><a
href="https://github.com/mockito/mockito/commit/60179ca10dbd29ff959d7eae670ce95b3f19f5fd"><code>60179ca</code></a>
Bump bytebuddy from 1.15.11 to 1.16.1</li>
<li><a
href="https://github.com/mockito/mockito/commit/8f15169774cb639b5757f121f27d6c0d8ca18c97"><code>8f15169</code></a>
Make vararg checks Scala friendly (<a
href="https://redirect.github.com/mockito/mockito/issues/3651">#3651</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/3a631cb87082fff212bc00c00970508b4ce63072"><code>3a631cb</code></a>
Add hint for multithreading in <code>UnfinishedStubbingException</code>
(<a
href="https://redirect.github.com/mockito/mockito/issues/3636">#3636</a>)</li>
<li>See full diff in <a
href="https://github.com/mockito/mockito/compare/v5.17.0...v5.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core&package-manager=gradle&previous-version=5.17.0&new-version=5.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 12:14:17 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b1a6e1b481 Bump org.springframework.boot from 3.4.5 to 3.5.0 (#3594)
Bumps
[org.springframework.boot](https://github.com/spring-projects/spring-boot)
from 3.4.5 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<p>Full <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5-Release-Notes">release
notes for Spring Boot 3.5</a> are available on the wiki.</p>
<h2> New Features</h2>
<ul>
<li>Make heapdump endpoint restricted by default <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45624">#45624</a></li>
<li>Remove SSL status tag from metrics <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45602">#45602</a></li>
<li>Remove 'spring.http.client' deprecation and change
'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45507">#45507</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Unable to override/set nested ConfigurationProperties by passing as
a system property <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45639">#45639</a></li>
<li>ValidationAutoConfiguration triggers early initialization of
properties binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45618">#45618</a></li>
<li>Micrometer &quot;enable&quot; annotations property does not cover
observed aspect <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45617">#45617</a></li>
<li>spring.graphql.sse.timeout is no longer exposed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45613">#45613</a></li>
<li>SpringApplication.setEnvironmentPrefix is ignored when reading
SPRING_PROFILES_ACTIVE <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45549">#45549</a></li>
<li>IllegalStateException when extracting using layers a module with no
code of its own <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45449">#45449</a></li>
<li>Removed spring.batch.initialize-schema property is still considered
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45380">#45380</a></li>
<li>ReactorHttpClientBuilder does not offer a factory method to create
the HttpClient <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45378">#45378</a></li>
<li>Suggested values for spring.jpa.hibernate.ddl-auto are not aligned
with Hibernate <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45351">#45351</a></li>
<li>Custom default units declared on a field are ignored when binding
properties in a native image <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45347">#45347</a></li>
<li>DockerRegistryConfigAuthentication uses the wrong serverUrl as a
fallback for the Credentials helper <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45345">#45345</a></li>
<li>Various spring.datasource properties are mistakenly marked as
ignored <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45342">#45342</a></li>
<li>JerseyWebApplicationInitializer always gets loaded, setting a
ServletContext initParameter <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45297">#45297</a></li>
<li>DockerRegistryConfigAuthentication does not align with Docker CLI <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45292">#45292</a></li>
<li>Unlike the Docker CLI, &quot;\x00&quot; characters are not trimmed
from a decoded Docker Registry password <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/45290">#45290</a></li>
<li>CloudFoundry security matcher logs a warning due to use of the
'ignoring()' method <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/32622">#32622</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Document the java info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45634">#45634</a></li>
<li>Document the process info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45632">#45632</a></li>
<li>Document the os info contribution <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45630">#45630</a></li>
<li>Document typical spring.application.group and name use <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45628">#45628</a></li>
<li>Document that bean methods should be static when annotated with
<code>@ConfigurationPropertiesBinding</code> <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45626">#45626</a></li>
<li>Document the way that primary Kotlin constructors are used when
binding <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45553">#45553</a></li>
<li>Improve &quot;profile&quot; reference documentation with additional
admonitions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45551">#45551</a></li>
<li>Improve setEnvironmentPrefix(...) reference documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45376">#45376</a></li>
<li>Document all the available Testcontainers integrations <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45367">#45367</a></li>
<li>Document when a spring.config.import value is relative and when it
is fixed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45363">#45363</a></li>
<li>Update org.cyclonedx.bom version in docs to 2.3.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45320">#45320</a></li>
<li>Update link to &quot;Parameter Name Retention&quot; section of
Spring Framework's release notes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45299">#45299</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Prevent upgrade to Prometheus Client 1.3.7 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45541">#45541</a></li>
<li>Upgrade to Couchbase Client 3.8.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45539">#45539</a></li>
<li>Upgrade to Elasticsearch 8.18.1 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45447">#45447</a></li>
<li>Upgrade to GraphQL Java 24.0 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45588">#45588</a></li>
<li>Upgrade to Hibernate 6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45540">#45540</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/8c2d6453243f319accaef7a190ff8ddf89f482a2"><code>8c2d645</code></a>
Release v3.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0b49e78c21f5afaf2db23bea2a1f8b369b3d92a7"><code>0b49e78</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/c684fa4050d89a505f28257fef5462745671b6e5"><code>c684fa4</code></a>
Switch <code>make-default</code> for publish-to-sdkman to 3.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/569519285046967a85f20cefe4200fcfc35a21c8"><code>5695192</code></a>
Ensure descendants are always recalculated on cache refresh</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/31f549efc699e8f2f597ddf08bb572ad9a74b358"><code>31f549e</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/68df6f594167d760e67dd97eed0783e3f3a5fafd"><code>68df6f5</code></a>
Next development version (v3.4.7-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/9f46877c7ea17452f1f744281aa0008fadcc82f9"><code>9f46877</code></a>
Merge branch '3.4.x'</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/404a0df5e8cffad3c9cbc896b0382347586102bf"><code>404a0df</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/e331846302f763905e9e0d3cf96438f60c7bd3c4"><code>e331846</code></a>
Next development version (v3.3.13-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b142798bdb8dde5d8a6ab01e70d6d78c1a6752c7"><code>b142798</code></a>
Merge branch '3.4.x'</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.5...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.4.5&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 12:14:12 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d59e39b4b6 Bump org.mockito:mockito-core from 5.11.0 to 5.17.0 (#3551)
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito)
from 5.11.0 to 5.17.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mockito/mockito/releases">org.mockito:mockito-core's
releases</a>.</em></p>
<blockquote>
<h2>v5.17.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog
generated by <a
href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog
Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted
--></p>
<h4>5.17.0</h4>
<ul>
<li>2025-04-04 - <a
href="https://github.com/mockito/mockito/compare/v5.16.1...v5.17.0">7
commit(s)</a> by Adrian Roos, Andre Kurait, Jan Ouwens, Rafael
Winterhalter, Taeik Lim, Thach Le, Tim van der Lippe</li>
<li>Fixes <a
href="https://redirect.github.com/mockito/mockito/issues/3631">#3631</a>:
Fix broken banner image link [(<a
href="https://redirect.github.com/mockito/mockito/issues/3632">#3632</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3632">mockito/mockito#3632</a>)</li>
<li>Banner image is broken [(<a
href="https://redirect.github.com/mockito/mockito/issues/3631">#3631</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3631">mockito/mockito#3631</a>)</li>
<li>Update exception message with mockito-inline [(<a
href="https://redirect.github.com/mockito/mockito/issues/3628">#3628</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3628">mockito/mockito#3628</a>)</li>
<li>Clarify structure of commit messages [(<a
href="https://redirect.github.com/mockito/mockito/issues/3626">#3626</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3626">mockito/mockito#3626</a>)</li>
<li>Fixes <a
href="https://redirect.github.com/mockito/mockito/issues/3622">#3622</a>:
MockitoExtension fails cleanup when aborted before setup [(<a
href="https://redirect.github.com/mockito/mockito/issues/3623">#3623</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3623">mockito/mockito#3623</a>)</li>
<li>MockitoExtension fails cleanup when aborted before setup [(<a
href="https://redirect.github.com/mockito/mockito/issues/3622">#3622</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3622">mockito/mockito#3622</a>)</li>
<li>Since mockito-inline has been removed, the exception messages with
<code>mockito-inline</code> should be modified. [(<a
href="https://redirect.github.com/mockito/mockito/issues/3621">#3621</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3621">mockito/mockito#3621</a>)</li>
<li>Fixes <a
href="https://redirect.github.com/mockito/mockito/issues/3171">#3171</a>:
Fall back to Throwable Location strategy on Android [(<a
href="https://redirect.github.com/mockito/mockito/issues/3619">#3619</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3619">mockito/mockito#3619</a>)</li>
<li>Fixes <a
href="https://redirect.github.com/mockito/mockito/issues/3615">#3615</a>
: broken links to javadoc.io [(<a
href="https://redirect.github.com/mockito/mockito/issues/3616">#3616</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3616">mockito/mockito#3616</a>)</li>
<li>Broken links to javadoc.io [(<a
href="https://redirect.github.com/mockito/mockito/issues/3615">#3615</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3615">mockito/mockito#3615</a>)</li>
<li>Mocks are not working on particular devices after update Android SDK
from 33 to 34 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3171">#3171</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3171">mockito/mockito#3171</a>)</li>
</ul>
<h2>v5.16.1</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog
generated by <a
href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog
Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted
--></p>
<h4>5.16.1</h4>
<ul>
<li>2025-03-15 - <a
href="https://github.com/mockito/mockito/compare/v5.16.0...v5.16.1">3
commit(s)</a> by Adrian Roos, Jérôme Prinet, Rafael Winterhalter</li>
<li>Remove Arrays.asList from critical stubbing path in
GenericMetadataSu… [(<a
href="https://redirect.github.com/mockito/mockito/issues/3610">#3610</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3610">mockito/mockito#3610</a>)</li>
<li>Rework of injection strategy in the context of modules [(<a
href="https://redirect.github.com/mockito/mockito/issues/3608">#3608</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3608">mockito/mockito#3608</a>)</li>
<li>Adjust inline mocking snippet to allow task relocatability [(<a
href="https://redirect.github.com/mockito/mockito/issues/3606">#3606</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3606">mockito/mockito#3606</a>)</li>
<li>Inline mocking configuration snippet for Gradle should allow task
relocatability [(<a
href="https://redirect.github.com/mockito/mockito/issues/3605">#3605</a>)](<a
href="https://redirect.github.com/mockito/mockito/issues/3605">mockito/mockito#3605</a>)</li>
</ul>
<h2>v5.16.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog
generated by <a
href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog
Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted
--></p>
<h4>5.16.0</h4>
<ul>
<li>2025-03-03 - <a
href="https://github.com/mockito/mockito/compare/v5.15.2...v5.16.0">10
commit(s)</a> by Brice Dutheil, Rafael Winterhalter, TDL,
dependabot[bot]</li>
<li>Add support for including module-info in Mockito. [(<a
href="https://redirect.github.com/mockito/mockito/issues/3597">#3597</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3597">mockito/mockito#3597</a>)</li>
<li>Bump com.gradle.develocity from 3.19 to 3.19.1 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3579">#3579</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3579">mockito/mockito#3579</a>)</li>
<li>Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3577">#3577</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3577">mockito/mockito#3577</a>)</li>
<li>Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.1 to
7.0.2 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3574">#3574</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3574">mockito/mockito#3574</a>)</li>
<li>Bump com.diffplug.spotless:spotless-plugin-gradle from 6.25.0 to
7.0.1 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3571">#3571</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3571">mockito/mockito#3571</a>)</li>
<li>Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3569">#3569</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3569">mockito/mockito#3569</a>)</li>
<li>Tweaks documentation on mockito agent config for maven [(<a
href="https://redirect.github.com/mockito/mockito/issues/3568">#3568</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3568">mockito/mockito#3568</a>)</li>
<li>Adds <code>--info</code> to diagnose
closeAndReleaseStagingRepositories issues [(<a
href="https://redirect.github.com/mockito/mockito/issues/3567">#3567</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3567">mockito/mockito#3567</a>)</li>
<li>Refine reflection when calling management factory [(<a
href="https://redirect.github.com/mockito/mockito/issues/3566">#3566</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3566">mockito/mockito#3566</a>)</li>
<li>Avoid warning when dynamic attach is enabled [(<a
href="https://redirect.github.com/mockito/mockito/issues/3551">#3551</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3551">mockito/mockito#3551</a>)</li>
</ul>
<h2>v5.15.2</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog
generated by <a
href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog
Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted
--></p>
<h4>5.15.2</h4>
<ul>
<li>2025-01-02 - <a
href="https://github.com/mockito/mockito/compare/v5.15.1...v5.15.2">2
commit(s)</a> by Brice Dutheil, dependabot[bot]</li>
<li>Fix javadoc publication [(<a
href="https://redirect.github.com/mockito/mockito/issues/3561">#3561</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3561">mockito/mockito#3561</a>)</li>
<li>Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 [(<a
href="https://redirect.github.com/mockito/mockito/issues/3560">#3560</a>)](<a
href="https://redirect.github.com/mockito/mockito/pull/3560">mockito/mockito#3560</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mockito/mockito/commit/7764992d1250f4e7f6ffd10f650dc89516139c8d"><code>7764992</code></a>
Remove mention of <code>mockito-inline</code> from mockmaker exception
(<a
href="https://redirect.github.com/mockito/mockito/issues/3628">#3628</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/ee92ad4916d9f3f6ae6836bdba5c30f8404d3d50"><code>ee92ad4</code></a>
Fix broken banner image link (<a
href="https://redirect.github.com/mockito/mockito/issues/3632">#3632</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/3edab5283552c3c6c393d8c818c8d6a8fa1f94a5"><code>3edab52</code></a>
Clarify structure of commit messages (<a
href="https://redirect.github.com/mockito/mockito/issues/3626">#3626</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/bfab74365e91135b2f88ccb0228372a8799d9279"><code>bfab743</code></a>
Fall back to Throwable Location strategy on Android (<a
href="https://redirect.github.com/mockito/mockito/issues/3619">#3619</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/4f469c830b2f6ab0e1f061e9383aff2e6f9f8376"><code>4f469c8</code></a>
MockitoExtension fails cleanup when aborted before setup (<a
href="https://redirect.github.com/mockito/mockito/issues/3623">#3623</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/1764e62102f525ff9a82b8166b8596edd25f5b7f"><code>1764e62</code></a>
Update links to javadoc.io (<a
href="https://redirect.github.com/mockito/mockito/issues/3616">#3616</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/1e029d767b33ee8de42e58459a2c3e63ab3f7c41"><code>1e029d7</code></a>
Add missing requirement to objenesis.</li>
<li><a
href="https://github.com/mockito/mockito/commit/d000e630775cfa45752eeb491a197283e7370621"><code>d000e63</code></a>
Rework of injection strategy in the context of modules (<a
href="https://redirect.github.com/mockito/mockito/issues/3608">#3608</a>)</li>
<li><a
href="https://github.com/mockito/mockito/commit/0215884a5e68016504be98599b3045070a558002"><code>0215884</code></a>
Remove Arrays.asList from critical stubbing path in
GenericMetadataSupport (#...</li>
<li><a
href="https://github.com/mockito/mockito/commit/d18503512b01eed650f5fdf78f7e3c02755c8ee5"><code>d185035</code></a>
Add reference to Gradle documentation on how to make task relocatable
(<a
href="https://redirect.github.com/mockito/mockito/issues/3606">#3606</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/mockito/mockito/compare/v5.11.0...v5.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mockito:mockito-core&package-manager=gradle&previous-version=5.11.0&new-version=5.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 12:00:31 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9514370cc3 Bump org.gradle.toolchains.foojay-resolver-convention from 0.10.0 to 1.0.0 (#3552)
Bumps org.gradle.toolchains.foojay-resolver-convention from 0.10.0 to
1.0.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.gradle.toolchains.foojay-resolver-convention&package-manager=gradle&previous-version=0.10.0&new-version=1.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:58:23 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b9dd78ced6 Bump io.micrometer:micrometer-core from 1.14.7 to 1.15.0 (#3550)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer)
from 1.14.7 to 1.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's
releases</a>.</em></p>
<blockquote>
<h2>1.15.0</h2>
<h2> New Features</h2>
<ul>
<li>Further enhancement to OtlpMetricsSender <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6025">#6025</a></li>
<li>Make Prometheus Metric and Label naming conventions consistent <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5923">#5923</a></li>
<li>Metrics for Executors.newVirtualThreadPerTaskExecutor() <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5488">#5488</a></li>
<li>Metrics for live virtual threads <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5950">#5950</a></li>
<li>More flexible OTLP per meter configuration <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6099">#6099</a></li>
<li>Prometheus/OpenMetrics <code>_created</code> timestamp <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/2625">#2625</a></li>
<li>Make jvm.classes.unloaded description generic <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5745">#5745</a></li>
<li>Use String.toLowerCase()/toUpperCase() with Locale.ROOT consistently
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5711">#5711</a></li>
<li>Use failWithActualExpectedAndMessage() where possible <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5696">#5696</a></li>
<li>Provide target host/port info in ObservationExecChainHandler when
HttpHostConnectException is thrown <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5615">#5615</a></li>
<li>Enable Gauge builders to take a subclass of Number <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5601">#5601</a></li>
<li>micrometer-observation-test support for assertions on events <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5576">#5576</a></li>
<li>Log delta count in addition to throughput in LoggingMeterRegistry <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5548">#5548</a></li>
<li>Add peer name and port to gRPC observation contexts <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/3512">#3512</a></li>
<li>Use direct equals call instead of Objects.equals wrapper <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5840">#5840</a></li>
<li>Remove special handling of 404/301 from JDK HTTP client
instrumentation <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5838">#5838</a></li>
<li>Make Timer and LongTaskTimer output similar in LoggingMeterRegistry
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5835">#5835</a></li>
<li>Remove special handling of 404 and redirection statuses from Jetty
client instrumentation <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5825">#5825</a></li>
<li>Log deprecation warning when creating SignalFxMeterRegistry <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5824">#5824</a></li>
<li>Log metrics recording failures in CountedAspect and TimedAspect <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5820">#5820</a></li>
<li>Remove special handling of 404/301 from OkHttp instrumentation <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5814">#5814</a></li>
<li>Support AutoShutdownDelegatedExecutorService in
ExecutorServiceMetrics <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5811">#5811</a></li>
<li>Deprecate micrometer-registry-signalfx in favor of
micrometer-registry-otlp <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5807">#5807</a></li>
<li>Rebind <code>Log4j2Metrics</code> when
<code>LoggerContext#reconfigure</code> is called <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5756">#5756</a></li>
<li>Send metrics via any protocol in the OTLP Registry <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5690">#5690</a></li>
<li>Improve average performance of DefaultLongTaskTimer for out-of-order
stopping <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5591">#5591</a></li>
<li>Improve OtlpMetricsSender API <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5994">#5994</a></li>
<li>Support configuring exponential histograms at the meter level <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5459">#5459</a></li>
<li>Allow TimedAspect/CountedAspect to create tags based on method
result <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/3058">#3058</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Do not leak OTLP types on public-facing API <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5699">#5699</a></li>
<li>micrometer-observation-test brings unnecessary JUnit dependencies,
leading to conflicts <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6012">#6012</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump io.opentelemetry.proto:opentelemetry-proto from 1.4.0-alpha to
1.5.0-alpha <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5798">#5798</a></li>
<li>Bump com.google.cloud:libraries-bom from 26.55.0 to 26.56.0 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5991">#5991</a></li>
<li>Bump com.google.cloud:google-cloud-monitoring from 3.59.0 to 3.60.0
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5986">#5986</a></li>
<li>Bump com.google.auth:google-auth-library-oauth2-http from 1.32.1 to
1.33.0 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5963">#5963</a></li>
<li>Bump software.amazon.awssdk:cloudwatch from 2.29.46 to 2.30.11 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5863">#5863</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/e13042badcc34c2ca833bfd692924bd86e9d4c1e"><code>e13042b</code></a>
Bump software.amazon.awssdk:cloudwatch from 2.31.40 to 2.31.41 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6228">#6228</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/571793b84ed71c90012b378b94df02fdb417ecf2"><code>571793b</code></a>
Merge branch '1.14.x'</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/315c1b1817ca77b6d91b890586ae1826186b57c4"><code>315c1b1</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/a3ae027d8c6dd0fbd7851eb59a61e29341498f2b"><code>a3ae027</code></a>
Bump com.tngtech.archunit:archunit-junit5 from 1.3.1 to 1.3.2 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6225">#6225</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/ac6c26f7baf6c742a5daf509113d0197a23361d0"><code>ac6c26f</code></a>
Merge branch '1.14.x'</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/163203f98102e4e7bb8e9e4bc893257b162e2d49"><code>163203f</code></a>
Add missing colons in &quot;Environment&quot; section in bug_report.md
(<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6223">#6223</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/1713feed26a18f676b0e9f395354e4b8688731b1"><code>1713fee</code></a>
Bump maven-resolver from 1.9.22 to 1.9.23 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6222">#6222</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/e31548477ade9ab7933d2ff7f2a8817540598c5c"><code>e315484</code></a>
Bump software.amazon.awssdk:cloudwatch from 2.31.39 to 2.31.40 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6221">#6221</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/d6b8d4e8472dda214252a184ff8d244a7934e13a"><code>d6b8d4e</code></a>
Bump com.google.cloud:libraries-bom from 26.59.0 to 26.60.0 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6220">#6220</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/121056e6d59fb6995b65adf0b4a53aabbb47d63d"><code>121056e</code></a>
Bump software.amazon.awssdk:cloudwatch from 2.31.38 to 2.31.39 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6217">#6217</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.15.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.7&new-version=1.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:53:02 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f50f7230d0 Bump org.springframework.security:spring-security-saml2-service-provider from 6.4.5 to 6.5.0 (#3549)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springframework.security:spring-security-saml2-service-provider](https://github.com/spring-projects/spring-security)
from 6.4.5 to 6.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's
releases</a>.</em></p>
<blockquote>
<h2>6.5.0</h2>
<h2> New Features</h2>
<ul>
<li>Add documentation for DPoP support <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17072">#17072</a></li>
<li>Add logging to CsrfTokenRequestHandler implementations <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16994">#16994</a></li>
<li>Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter
<a
href="https://redirect.github.com/spring-projects/spring-security/pull/16806">#16806</a></li>
<li>Bump Gradle Wrapper from 8.13 to 8.14 <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17018">#17018</a></li>
<li>ClientRegistrations.fromIssuerLocation does not include failure
information <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17015">#17015</a></li>
<li>Fix Typo In SubjectDnX509PrincipalExtractorTests <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16997">#16997</a></li>
<li>Implement internal cache in JtiClaimValidator <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17107">#17107</a></li>
<li>Polish javadoc <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16924">#16924</a></li>
<li>Remove unused classes <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16935">#16935</a></li>
<li>Replace NimbusOpaqueTokenIntrospector with
SpringOpaqueTokenIntrospector in Documentation <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16962">#16962</a></li>
<li>RequestHeaderAuthenticationFilter creates a session even if not
configured to do so <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17147">#17147</a></li>
</ul>
<h2>🪲 Bug Fixes</h2>
<ul>
<li>Add FunctionalInterface To X509PrincipalExtractor <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16952">#16952</a></li>
<li>Change NonNull import from reactor to spring <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16571">#16571</a></li>
<li>Fix DPoP jkt claim to be JWK SHA-256 thumbprint <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17080">#17080</a></li>
<li>Minor error in the Handling Logouts documentation <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17049">#17049</a></li>
<li>SecurityAnnotationScanner's method comparison should use .equals <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17145">#17145</a></li>
<li>Use proper configuration key in Opaque Token documentation <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17014">#17014</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17069">#17069</a></li>
<li>Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16995">#16995</a></li>
<li>Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16990">#16990</a></li>
<li>Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to
0.29.1.RELEASE <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17024">#17024</a></li>
<li>Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to
0.29.2.RELEASE <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17095">#17095</a></li>
<li>Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17096">#17096</a></li>
<li>Bump io.mockk:mockk from 1.14.0 to 1.14.2 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17019">#17019</a></li>
<li>Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17111">#17111</a></li>
<li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to
1.0.6 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17040">#17040</a></li>
<li>Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17088">#17088</a></li>
<li>Bump org-eclipse-jetty from 11.0.24 to 11.0.25 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16761">#16761</a></li>
<li>Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to
6.6.14.Final <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17089">#17089</a></li>
<li>Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to
6.6.15.Final <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17105">#17105</a></li>
<li>Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17037">#17037</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2024.1.4 to
2024.1.5 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16981">#16981</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2024.1.5 to
2024.1.6 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17137">#17137</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/17124">#17124</a></li>
</ul>
<h2>🔩 Build Updates</h2>
<ul>
<li>Release 6.5.0 <a
href="https://redirect.github.com/spring-projects/spring-security/issues/17138">#17138</a></li>
</ul>
<h2>❤️ Contributors</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-security/commit/0fd0e9335ae3a6ff3538045d098dd6b94679d99e"><code>0fd0e93</code></a>
Release 6.5.0</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/78dd02a4c18502fa668ca7736581eaed8193891c"><code>78dd02a</code></a>
Merge branch '6.4.x' into 6.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/edc8735eb8ba1c378826499db5160cea44db462a"><code>edc8735</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/cae3467a8d5fdf4ef0f5c2343d48aa9c48445be2"><code>cae3467</code></a>
Improve AbstractPreAuthenticatedProcessingFilter docs</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/9a8f9a91bc1e4b97cd47dd3c61ac7451e62c15ca"><code>9a8f9a9</code></a>
Merge branch '6.4.x' into 6.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb"><code>c972de5</code></a>
Use .equals to Compare Methods</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b"><code>bf2aaa1</code></a>
Use .equals to Compare Methods</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/6fb0591109e3c6d9fef9ee2d1a4f215c738c22da"><code>6fb0591</code></a>
Merge branch
'gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.6'...</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/390972c4a05b3a664c0e1b936d63712559c53a1f"><code>390972c</code></a>
Merge branch '6.4.x' into 6.5.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/36905173951d20085c226b82da552ec4ff9ab9ee"><code>3690517</code></a>
Merge branch
'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6'...</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-security/compare/6.4.5...6.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.security:spring-security-saml2-service-provider&package-manager=gradle&previous-version=6.4.5&new-version=6.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:52:50 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8ecd4e9c36 Bump org.springframework:spring-webmvc from 6.2.6 to 6.2.7 (#3547)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework)
from 6.2.6 to 6.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-webmvc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.7</h2>
<h2> New Features</h2>
<ul>
<li>Forward more methods to underlying InputStream in
NonClosingInputStream <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34893">#34893</a></li>
<li>Introduce Spring property for the default property placeholder
escape character <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34865">#34865</a></li>
<li>Close ApplicationContext once AOT processing has completed <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34841">#34841</a></li>
<li>Fix
<code>AbstractJackson2HttpMessageConverter#getObjectMappersForType</code>
nullness <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34811">#34811</a></li>
<li>Add option for case-insensitive match to PatternMatchUtils <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34801">#34801</a></li>
<li>RestClient <code>@RequestBody</code> parameters lose generic type
information when creating HTTP service beans <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34793">#34793</a></li>
<li>Adds option to set Principal in MockServerWebExchange <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34789">#34789</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Beans created by FactoryBean are not considered as autowiring
candidates if another thread holds a singletonLock <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34902">#34902</a></li>
<li><code>PropertySourcesPlaceholderConfigurer</code> placeholder
resolution fails in several scenarios <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34861">#34861</a></li>
<li>HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout
not working with httpclient 5.3.1 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34851">#34851</a></li>
<li>Fragment.create() requires mutable map - which is unusable when used
with Kotlin <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34848">#34848</a></li>
<li>Duplicate <code>BeanOverrideHandler</code> discovered in
<code>@Nested</code> test case with superclass from different class or
in interface implemented multiple times <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34844">#34844</a></li>
<li>Accidental ClassLoader defineClass enforcement after <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a>
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34824">#34824</a></li>
<li>HttpEntity.EMPTY headers should not be possible to mutate via
HttpHeaders constructor <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34812">#34812</a></li>
<li>AbstractFileResolvingResource.exists incorrectly reports result for
resources inside of spring-boot executable jar <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34796">#34796</a></li>
<li>Correctly expand query param with same name from URI variables array
<a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34783">#34783</a></li>
<li>R2DBC <code>NamedParameterUtils</code> only expands reused
collection parameter once <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34768">#34768</a></li>
<li><code>PathMatchingResourcePatternResolver</code> wrongly assumes
that <code>target/classes</code> always exists <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34764">#34764</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Clarify <code>CompositePropertySource</code> behavior for
<code>EnumerablePropertySource</code> contract <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34886">#34886</a></li>
<li>Javadoc and <code>@Nullable</code> annotation for
<code>servletContext</code> parameter of
<code>ConfigurableWebEnvironment.initPropertySources</code> are
contradictory <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34845">#34845</a></li>
<li>Spring MVC: <code>@EnableAsync</code> needs to be redeclared for
each ApplicationContext <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34843">#34843</a></li>
<li>Provide a working example instead of unclear placeholders <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34828">#34828</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to Micrometer 1.14.7 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34889">#34889</a></li>
<li>Upgrade to Reactor 2024.0.6 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34898">#34898</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/Artur"><code>@​Artur</code></a>-, <a
href="https://github.com/blake-bauman"><code>@​blake-bauman</code></a>,
<a href="https://github.com/iifawzi"><code>@​iifawzi</code></a>, <a
href="https://github.com/kilink"><code>@​kilink</code></a>, <a
href="https://github.com/quaff"><code>@​quaff</code></a>, <a
href="https://github.com/whlit"><code>@​whlit</code></a>, and <a
href="https://github.com/zzoe2346"><code>@​zzoe2346</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b"><code>ba590ac</code></a>
Release v6.2.7</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332"><code>ee62701</code></a>
Make use of PatternMatchUtils ignoreCase option</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1"><code>fa168ca</code></a>
Revise FactoryBean locking behavior for strict/lenient consistency</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22"><code>3c228a5</code></a>
Add missing <a href="https://github.com/since"><code>@​since</code></a>
tags in PatternMatchUtils</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f"><code>9bf6b8c</code></a>
Upgrade to Reactor 2024.0.6</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8"><code>37ecdd1</code></a>
Forward more methods to underlying InputStream in
NonClosingInputStream</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c"><code>73f1c5a</code></a>
Polishing</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d"><code>4d296fb</code></a>
Upgrade to Micrometer 1.14.7</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512"><code>6a94444</code></a>
Clarify CompositePropertySource behavior for EnumerablePropertySource
contract</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd"><code>03ae97b</code></a>
Introduce Spring property for default escape character for
placeholders</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-webmvc&package-manager=gradle&previous-version=6.2.6&new-version=6.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:52:38 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9aa692674f Bump org.sonarqube from 6.1.0.5360 to 6.2.0.5505 (#3546)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps org.sonarqube from 6.1.0.5360 to 6.2.0.5505.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.sonarqube&package-manager=gradle&previous-version=6.1.0.5360&new-version=6.2.0.5505)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:52:15 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
89992fe643 Bump org.springframework:spring-jdbc from 6.2.6 to 6.2.7 (#3545)
Bumps
[org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework)
from 6.2.6 to 6.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-jdbc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.7</h2>
<h2> New Features</h2>
<ul>
<li>Forward more methods to underlying InputStream in
NonClosingInputStream <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34893">#34893</a></li>
<li>Introduce Spring property for the default property placeholder
escape character <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34865">#34865</a></li>
<li>Close ApplicationContext once AOT processing has completed <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34841">#34841</a></li>
<li>Fix
<code>AbstractJackson2HttpMessageConverter#getObjectMappersForType</code>
nullness <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34811">#34811</a></li>
<li>Add option for case-insensitive match to PatternMatchUtils <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34801">#34801</a></li>
<li>RestClient <code>@RequestBody</code> parameters lose generic type
information when creating HTTP service beans <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34793">#34793</a></li>
<li>Adds option to set Principal in MockServerWebExchange <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34789">#34789</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Beans created by FactoryBean are not considered as autowiring
candidates if another thread holds a singletonLock <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34902">#34902</a></li>
<li><code>PropertySourcesPlaceholderConfigurer</code> placeholder
resolution fails in several scenarios <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34861">#34861</a></li>
<li>HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout
not working with httpclient 5.3.1 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34851">#34851</a></li>
<li>Fragment.create() requires mutable map - which is unusable when used
with Kotlin <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34848">#34848</a></li>
<li>Duplicate <code>BeanOverrideHandler</code> discovered in
<code>@Nested</code> test case with superclass from different class or
in interface implemented multiple times <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34844">#34844</a></li>
<li>Accidental ClassLoader defineClass enforcement after <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a>
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34824">#34824</a></li>
<li>HttpEntity.EMPTY headers should not be possible to mutate via
HttpHeaders constructor <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34812">#34812</a></li>
<li>AbstractFileResolvingResource.exists incorrectly reports result for
resources inside of spring-boot executable jar <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34796">#34796</a></li>
<li>Correctly expand query param with same name from URI variables array
<a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34783">#34783</a></li>
<li>R2DBC <code>NamedParameterUtils</code> only expands reused
collection parameter once <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34768">#34768</a></li>
<li><code>PathMatchingResourcePatternResolver</code> wrongly assumes
that <code>target/classes</code> always exists <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34764">#34764</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Clarify <code>CompositePropertySource</code> behavior for
<code>EnumerablePropertySource</code> contract <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34886">#34886</a></li>
<li>Javadoc and <code>@Nullable</code> annotation for
<code>servletContext</code> parameter of
<code>ConfigurableWebEnvironment.initPropertySources</code> are
contradictory <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34845">#34845</a></li>
<li>Spring MVC: <code>@EnableAsync</code> needs to be redeclared for
each ApplicationContext <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34843">#34843</a></li>
<li>Provide a working example instead of unclear placeholders <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34828">#34828</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to Micrometer 1.14.7 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34889">#34889</a></li>
<li>Upgrade to Reactor 2024.0.6 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34898">#34898</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/Artur"><code>@​Artur</code></a>-, <a
href="https://github.com/blake-bauman"><code>@​blake-bauman</code></a>,
<a href="https://github.com/iifawzi"><code>@​iifawzi</code></a>, <a
href="https://github.com/kilink"><code>@​kilink</code></a>, <a
href="https://github.com/quaff"><code>@​quaff</code></a>, <a
href="https://github.com/whlit"><code>@​whlit</code></a>, and <a
href="https://github.com/zzoe2346"><code>@​zzoe2346</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b"><code>ba590ac</code></a>
Release v6.2.7</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332"><code>ee62701</code></a>
Make use of PatternMatchUtils ignoreCase option</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1"><code>fa168ca</code></a>
Revise FactoryBean locking behavior for strict/lenient consistency</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22"><code>3c228a5</code></a>
Add missing <a href="https://github.com/since"><code>@​since</code></a>
tags in PatternMatchUtils</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f"><code>9bf6b8c</code></a>
Upgrade to Reactor 2024.0.6</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8"><code>37ecdd1</code></a>
Forward more methods to underlying InputStream in
NonClosingInputStream</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c"><code>73f1c5a</code></a>
Polishing</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d"><code>4d296fb</code></a>
Upgrade to Micrometer 1.14.7</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512"><code>6a94444</code></a>
Clarify CompositePropertySource behavior for EnumerablePropertySource
contract</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd"><code>03ae97b</code></a>
Introduce Spring property for default escape character for
placeholders</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-jdbc&package-manager=gradle&previous-version=6.2.6&new-version=6.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:52:04 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1f56ccfc99 Bump gradle/actions from 4.3.1 to 4.4.0 (#3544)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [gradle/actions](https://github.com/gradle/actions) from 4.3.1 to
4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/actions/releases">gradle/actions's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<p>This release updates 2 downstream components:</p>
<ul>
<li>Develocity injection has been updated to <a
href="https://github.com/gradle/develocity-ci-injection/releases/tag/v2.0">v2.0</a>
<ul>
<li>Some environment variables related to Develocity injection have been
renamed. All vars now being with <code>DEVELOCITY_INJECTION_</code>.
Check <a
href="https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-develocity-injection">the
docs</a> for more details.</li>
</ul>
</li>
<li>Dependency-graph plugin has been updated to <a
href="https://github.com/gradle/github-dependency-graph-gradle-plugin/releases/tag/v1.4.0">v1.4.0</a>
<ul>
<li>The 'detector' values included in the generated graph can now be
configured via environment variables.</li>
</ul>
</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Update develocity-injection init script to v1.3 by <a
href="https://github.com/bot-githubaction"><code>@​bot-githubaction</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/592">gradle/actions#592</a></li>
<li>Update develocity-injection init script to v2.0 by <a
href="https://github.com/bot-githubaction"><code>@​bot-githubaction</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/593">gradle/actions#593</a></li>
<li>[StepSecurity] ci: Harden GitHub Actions by <a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li>
<li>Use v1.4.0 of dependency graph plugin by <a
href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a
href="https://redirect.github.com/gradle/actions/pull/638">gradle/actions#638</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
made their first contribution in <a
href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/actions/compare/v4.3.1...v4.4.0">https://github.com/gradle/actions/compare/v4.3.1...v4.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gradle/actions/commit/8379f6a1328ee0e06e2bb424dadb7b159856a326"><code>8379f6a</code></a>
Use v1.4.0 of dependency graph plugin (<a
href="https://redirect.github.com/gradle/actions/issues/638">#638</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/9f79b5fa2c0d6f1157051630d2fb45b9f10ca6a5"><code>9f79b5f</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/e093fac84ca6df405f28ca0317458de1a4c7ad65"><code>e093fac</code></a>
Bump the npm-dependencies group in /sources with 5 updates (<a
href="https://redirect.github.com/gradle/actions/issues/636">#636</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/768a17f3488dc3fe0155ff431553e1f53d57e22e"><code>768a17f</code></a>
Bump the npm-dependencies group in /sources with 2 updates (<a
href="https://redirect.github.com/gradle/actions/issues/635">#635</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/36541137722dacf3739105e1b760c6856d5369e4"><code>3654113</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/2ad385cb2aee647fa33b18e52b479ae14fed4c6c"><code>2ad385c</code></a>
Replace use of typed-rest-client with <code>@​actions/http-client</code>
(<a
href="https://redirect.github.com/gradle/actions/issues/634">#634</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/95dcf96b0d6e55b48ba036a7d7480ce25a00e6ef"><code>95dcf96</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/2e3238a6642725202f6a5656922bbe434f25b03e"><code>2e3238a</code></a>
Bump actions/download-artifact from 4.2.1 to 4.3.0 in
/.github/actions/init-i...</li>
<li><a
href="https://github.com/gradle/actions/commit/39dddb8ae7ff59c7416189aac27a8980abd89bd0"><code>39dddb8</code></a>
Remove direct use of octokit/request-error (<a
href="https://redirect.github.com/gradle/actions/issues/632">#632</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/755ed7db09daddecb584fd9d200146c632f1af98"><code>755ed7d</code></a>
[bot] Update dist directory</li>
<li>Additional commits viewable in <a
href="https://github.com/gradle/actions/compare/06832c7b30a0129d7fb559bcc6e43d26f6374244...8379f6a1328ee0e06e2bb424dadb7b159856a326">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/actions&package-manager=github_actions&previous-version=4.3.1&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:51:52 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f290f62e23 Bump actions/dependency-review-action from 4.7.0 to 4.7.1 (#3543)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 4.7.0 to 4.7.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.1</h2>
<ul>
<li>Packages added to <code>allow-dependencies-licenses</code> will be
allowed even if the package in question has no license information <a
href="https://redirect.github.com/actions/dependency-review-action/issues/889">#889</a></li>
<li>License expressions (e.g. <code>Ruby OR GPL-2.0</code>) in the allow
list are automatically discarded so that they don't invalidate the whole
allow list, which should just be license identifier (e.g.
<code>Ruby</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/da24556b548a50705dd671f47852072ea4c105d9"><code>da24556</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/933">#933</a>
from actions/dangoor/471-release</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9af0caf0e50bd16cea055a1319f959e718f9cd5d"><code>9af0caf</code></a>
Bump version number for 4.7.1</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/d8f2df20d5605f0dd46db3bd283002c24e357724"><code>d8f2df2</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/932">#932</a>
from actions/907-disallow-expression</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/6e9307a3d4e5049e0dd8b5f9d51dfa0544391d3a"><code>6e9307a</code></a>
Discard allow list entries that are not SPDX IDs</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/8805179dc9a63c54224914839d370dd93bd37b2e"><code>8805179</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/930">#930</a>
from actions/889-allow-no-license</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/014300b08cd78d8944f631eb3415e4c079cdb3e8"><code>014300b</code></a>
Update build</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/34486f306eacc0b5ba73c8d12b5af19a58d22364"><code>34486f3</code></a>
Check namespaces when excluding license checks</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9b155d6432a2e91d56f1d2ad084483e8cd766a23"><code>9b155d6</code></a>
Update build</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/f199659a6a39762ca0753d8a2fb41192144f257a"><code>f199659</code></a>
Allowing dependencies works with no licenses</li>
<li>See full diff in <a
href="https://github.com/actions/dependency-review-action/compare/38ecb5b593bf0eb19e335c03f97670f792489a8b...da24556b548a50705dd671f47852072ea4c105d9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.7.0&new-version=4.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:51:32 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
74fcf01d03 Bump github/codeql-action from 3.28.17 to 3.28.18 (#3542)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.17 to 3.28.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.18</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.18/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/ff0a06e83cb2de871e5a09832bc6a81e7276941f"><code>ff0a06e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2896">#2896</a>
from github/update-v3.28.18-b86edfc27</li>
<li><a
href="https://github.com/github/codeql-action/commit/a41e0844be4d25fcef7ce7fa536f3e30275a9a1c"><code>a41e084</code></a>
Update changelog for v3.28.18</li>
<li><a
href="https://github.com/github/codeql-action/commit/b86edfc27a1e0d3b55127a7496a1c770a02b2f84"><code>b86edfc</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2893">#2893</a>
from github/update-bundle/codeql-bundle-v2.21.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/e93b90025f7c49dccc3ee640c4155b63eb9a6b39"><code>e93b900</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.21.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/510dfa3460b15b34a807ab5609b4691aed5ebbee"><code>510dfa3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2894">#2894</a>
from github/henrymercer/skip-validating-codeql-sarif</li>
<li><a
href="https://github.com/github/codeql-action/commit/492d7832457da825a964331d860789f3f19d105b"><code>492d783</code></a>
Merge branch 'main' into henrymercer/skip-validating-codeql-sarif</li>
<li><a
href="https://github.com/github/codeql-action/commit/83bdf3b7f92061d2f6d74e2a4555ecf719adad68"><code>83bdf3b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2859">#2859</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/cffc916774454a5ead1c8fb7925abad20cda85e4"><code>cffc916</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2891">#2891</a>
from austinpray-mixpanel/patch-1</li>
<li><a
href="https://github.com/github/codeql-action/commit/4420887272f1c68c7c58ca2970bdfb5eb657cf08"><code>4420887</code></a>
Add deprecation warning for CodeQL 2.16.5 and earlier</li>
<li><a
href="https://github.com/github/codeql-action/commit/4e178c584157c51ff3d6fb87c764e7ed0715f82a"><code>4e178c5</code></a>
Update supported versions table in README</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/60168efe1c415ce0f5521ea06d5c2062adbeed1b...ff0a06e83cb2de871e5a09832bc6a81e7276941f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.17&new-version=3.28.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:51:13 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1346abf0e5 Bump docker/build-push-action from 6.16.0 to 6.17.0 (#3541)
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.16.0 to 6.17.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.17.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.59.0 to 0.61.0 by
<a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1364">docker/build-push-action#1364</a></li>
</ul>
<blockquote>
<p>[!NOTE]
Build record is now exported using the <a
href="https://docs.docker.com/reference/cli/docker/buildx/history/export/"><code>buildx
history export</code></a> command instead of the legacy export-build
tool.</p>
</blockquote>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0">https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/1dc73863535b631f98b2378be8619f83b136f4a0"><code>1dc7386</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1364">#1364</a>
from crazy-max/history-export-cmd</li>
<li><a
href="https://github.com/docker/build-push-action/commit/9c9803f36437c54a2bf7b2c9a4a9011c2a812d71"><code>9c9803f</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/db1f6c46e8d64f89ec10010e409681bcf7951c05"><code>db1f6c4</code></a>
DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export</li>
<li><a
href="https://github.com/docker/build-push-action/commit/721e8c79de660781840d3a69a11e39e1e836ef8e"><code>721e8c7</code></a>
Bump <code>@​docker/actions-toolkit</code> from 0.59.0 to 0.61.0</li>
<li>See full diff in <a
href="https://github.com/docker/build-push-action/compare/14487ce63c7a62a4a324b0bfb37086795e31c6c1...1dc73863535b631f98b2378be8619f83b136f4a0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.16.0&new-version=6.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 11:50:59 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
70717813f6 Bump io.micrometer:micrometer-core from 1.14.6 to 1.14.7 (#3521)
Bumps
[io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer)
from 1.14.6 to 1.14.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's
releases</a>.</em></p>
<blockquote>
<h2>1.14.7</h2>
<h2> New Features</h2>
<ul>
<li>Replace Meter.Id.getTags() with cheaper alternatives <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6147">#6147</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>MultiGauge doesn't work with MeterFilter.map() <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6146">#6146</a></li>
<li>Record cache.size in CaffeineCacheMetrics without enabling
recordStats() <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6128">#6128</a></li>
<li>TimedHandler shutdown hanging indefinitely <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6194">#6194</a></li>
<li>Use snapshot consistently in AppOpticsMeterRegistry.writeSummary()
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6181">#6181</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/AlexElin"><code>@​AlexElin</code></a>, <a
href="https://github.com/RafeArnold"><code>@​RafeArnold</code></a>, and
<a href="https://github.com/izeye"><code>@​izeye</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/b6e5031303afbdf43073dc19377d84d8e858c048"><code>b6e5031</code></a>
Bump com.tngtech.archunit:archunit-junit5 from 1.3.1 to 1.3.2 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6226">#6226</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/6567cdccd3440b9fb1624463f4470e255d449314"><code>6567cdc</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/80d4c9d986dfddee331a22f16a533ee3e4725116"><code>80d4c9d</code></a>
Call Shutdown#check after finishing timing (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6194">#6194</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/7f82709bb221470065f23c312e7441952ff78cb4"><code>7f82709</code></a>
Bump maven-resolver from 1.9.22 to 1.9.23 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6219">#6219</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/a1a4f3d83dfaef791949c5cd042e28535e60165b"><code>a1a4f3d</code></a>
Bump maven-resolver from 1.9.22 to 1.9.23 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6218">#6218</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/a6adb3a05862e5c8896a997a755daa159e06eba5"><code>a6adb3a</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/fb2d4da16e9388852064b10b6004441848c69dce"><code>fb2d4da</code></a>
Get Google Cloud project ID from env var for integration tests</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/4f0cf532a923f31c89f80e4a85e1bf3eb61a58e9"><code>4f0cf53</code></a>
Bump com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.18.4
(<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6214">#6214</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/33d1f7ebfd4e33bd027ced975adcd044d83fad12"><code>33d1f7e</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/79939c3958fe95b03da844c55e9ce4f03d5e2d3d"><code>79939c3</code></a>
Fix JavaDurationGetSecondsToToSeconds warnings for tests (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6207">#6207</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.6&new-version=1.14.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-13 23:05:26 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
662c2a4dfe Bump org.apache.xmlgraphics:batik-all from 1.18 to 1.19 (#3520)
Bumps org.apache.xmlgraphics:batik-all from 1.18 to 1.19.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.xmlgraphics:batik-all&package-manager=gradle&previous-version=1.18&new-version=1.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-13 23:05:06 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9fc174d12d Bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#3519)
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 4.6.0 to 4.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.0</h2>
<ul>
<li>Handle complex license expressions (e.g. <code>MIT AND
GPL-2.0</code>) in allow lists (fixes <a
href="https://redirect.github.com/actions/dependency-review-action/issues/809">#809</a>
and probably others)</li>
<li>Replace <code>OTHER</code> in package licenses with
<code>LicenseRef-clearlydefined-OTHER</code> so that parsing passes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/38ecb5b593bf0eb19e335c03f97670f792489a8b"><code>38ecb5b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/929">#929</a>
from actions/dangoor/4.7-release</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/0e9e935cc870609b60e95f0ca9c5439df6c5a001"><code>0e9e935</code></a>
Version 4.7.0 release</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/69d2faa36575aaf6f3b6e83344dccafd1434b31e"><code>69d2faa</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/926">#926</a>
from dangoor/dangoor/replace-other</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/7e14978e0e6d56c5c368d665cfe64859530ae43e"><code>7e14978</code></a>
Merge branch 'actions:main' into dangoor/replace-other</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/8477905b0e5eb937fce8d6d92309aee88f4a4295"><code>8477905</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/927">#927</a>
from dangoor/dangoor/multilicense</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/f3ff3564fad5f71b84386e8dd99dcdd5f25b6e9e"><code>f3ff356</code></a>
Update dist</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/c7565d44ece013dd49742989a6bd8f2042aed16a"><code>c7565d4</code></a>
Fix tests and respond to review feedback</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/82299c3bbe54c01331889c2b0f62af249dfb0ee8"><code>82299c3</code></a>
Replace OTHER with a LicenseRef</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/2013ccccfe108a74501d552608b81853e407307a"><code>2013ccc</code></a>
Update type definition for spdx-satisfies</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/3a2b68706a35b3507491b524adfe1c822821e706"><code>3a2b687</code></a>
Handle complex licenses (e.g. X AND Y)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/ce3cf9537a52e8119d91fd484ab5b8a807627bf8...38ecb5b593bf0eb19e335c03f97670f792489a8b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.6.0&new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-13 23:04:45 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1aff1d3480 Bump com.opencsv:opencsv from 5.10 to 5.11 (#3476)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps com.opencsv:opencsv from 5.10 to 5.11.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.opencsv:opencsv&package-manager=gradle&previous-version=5.10&new-version=5.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 10:43:42 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bfaffe5050 Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.6 to 2.8.8 (#3482)
Bumps
[org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi)
from 2.8.6 to 2.8.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.8</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8">https://github.com/springdoc/springdoc-openapi/compare/v2.8.7...v2.8.8</a></p>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a>
- Handle projects not using kotlin-reflect <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
</ul>
<h2>springdoc-openapi v2.8.7 released!</h2>
<h2>What's Changed</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Introducing springdoc-openapi-bom project</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a>
- Customize Servers via application.yml</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a>
- Set default content type for problem details object to
application/problem+jso</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a>
- List of value classes in Kotlin</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade swagger-ui to v5.21.0</li>
<li>Upgrade swagger-core to 2.2.30</li>
<li>Upgrade spring-boot to version 3.4.5</li>
<li>Upgrade spring-security-oauth2-authorization-server to version
1.4.3</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a>
- Unexpected warning &quot;Appended trailing slash to static resource
location&quot;</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a>
- NPE when customizing group's open-api without specifying any
schema</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a>
- fix path to register resource handler to work
SwaggerIndexPageTransformer considering /webjar path prefix</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a>
- Cannot add custom description and example for java.time.Duration since
v2.8.6</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a>
- <a href="https://github.com/Header"><code>@​Header</code></a>(schema =
<a href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or broken schema in OpenAPI output
since 2.8.0</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a>
- Build Failure due to Private Inner Class.</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2556">#2556</a>
- Unable to determine if it is a Kotlin type</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lagoshny"><code>@​lagoshny</code></a>
made their first contribution in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2970">springdoc/springdoc-openapi#2970</a></li>
<li><a href="https://github.com/mymx2"><code>@​mymx2</code></a> made
their first contribution in <a
href="https://redirect.github.com/springdoc/springdoc-openapi/pull/2950">springdoc/springdoc-openapi#2950</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7">https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's
changelog</a>.</em></p>
<blockquote>
<h2>[2.8.8] - 2025-05-04</h2>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a>
- Handle projects not using kotlin-reflect <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
</ul>
<h2>[2.8.7] - 2025-05-04</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a>
- Introducing springdoc-openapi-bom project</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2948">#2948</a>
- Customize Servers via application.yml</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2963">#2963</a>
- Set default content type for problem details object to
application/problem+jso</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a>
- List of value classes in Kotlin</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade swagger-ui to v5.21.0</li>
<li>Upgrade swagger-core to 2.2.30</li>
<li>Upgrade spring-boot to version 3.4.5</li>
<li>Upgrade spring-security-oauth2-authorization-server to version
1.4.3</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2947">#2947</a>
- Unexpected warning &quot;Appended trailing slash to static resource
location&quot;</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2960">#2960</a>
- NPE when customizing group's open-api without specifying any
schema</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2969">#2969</a>
- fix path to register resource handler to work
SwaggerIndexPageTransformer considering /webjar path prefix</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2964">#2964</a>
- Cannot add custom description and example for java.time.Duration since
v2.8.6</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2972">#2972</a>
- <a href="https://github.com/Header"><code>@​Header</code></a>(schema =
<a href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or broken schema in OpenAPI output
since 2.8.0</li>
<li><a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a>
- Build Failure due to Private Inner Class.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/bce44dbe502cbaeeff6188fe210042859aa0ed54"><code>bce44db</code></a>
[maven-release-plugin] prepare release v2.8.8</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/707fce0271fda0c713c412488247dba4cc32d98c"><code>707fce0</code></a>
Handle projects not using kotlin-reflect. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2977">#2977</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/7a3546cb733d3ca493b6e622778a97c73b39b04a"><code>7a3546c</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/764ef2fd42040232a7a9280d826ed72a591da3df"><code>764ef2f</code></a>
[maven-release-plugin] prepare release v2.8.7</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/98dacbda5cbdb0a278aa407ddc6aa05c8f23f031"><code>98dacbd</code></a>
Prepare for the next release</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/5eb7d77e55df6b1b4ea1964fb146233f88b71e2d"><code>5eb7d77</code></a>
pom.xml cleanup for <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/9dffa3d7d43e11ee1abfa86c7bf9b1886fc23e11"><code>9dffa3d</code></a>
pom.xml cleanup for <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2944">#2944</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/a68b42edf1465f1888c42263dac5547622ebd4cc"><code>a68b42e</code></a>
List of value classes in Kotlin. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2971">#2971</a></li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/95fa3bbb71859e428092034efbb3deae9bf4c892"><code>95fa3bb</code></a>
Regression: <a
href="https://github.com/Header"><code>@​Header</code></a>(schema = <a
href="https://github.com/Schema"><code>@​Schema</code></a>(type =
&quot;string&quot;)) generates empty or bro...</li>
<li><a
href="https://github.com/springdoc/springdoc-openapi/commit/3d056d8c55ec3139fc3e2d4a2f0eed7d8384d5f0"><code>3d056d8</code></a>
Build Failure due to Private Inner Class. Fixes <a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2976">#2976</a>,
<a
href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2967">#2967</a></li>
<li>Additional commits viewable in <a
href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.6...v2.8.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springdoc:springdoc-openapi-starter-webmvc-ui&package-manager=gradle&previous-version=2.8.6&new-version=2.8.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 10:43:09 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3a615360a0 Bump actions/create-github-app-token from 2.0.5 to 2.0.6 (#3475)
Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 2.0.5 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.6</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.5...v2.0.6">2.0.6</a>
(2025-05-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>replace <code>-</code> with <code>_</code> (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5">3336784</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/df432ceedc7162793a195dd1713ff69aefc7379e"><code>df432ce</code></a>
build(release): 2.0.6 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5"><code>3336784</code></a>
fix: replace <code>-</code> with <code>_</code> (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/create-github-app-token/compare/db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959...df432ceedc7162793a195dd1713ff69aefc7379e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=2.0.5&new-version=2.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-05 23:23:16 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
20f0cf1ac3 Bump pdfboxVersion from 3.0.4 to 3.0.5 (#3465)
Bumps `pdfboxVersion` from 3.0.4 to 3.0.5.
Updates `org.apache.pdfbox:pdfbox` from 3.0.4 to 3.0.5

Updates `org.apache.pdfbox:preflight` from 3.0.4 to 3.0.5

Updates `org.apache.pdfbox:xmpbox` from 3.0.4 to 3.0.5


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-03 14:32:08 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
561d3f4eed Bump actions/create-github-app-token from 2.0.2 to 2.0.5 (#3466)
Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 2.0.2 to 2.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.5</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.4...v2.0.5">2.0.5</a>
(2025-05-02)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump the production-dependencies group with 3
updates (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905">d64d7d7</a>)</li>
</ul>
<h2>v2.0.4</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4">2.0.4</a>
(2025-05-02)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>permission input handling (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5">2950cbc</a>)</li>
</ul>
<h2>v2.0.3</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.3">2.0.3</a>
(2025-05-01)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>README:</strong> use <code>v2</code> in examples (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/234">#234</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/9ba274d954c9af64fbf4cec63082d0e3f57e9b5f">9ba274d</a>),
closes <a
href="https://redirect.github.com/actions/create-github-app-token/issues/232">#232</a></li>
<li>use <code>core.getBooleanInput()</code> to retrieve boolean input
values (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/223">#223</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/c3c17c79ccedec31f588e88d6ad5ff9036afe580">c3c17c7</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959"><code>db3cdf4</code></a>
build(release): 2.0.5 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905"><code>d64d7d7</code></a>
fix(deps): bump the production-dependencies group with 3 updates (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/1b6f53e48e3bd5e9fbd610599fc41fca986c51e9"><code>1b6f53e</code></a>
build(deps-dev): bump the development-dependencies group across 1
directory w...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/061a84d5f55008a6dfb441735e1568fcb8da8b50"><code>061a84d</code></a>
build(deps-dev): bump <code>@​octokit/openapi</code> from 18.2.0 to
19.0.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/242">#242</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/c8f34a61a85667dfbbbc74c5468935fc8a369720"><code>c8f34a6</code></a>
build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to
5.2.0 in...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/4821f52fa7a8e45784f1d99cdb1c27bec9f00720"><code>4821f52</code></a>
build(release): 2.0.4 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5"><code>2950cbc</code></a>
fix: permission input handling (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/30bf6253fa41bdc8d1501d202ad15287582246b4"><code>30bf625</code></a>
build(release): 2.0.3 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/c3c17c79ccedec31f588e88d6ad5ff9036afe580"><code>c3c17c7</code></a>
fix: use <code>core.getBooleanInput()</code> to retrieve boolean input
values (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/223">#223</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/9ba274d954c9af64fbf4cec63082d0e3f57e9b5f"><code>9ba274d</code></a>
fix(README): use <code>v2</code> in examples (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/234">#234</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/create-github-app-token/compare/3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5...db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=2.0.2&new-version=2.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-03 14:31:49 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
e239bbf89a Bump github/codeql-action from 3.28.16 to 3.28.17 (#3467)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.16 to 3.28.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.17</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/60168efe1c415ce0f5521ea06d5c2062adbeed1b"><code>60168ef</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2886">#2886</a>
from github/update-v3.28.17-97a2bfd2a</li>
<li><a
href="https://github.com/github/codeql-action/commit/0d5a3115da6459f8ab4333164184f8292c0c7a7f"><code>0d5a311</code></a>
Update changelog for v3.28.17</li>
<li><a
href="https://github.com/github/codeql-action/commit/97a2bfd2a3d26d458da69e548f7f859d6fca634d"><code>97a2bfd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2872">#2872</a>
from github/update-bundle/codeql-bundle-v2.21.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/9aba20e4c91fd8c3a71d5ab2bdeba0da11713864"><code>9aba20e</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/81a9508deb02898c1a7be79bd5b49bb0ab9c787e"><code>81a9508</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2876">#2876</a>
from github/henrymercer/fix-diff-informed-multiple-a...</li>
<li><a
href="https://github.com/github/codeql-action/commit/1569f4c145413fbce7d6573c6ee9212d2612d27f"><code>1569f4c</code></a>
Disable diff-informed queries in code scanning config tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/62fbeb66b359bfbdec7d4d96af8f68aece59b4db"><code>62fbeb6</code></a>
Merge branch 'main' into
henrymercer/fix-diff-informed-multiple-analyze</li>
<li><a
href="https://github.com/github/codeql-action/commit/f122d1dc9eb83b12dc16b38495b667a2dddfa6f9"><code>f122d1d</code></a>
Address test failures from computing temporary directory too early</li>
<li><a
href="https://github.com/github/codeql-action/commit/083772aae48a3be5654921bb6e6ccb00e0e1d563"><code>083772a</code></a>
Do not fail diff informed analyses when <code>analyze</code> is run
twice in the same job</li>
<li><a
href="https://github.com/github/codeql-action/commit/5db14d0471303d6eee1e2a51393f5ae1669b6703"><code>5db14d0</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...60168efe1c415ce0f5521ea06d5c2062adbeed1b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.16&new-version=3.28.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-03 14:31:44 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9635e573d8 Bump gradle from 8.13-jdk21 to 8.14-jdk21 (#3439)
Bumps gradle from 8.13-jdk21 to 8.14-jdk21.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle&package-manager=docker&previous-version=8.13-jdk21&new-version=8.14-jdk21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-29 11:39:38 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ffb8e98dcd Bump springBootVersion from 3.4.4 to 3.4.5 (#3440)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps `springBootVersion` from 3.4.4 to 3.4.5.
Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.4 to
3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-web's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.4
to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-jetty's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from
3.4.4 to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-thymeleaf's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-security` from
3.4.4 to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-security's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-data-jpa` from
3.4.4 to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-data-jpa's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-oauth2-client`
from 3.4.4 to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-oauth2-client's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.4
to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-test's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-actuator` from
3.4.4 to 3.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-actuator's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name  <a href="ht...

_Description has been truncated_

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-29 11:39:15 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b7eed4300e Bump docker/build-push-action from 6.15.0 to 6.16.0 (#3442)
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.15.0 to 6.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.16.0</h2>
<ul>
<li>Handle no default attestations env var by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1343">docker/build-push-action#1343</a></li>
<li>Only print secret keys in build summary output by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1353">docker/build-push-action#1353</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1352">docker/build-push-action#1352</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0">https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/14487ce63c7a62a4a324b0bfb37086795e31c6c1"><code>14487ce</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1343">#1343</a>
from crazy-max/fix-no-default-attest</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0ec91264d895acf7dfe05d54d8a3cc28f95b6346"><code>0ec9126</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1366">#1366</a>
from crazy-max/pr-assign-author</li>
<li><a
href="https://github.com/docker/build-push-action/commit/b749522b90af1b517f52d8c1e67b2a965cea5eae"><code>b749522</code></a>
pr-assign-author workflow</li>
<li><a
href="https://github.com/docker/build-push-action/commit/c566248492c912e39910ac79e2f05a82260233a8"><code>c566248</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1363">#1363</a>
from crazy-max/fix-codecov</li>
<li><a
href="https://github.com/docker/build-push-action/commit/13275dd76e44afdffdd61da8b8ae8e26ee11671f"><code>13275dd</code></a>
ci: fix missing source for codecov</li>
<li><a
href="https://github.com/docker/build-push-action/commit/67dc78bbaf388b3265f7e1c880e681f4b90d5f48"><code>67dc78b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1361">#1361</a>
from mschoettle/patch-1</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0760504437ba8d0d98e7d5b625560bdede11b3b5"><code>0760504</code></a>
docs: add validating build configuration example</li>
<li><a
href="https://github.com/docker/build-push-action/commit/1c198f4467ce458288d816cabd773cd574f16977"><code>1c198f4</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/288d9e2e4a70c24711ba959b94c2209b9205347e"><code>288d9e2</code></a>
handle no default attestations env var</li>
<li><a
href="https://github.com/docker/build-push-action/commit/88844b95d8cbbb41035fa9c94e5967a33b92db78"><code>88844b9</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1353">#1353</a>
from crazy-max/summary-secret-keys</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/build-push-action/compare/471d1dc4e07e5cdedd4c2171150001c434f0b7a4...14487ce63c7a62a4a324b0bfb37086795e31c6c1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.15.0&new-version=6.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-29 11:38:55 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4673dbb4e7 Bump org.springframework.boot from 3.4.4 to 3.4.5 (#3441)
Bumps
[org.springframework.boot](https://github.com/spring-projects/spring-boot)
from 3.4.4 to 3.4.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Spring Boot with native image container image build fails on podman
due to directory permissions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45256">#45256</a></li>
<li>Neo4jReactiveDataAutoConfiguration assumes that certain beans are
available <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45235">#45235</a></li>
<li>Wrong jOOQ exception translator with empty db name <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45219">#45219</a></li>
<li>MessageSourceMessageInterpolator does not replace a parameter when
the message matches its code <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45213">#45213</a></li>
<li>IntegrationMbeanExporter is not eligible for getting processed by
all BeanPostProcessors warnings are shown when using JMX <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45194">#45194</a></li>
<li>OAuth2AuthorizationServerJwtAutoConfiguration uses
<code>@ConditionalOnClass</code> incorrectly <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45178">#45178</a></li>
<li>MongoDB's dependency management is missing Kotlin coroutine driver
modules <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45159">#45159</a></li>
<li>ImagePlatform can cause &quot;OS must not be empty&quot;
IllegalArgumentException <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45153">#45153</a></li>
<li>TypeUtils does not handle generics with identical names in different
positions <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45039">#45039</a></li>
<li>HttpClient5 5.4.3 breaks local Docker transport <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45028">#45028</a></li>
<li>spring.datasource.hikari.data-source-class-name cannot be used as a
driver class name is always required and Hikari does not accept both <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45002">#45002</a></li>
<li>Post-processing to apply custom JdbcConnectionDetails triggers an
NPE in Hikari if the JDBC URL is for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44998">#44998</a></li>
<li>DataSourceBuilder triggers an NPE in Hikari when trying to build a
DataSource with a JDBC URL for an unknown driver <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44995">#44995</a></li>
<li>SSL config does not watch for symlink file changes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44887">#44887</a></li>
<li>EmbeddedLdapAutoConfiguration should not rely on PreDestroy <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44874">#44874</a></li>
<li>DataSourceTransactionManagerAutoConfiguration should run after
DataSourceAutoConfiguration <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44819">#44819</a></li>
<li>JsonValueWriter can throw StackOverflowError on deeply nested items
<a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44627">#44627</a></li>
<li>In a reactive web app, SslBundle can no longer open store file
locations without using a 'file:' prefix <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44535">#44535</a></li>
<li>Logging a Path object using structured logging throws
StackOverflowError <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44507">#44507</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Make <code>@Component</code> a javadoc link <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45258">#45258</a></li>
<li>Fix documentation links to buildpacks.io <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45241">#45241</a></li>
<li>Clarify the use of multiple profile expressions with
&quot;spring.config.activate.on-profile&quot; <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45224">#45224</a></li>
<li>Show the use of token properties in authorization server clients
configuration example <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45176">#45176</a></li>
<li>Add details of the purpose of the metrics endpoint <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45047">#45047</a></li>
<li>Escape the asterisk in spring-application.adoc <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45033">#45033</a></li>
<li>Add reference to Styra (OPA) Spring Boot SDK <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44976">#44976</a></li>
<li>Update CDS documentation to cover AOTCache <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44970">#44970</a></li>
<li>WebFlux security documentation incorrectly links to servlet classes
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44966">#44966</a></li>
<li>Replace mentions of deprecated MockBean annotation <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44947">#44947</a></li>
<li>TaskExecution documentation should describe what happens when
multiple Executor beans are present <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44908">#44908</a></li>
<li>Documentation lists coordinates for some dependencies that are not
actually managed <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44879">#44879</a></li>
<li>Polish javadoc of SpringProfileAction <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44826">#44826</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to AspectJ 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45184">#45184</a></li>
<li>Upgrade to Couchbase Client 3.7.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45072">#45072</a></li>
<li>Upgrade to Hibernate 6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45073">#45073</a></li>
<li>Upgrade to HttpClient5 5.4.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45074">#45074</a></li>
<li>Upgrade to HttpCore5 5.3.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45075">#45075</a></li>
<li>Upgrade to Jaybird 5.0.7.java11 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45076">#45076</a></li>
<li>Upgrade to Jetty 12.0.19 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45077">#45077</a></li>
<li>Upgrade to jOOQ 3.19.22 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45078">#45078</a></li>
<li>Upgrade to Lombok 1.18.38 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/45079">#45079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/b882c29bdf607d5d4db910f7fd0161143a1329c7"><code>b882c29</code></a>
Release v3.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/918066f39ae72de5a6e1bae78c841396e049e5b6"><code>918066f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/ab0c332d9995963d22c202706564be58ff724622"><code>ab0c332</code></a>
Next development version (v3.3.12-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/71acf939ace320fbfa35ce48577ba534469dfc90"><code>71acf93</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d2eaac6b60d117c3d10939866c70fce6b945eefd"><code>d2eaac6</code></a>
Revert &quot;Upgrade to Netty 4.1.120.Final&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d24a38f0f890ef70a07be8236bb9717527f50ba5"><code>d24a38f</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/933572ad5e7da2e47d8efc168a86c8cf6105b062"><code>933572a</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/016b3de968b9b9a6319f7bc58abfb1df007bbc4b"><code>016b3de</code></a>
Upgrade to Netty 4.1.120.Final</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/46a709a8503c096e2514c8cd17b1a7e7e715e7b2"><code>46a709a</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/55f67c9a522647039fd3294dee5cb83f4888160a"><code>55f67c9</code></a>
Fix potential null problem in actuator</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.4...v3.4.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.4.4&new-version=3.4.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-29 11:38:29 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5b34c00237 Bump actions/download-artifact from 4.2.1 to 4.3.0 (#3443)
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.2.1 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: implement new <code>artifact-ids</code> input by <a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
<li>Fix workflow example for downloading by artifact ID by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/402">actions/download-artifact#402</a></li>
<li>Prep for v4.3.0 release by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/404">actions/download-artifact#404</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0">https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/d3f86a106a0bac45b974a628896c90dbdf5c8093"><code>d3f86a1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/404">#404</a>
from actions/robherley/v4.3.0</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fc02353415da80201a0da48ab47022efd7725d11"><code>fc02353</code></a>
prep for v4.3.0 release</li>
<li><a
href="https://github.com/actions/download-artifact/commit/77454371a433f370a16d329ef7db197f700a7a8f"><code>7745437</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/402">#402</a>
from actions/joshmgross/download-by-id-example</li>
<li><a
href="https://github.com/actions/download-artifact/commit/84fc7a0a358aabc7f97f7f590cbfc25f57e26c6a"><code>84fc7a0</code></a>
Remove path filters from Check dist workflow</li>
<li><a
href="https://github.com/actions/download-artifact/commit/67f2bc382f6ba5ba75812a05909e8c25a366b5fb"><code>67f2bc3</code></a>
Fix workflow example for downloading by artifact ID</li>
<li><a
href="https://github.com/actions/download-artifact/commit/8ea3c2c174f79a56792e9fdd9baad75d27c5d369"><code>8ea3c2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/401">#401</a>
from actions/download-by-id</li>
<li><a
href="https://github.com/actions/download-artifact/commit/d219c630f65d8bd14366a9e2f731cbf854f62258"><code>d219c63</code></a>
add supporting unit tests for artifact downloads with ids</li>
<li><a
href="https://github.com/actions/download-artifact/commit/54124fbd881f8ce794405a06896c93c49c17463e"><code>54124fb</code></a>
revert <code>getArtifact()</code> changes - for now we have to list and
filter by artifa...</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b83057b90d3e218abf5c7b1906579eb6c598ae85"><code>b83057b</code></a>
bundle</li>
<li><a
href="https://github.com/actions/download-artifact/commit/171183c7dce98c3cf8a1fc842429d0a38ed21d33"><code>171183c</code></a>
use the same <code>artifactClient.getArtifact</code> structure as seen
above in `isSingl...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/95815c38cf2ff2164869cbab79da8d1f422bc89e...d3f86a106a0bac45b974a628896c90dbdf5c8093">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.2.1&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-29 11:37:16 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1611a82a98 Bump github/codeql-action from 3.28.15 to 3.28.16 (#3413)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.15 to 3.28.16.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.16</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.16/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/28deaeda66b76a05916b6923827895f2b14ab387"><code>28deaed</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2865">#2865</a>
from github/update-v3.28.16-2a8cbadc0</li>
<li><a
href="https://github.com/github/codeql-action/commit/03c5d71c11f6cb2c5ba7eef371219a862be30193"><code>03c5d71</code></a>
Update changelog for v3.28.16</li>
<li><a
href="https://github.com/github/codeql-action/commit/2a8cbadc02bb64a7fd15d37c977acbad02496c80"><code>2a8cbad</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2863">#2863</a>
from github/update-bundle/codeql-bundle-v2.21.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/f76eaf51a636a5c1d927998267d92d6475363ace"><code>f76eaf5</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/e63b3f5166c15fda4eb17886f01abe9445dd13f5"><code>e63b3f5</code></a>
Update default bundle to codeql-bundle-v2.21.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c3e5362829f0b0bb62ff5f6c938d7f95574c306"><code>4c3e536</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2853">#2853</a>
from github/dependabot/npm_and_yarn/npm-7d84c66b66</li>
<li><a
href="https://github.com/github/codeql-action/commit/56dd02f26d99811d607284494ff84b7d862fe837"><code>56dd02f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2852">#2852</a>
from github/dependabot/github_actions/actions-457587...</li>
<li><a
href="https://github.com/github/codeql-action/commit/192406dd845fb2228fcea74898b98df2a6cdcef6"><code>192406d</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-4575878e06</li>
<li><a
href="https://github.com/github/codeql-action/commit/c7dbb2084ed1bb623fbbb3976cd6dbae6daaf1fe"><code>c7dbb20</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2857">#2857</a>
from github/nickfyson/address-vulns</li>
<li><a
href="https://github.com/github/codeql-action/commit/9a45cd8c5025281c30bbb652197ace083c291e49"><code>9a45cd8</code></a>
move use of input variables into env vars</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/45775bd8235c68ba998cffa5171334d58593da47...28deaeda66b76a05916b6923827895f2b14ab387">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.15&new-version=3.28.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 12:47:53 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f5aaa4612a Bump org.springframework.session:spring-session-core from 3.4.2 to 3.4.3 (#3412)
Bumps
[org.springframework.session:spring-session-core](https://github.com/spring-projects/spring-session)
from 3.4.2 to 3.4.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-session/releases">org.springframework.session:spring-session-core's
releases</a>.</em></p>
<blockquote>
<h2>3.4.3</h2>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump ch-qos-logback from 1.5.16 to 1.5.17 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3345">#3345</a></li>
<li>Bump ch-qos-logback from 1.5.17 to 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3354">#3354</a></li>
<li>Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3348">#3348</a></li>
<li>Bump io.projectreactor:reactor-core from 3.6.14 to 3.6.15 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3349">#3349</a></li>
<li>Bump org-slf4j from 2.0.16 to 2.0.17 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3344">#3344</a></li>
<li>Bump org-springframework-boot from 3.3.8 to 3.3.9 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3343">#3343</a></li>
<li>Bump org-springframework-boot from 3.3.9 to 3.3.10 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3356">#3356</a></li>
<li>Bump org.aspectj:aspectjweaver from 1.9.22.1 to 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3350">#3350</a></li>
<li>Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to
4.33.24 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3346">#3346</a></li>
<li>Bump org.mariadb.jdbc:mariadb-java-client from 3.3.3 to 3.3.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3365">#3365</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2024.1.3 to
2024.1.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3352">#3352</a></li>
<li>Bump org.springframework.security:spring-security-bom from 6.4.2 to
6.4.3 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3342">#3342</a></li>
<li>Bump org.springframework.security:spring-security-bom from 6.4.3 to
6.4.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3353">#3353</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3351">#3351</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5 <a
href="https://redirect.github.com/spring-projects/spring-session/pull/3355">#3355</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-session/commit/38b494e8707900997c72dc37120130d61877f78f"><code>38b494e</code></a>
Release 3.4.3</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/f3536d97d6b2568c0e727173f1abfc23749760e8"><code>f3536d9</code></a>
Bump io.projectreactor:reactor-core from 3.6.14 to 3.6.15</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/d2528b46ba051f6c37ab820e8ded7de715b0c69b"><code>d2528b4</code></a>
Bump org.mariadb.jdbc:mariadb-java-client from 3.3.3 to 3.3.4</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/2353d8b3cec4f0ed104c45f10d01acf278fe1dad"><code>2353d8b</code></a>
Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/1ce75dea70c9b2b7e2d7de76ba6c648d94ef14ac"><code>1ce75de</code></a>
Bump org-springframework-boot from 3.3.9 to 3.3.10</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/e0efae790d89339ac064888101323bbc69146ca6"><code>e0efae7</code></a>
Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/98e03e63642ee71baf2f439c28c4f59e1d1740fb"><code>98e03e6</code></a>
Bump ch-qos-logback from 1.5.17 to 1.5.18</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/e642b66a87593adf794c87e045cb9a14ef4da106"><code>e642b66</code></a>
Bump org.springframework.security:spring-security-bom</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/64b7df57658c5f808e6d3c30ddc38d76bd6bcce2"><code>64b7df5</code></a>
Bump org.springframework.data:spring-data-bom from 2024.1.3 to
2024.1.4</li>
<li><a
href="https://github.com/spring-projects/spring-session/commit/ae92843e9d6a8d0b4b04814828f9189dc27af001"><code>ae92843</code></a>
Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-session/compare/3.4.2...3.4.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.session:spring-session-core&package-manager=gradle&previous-version=3.4.2&new-version=3.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 12:36:32 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
da70980be4 Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#3411)
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.8.1 to 3.8.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>install cosign v2 from main in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/186">sigstore/cosign-installer#186</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/3454372f43399081ed03b604cb2d021dabca52bb"><code>3454372</code></a>
install cosign v2 from main (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/186">#186</a>)</li>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/b6ee8f83b9a8b8ef7f46b5a8ff326f488b386693"><code>b6ee8f8</code></a>
Bump actions/setup-go from 5.3.0 to 5.4.0 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/185">#185</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a...3454372f43399081ed03b604cb2d021dabca52bb">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.8.1&new-version=3.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 12:36:14 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f8dbc05006 Bump actions/setup-python from 5.5.0 to 5.6.0 (#3410)
Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 5.5.0 to 5.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Workflow updates related to Ubuntu 20.04 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1065">actions/setup-python#1065</a></li>
<li>Fix for Candidate Not Iterable Error by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1082">actions/setup-python#1082</a></li>
<li>Upgrade semver and <code>@​types/semver</code> by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1091">actions/setup-python#1091</a></li>
<li>Upgrade prettier from 2.8.8 to 3.5.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1046">actions/setup-python#1046</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1081">actions/setup-python#1081</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.6.0">https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065"><code>a26af69</code></a>
Bump ts-jest from 29.1.2 to 29.3.2 (<a
href="https://redirect.github.com/actions/setup-python/issues/1081">#1081</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/30eafe95483bd95135b7eda0c66a0369af9afdf1"><code>30eafe9</code></a>
Bump prettier from 2.8.8 to 3.5.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/1046">#1046</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/5d95bc16d4bc83bb56202da9630d84c6f8a2d8f5"><code>5d95bc1</code></a>
Bump semver and <code>@​types/semver</code> (<a
href="https://redirect.github.com/actions/setup-python/issues/1091">#1091</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6ed2c67c8abe7646815dbd50364eea862d396fd9"><code>6ed2c67</code></a>
Fix for Candidate Not Iterable Error (<a
href="https://redirect.github.com/actions/setup-python/issues/1082">#1082</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/e348410e00f449ece8581cb8e88be8f0e7712da6"><code>e348410</code></a>
Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15
(<a
href="https://redirect.github.com/actions/setup-python/issues/1065">#1065</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/8d9ed9ac5c53483de85588cdf95a591a75ab9f55...a26af69be951a213d495a4c3e4e4022e16d87065">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.5.0&new-version=5.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 12:35:47 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
119dd23d9a Bump org.springframework.security:spring-security-saml2-service-provider from 6.4.4 to 6.4.5 (#3393)
Bumps
[org.springframework.security:spring-security-saml2-service-provider](https://github.com/spring-projects/spring-security)
from 6.4.4 to 6.4.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's
releases</a>.</em></p>
<blockquote>
<h2>6.4.5</h2>
<h2> New Features</h2>
<ul>
<li>Add link to docs zip file to the reference <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16799">#16799</a></li>
<li>Fix attribute name in <code>http.adoc</code> <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16784">#16784</a></li>
<li>Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16783">#16783</a></li>
</ul>
<h2>🪲 Bug Fixes</h2>
<ul>
<li>[Docs] Broken link on Spring MVC Test Integration page <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16785">#16785</a></li>
<li><code>ServerBearerTokenAuthenticationConverter</code> validates
parameters when not enabled <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16901">#16901</a></li>
<li>Clarify WebInvocationPrivilegeEvaluator JavaDoc <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16782">#16782</a></li>
<li>CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if
setCookieCustomizer() is used <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16862">#16862</a></li>
<li>Correct closing tag in default PassKey HTML form <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16601">#16601</a></li>
<li>Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16606">#16606</a></li>
<li>OpenSaml support should preserve encrypted elements for further
analysis <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16367">#16367</a></li>
<li>Sorting in AuthorizationAdvisorProxyFactory should be thread-safe <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16837">#16837</a></li>
<li>WebFlux reference links to Servlet docs <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16786">#16786</a></li>
<li>XML config does not apply <code>request-handler-ref</code> to
<code>CsrfAuthenticationStrategy</code> <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16844">#16844</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16767">#16767</a></li>
<li>Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16938">#16938</a></li>
<li>Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16944">#16944</a></li>
<li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to
1.0.4 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16919">#16919</a></li>
<li>Bump org-aspectj from 1.9.22.1 to 1.9.24 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16928">#16928</a></li>
<li>Bump org-eclipse-jetty from 11.0.24 to 11.0.25 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16758">#16758</a></li>
<li>Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to
6.6.13.Final <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16895">#16895</a></li>
<li>Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12
<a
href="https://redirect.github.com/spring-projects/spring-security/pull/16960">#16960</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16959">#16959</a></li>
</ul>
<h2>🔩 Build Updates</h2>
<ul>
<li>Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16894">#16894</a></li>
<li>Release 6.4.5 <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16972">#16972</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/AB-xdev"><code>@​AB-xdev</code></a>, <a
href="https://github.com/Borghii"><code>@​Borghii</code></a>, and <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-security/commit/e8aef09b4fe24337b42dd6556b79523bd550024b"><code>e8aef09</code></a>
Release 6.4.5</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/f8d417dc03175f3de9cbe372732d80594c891954"><code>f8d417d</code></a>
Preserve Encrypted Elements</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/79bacf8204f1e01c0c7ecae285b33fbb571460b9"><code>79bacf8</code></a>
Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/9bcfeab1d68606113d256e1a3defc985866da309"><code>9bcfeab</code></a>
Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to
3.2.12</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/254c9c9b2d427fe071f5ef4f5af5f1112c6703c2"><code>254c9c9</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/a5d963387b8fd7d66000f566f6cae77f8cee0f5b"><code>a5d9633</code></a>
Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/e5d9659b8f3a42eff30e1921509fb6ea9bafce26"><code>e5d9659</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/99c4f58c342cf93e4fe8165dd817aa3be1ba84d0"><code>99c4f58</code></a>
Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to
3.2.12</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/cb60d8b3ed1de5fe1c0fe13cf6f86299c55b037e"><code>cb60d8b</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/c1aa99fdd2113a232986e9c3a44673ae752de840"><code>c1aa99f</code></a>
Enforce BCrypt password length for new passwords only</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-security/compare/6.4.4...6.4.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.security:spring-security-saml2-service-provider&package-manager=gradle&previous-version=6.4.4&new-version=6.4.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 10:48:28 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
62ec512dda Bump step-security/harden-runner from 2.11.1 to 2.12.0 (#3394)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.11.1 to 2.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.0</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>A new option, <code>disable-sudo-and-containers</code>, is now
available to replace the <code>disable-sudo policy</code>, addressing
Docker-based privilege escalation (<a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r">CVE-2025-32955</a>).
More details can be found in this <a
href="https://www.stepsecurity.io/blog/evolving-harden-runners-disable-sudo-policy-for-improved-runner-security">blog
post</a>.</p>
</li>
<li>
<p>New detections have been added based on insights from the tj-actions
and reviewdog actions incidents.</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.0">https://github.com/step-security/harden-runner/compare/v2...v2.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0634a2670c59f64b4a01f0f96f84700a4088b9f0"><code>0634a26</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/541">#541</a>
from step-security/rc-20</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/2e3c5113419044c10e6826351ff7cf7d56cbebe4"><code>2e3c511</code></a>
Update action.yml</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40873e6a41e9ae4f46268f8ee038b3561bb88504"><code>40873e6</code></a>
Update README.md</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/484c2799ec63f20b4acc41bcf649dd4003718616"><code>484c279</code></a>
Update README.md</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4c8582f45544ce2dafb2cfae82cfbebf0f41bde2"><code>4c8582f</code></a>
Update agent versions</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/e8d595cd66544d43aca8ac7e42a212a5a83b41f8"><code>e8d595c</code></a>
fix disable_sudo_and_containers bug</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/5d277fc8734baba8746d0c18cb0a2594d4692c66"><code>5d277fc</code></a>
fix journalctl related bug</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/ff2ab228bdb9f0c9129169d47dbb2bdf4b8f9b0e"><code>ff2ab22</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/536">#536</a>
from rohan-stepsecurity/feat/flag/disable-sudo-and-co...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b81d650d0e627a80d0d73d192b33d729507e0ef5"><code>b81d650</code></a>
fix: run sudo command only when both disable-sudo and
disable-sudo-and-docker...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/769df4ef5d6336b33b11e5b0d43934309cf439f6"><code>769df4e</code></a>
Update agent</li>
<li>Additional commits viewable in <a
href="https://github.com/step-security/harden-runner/compare/c6295a65d1254861815972266d5933fd6e532bdf...0634a2670c59f64b4a01f0f96f84700a4088b9f0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.11.1&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 10:43:08 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
a52c81b340 Bump org.springframework:spring-jdbc from 6.2.5 to 6.2.6 (#3384)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework)
from 6.2.5 to 6.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-jdbc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.6</h2>
<h2> New Features</h2>
<ul>
<li>An option for SimpleAsyncTaskExecutor to throw an exception when
limit is reached <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34727">#34727</a></li>
<li>Provide first-class support for Bean Overrides with
<code>@ContextHierarchy</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34723">#34723</a></li>
<li>Micro performance optimizations <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34717">#34717</a></li>
<li>Suppress &quot;Unable to rollback against JDBC Connection&quot; in
case of timeout (connection closed) <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34714">#34714</a></li>
<li>Avoid early FactoryBean instantiation for type-based retrieval with
includeNonSingletons=false and allowEagerInit=true <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34710">#34710</a></li>
<li>ReactiveCachingHandler still not using error handler on sync cache.
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34708">#34708</a></li>
<li>Add an <code>exchangeForRequiredValue</code> variant to
<code>RestClient</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34692">#34692</a></li>
<li>Recursively boxing Kotlin nested value classes in
<code>CoroutinesUtils</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34682">#34682</a></li>
<li>ServletServerHttpRequest does not use charset parameter of
application/x-www-form-urlencoded <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34675">#34675</a></li>
<li>LifecycleGroup concurrent start and start timeout <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34634">#34634</a></li>
<li>HibernateJpaDialect exception translation misses concrete exceptions
wrapped in Hibernate's ExecutionException <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34633">#34633</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Inconsistency in <code>SseEmitter.onCompletion()</code> behavior
between Spring 6.2.3 and 6.2.5 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34762">#34762</a></li>
<li>Deadlock while creating Spring beans with parallel bootstrap threads
on IBM Liberty <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34729">#34729</a></li>
<li><code>PropertyBatchUpdateException</code>: causes of nested
<code>PropertyAccessException</code>s not shown in output <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34691">#34691</a></li>
<li>IllegalAccessError for package-private member of
AzureStorageConfiguration on WebSphere <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34684">#34684</a></li>
<li>Change in Jar usecache behavior with Spring 6.1.x causing
java.lang.IllegalStateException: zip file closed <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34678">#34678</a></li>
<li>Startup performance regression due to CGLIB class load attempts in
Spring 6.1.x <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a></li>
<li>An infinite wait on a parallel context.getBean() <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34672">#34672</a></li>
<li>InvalidObservationException: Invalid start: Observation
'http.client.requests' has already been started <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34671">#34671</a></li>
<li><code>@Configuration</code> classes can no longer be
<code>abstract</code> without <code>@Bean</code> methods <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34663">#34663</a></li>
<li>Generated-code for LinkedHashMap is missing static keyword <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34659">#34659</a></li>
<li>Detect late-set primary markers for autowiring shortcut algorithm <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34658">#34658</a></li>
<li><code>@MockitoBean</code> with custom <code>@Qualifier</code> is not
injected into <code>@Configuration</code> class <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34646">#34646</a></li>
<li>Qualifier Resolution Issue in Parent-Child Context Hierarchies <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34644">#34644</a></li>
<li>Enforced container-level acknowledge call for custom acknowledgement
mode <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34635">#34635</a></li>
<li>UriComponentsBuilder does not treat a URN as opaque if it contains a
slash <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34588">#34588</a></li>
<li>Migrating from Spring 6.1.x to 6.2.x leads to exceptions in a Pekko
setup <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34303">#34303</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Update Javadoc for <code>ignoreDependencyInterface()</code> in
<code>AbstractAutowireCapableBeanFactory</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34747">#34747</a></li>
<li>Update Javadoc to stop mentioning 5.3.x as the status quo <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34740">#34740</a></li>
<li>Fix broken link for Server-Sent Events <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34705">#34705</a></li>
<li>Fix typo in Bean Validation section of reference manual <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34686">#34686</a></li>
<li>Remove unnecessary closing curly brackets in Javadoc <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34679">#34679</a></li>
<li>Add javadoc notes on potential exception suppression in
<code>ListableBeanFactory#getBeansOfType</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34629">#34629</a></li>
<li>Remove remaining references to Forwarded headers in
MvcUriComponentsBuilder <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34625">#34625</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/acktsap"><code>@​acktsap</code></a>, <a
href="https://github.com/dmitrysulman"><code>@​dmitrysulman</code></a>,
<a href="https://github.com/iggzq"><code>@​iggzq</code></a>, <a
href="https://github.com/izeye"><code>@​izeye</code></a>, <a
href="https://github.com/ngocnhan-tran1996"><code>@​ngocnhan-tran1996</code></a>,
<a href="https://github.com/obourgain"><code>@​obourgain</code></a>, and
<a
href="https://github.com/tobias-haenel"><code>@​tobias-haenel</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/90f9c0929b8cfee22f715834d53903d492309f42"><code>90f9c09</code></a>
Release v6.2.6</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/f40d98668da2cb91df22a508dc0b22c3ec91aba2"><code>f40d986</code></a>
Revise configuration for javadoc Gradle tasks</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9c13c6b695ac70cd4288016815105d0a694b62fb"><code>9c13c6b</code></a>
Revert &quot;Use optimistic locking where possible in
<code>ResponseBodyEmitter</code>&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/b49924ba37d588afc0c5232290f5a6726115c10b"><code>b49924b</code></a>
Revert &quot;Fix handling of timeout in SseEmitter&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/7b8c1040773ab6537acc5c74964f9d8b6563c5f8"><code>7b8c104</code></a>
Upgrade to github-changelog-generator 0.0.12</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/8f62a8f579c31aaa9fd7a2b16e6ba414d3e9163c"><code>8f62a8f</code></a>
Suppress recently introduced warning</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/d0966dfb58056d2e955b555d38993bf65dac41e7"><code>d0966df</code></a>
Revise contribution</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/bb45a3ae69c8068b72ce939e16df46c7dc8bb1cd"><code>bb45a3a</code></a>
Update AbstractAutowireCapableBeanFactory.ignoreDependencyInterface()
Javadoc</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/7095f4cb664f7fcf033dde84325eda83d67ece70"><code>7095f4c</code></a>
Use proper casing for parameter and variable names</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/a22d204681c575c3f61c325d205a96fb92ea8e7a"><code>a22d204</code></a>
Remove duplicate words in Java source code</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.5...v6.2.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-jdbc&package-manager=gradle&previous-version=6.2.5&new-version=6.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-20 16:42:28 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c959b35639 Bump org.springframework:spring-webmvc from 6.2.5 to 6.2.6 (#3385)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework)
from 6.2.5 to 6.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-webmvc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.6</h2>
<h2> New Features</h2>
<ul>
<li>An option for SimpleAsyncTaskExecutor to throw an exception when
limit is reached <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34727">#34727</a></li>
<li>Provide first-class support for Bean Overrides with
<code>@ContextHierarchy</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34723">#34723</a></li>
<li>Micro performance optimizations <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34717">#34717</a></li>
<li>Suppress &quot;Unable to rollback against JDBC Connection&quot; in
case of timeout (connection closed) <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34714">#34714</a></li>
<li>Avoid early FactoryBean instantiation for type-based retrieval with
includeNonSingletons=false and allowEagerInit=true <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34710">#34710</a></li>
<li>ReactiveCachingHandler still not using error handler on sync cache.
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34708">#34708</a></li>
<li>Add an <code>exchangeForRequiredValue</code> variant to
<code>RestClient</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34692">#34692</a></li>
<li>Recursively boxing Kotlin nested value classes in
<code>CoroutinesUtils</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34682">#34682</a></li>
<li>ServletServerHttpRequest does not use charset parameter of
application/x-www-form-urlencoded <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34675">#34675</a></li>
<li>LifecycleGroup concurrent start and start timeout <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34634">#34634</a></li>
<li>HibernateJpaDialect exception translation misses concrete exceptions
wrapped in Hibernate's ExecutionException <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34633">#34633</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Inconsistency in <code>SseEmitter.onCompletion()</code> behavior
between Spring 6.2.3 and 6.2.5 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34762">#34762</a></li>
<li>Deadlock while creating Spring beans with parallel bootstrap threads
on IBM Liberty <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34729">#34729</a></li>
<li><code>PropertyBatchUpdateException</code>: causes of nested
<code>PropertyAccessException</code>s not shown in output <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34691">#34691</a></li>
<li>IllegalAccessError for package-private member of
AzureStorageConfiguration on WebSphere <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34684">#34684</a></li>
<li>Change in Jar usecache behavior with Spring 6.1.x causing
java.lang.IllegalStateException: zip file closed <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34678">#34678</a></li>
<li>Startup performance regression due to CGLIB class load attempts in
Spring 6.1.x <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34677">#34677</a></li>
<li>An infinite wait on a parallel context.getBean() <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34672">#34672</a></li>
<li>InvalidObservationException: Invalid start: Observation
'http.client.requests' has already been started <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34671">#34671</a></li>
<li><code>@Configuration</code> classes can no longer be
<code>abstract</code> without <code>@Bean</code> methods <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34663">#34663</a></li>
<li>Generated-code for LinkedHashMap is missing static keyword <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34659">#34659</a></li>
<li>Detect late-set primary markers for autowiring shortcut algorithm <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34658">#34658</a></li>
<li><code>@MockitoBean</code> with custom <code>@Qualifier</code> is not
injected into <code>@Configuration</code> class <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34646">#34646</a></li>
<li>Qualifier Resolution Issue in Parent-Child Context Hierarchies <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34644">#34644</a></li>
<li>Enforced container-level acknowledge call for custom acknowledgement
mode <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34635">#34635</a></li>
<li>UriComponentsBuilder does not treat a URN as opaque if it contains a
slash <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34588">#34588</a></li>
<li>Migrating from Spring 6.1.x to 6.2.x leads to exceptions in a Pekko
setup <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34303">#34303</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Update Javadoc for <code>ignoreDependencyInterface()</code> in
<code>AbstractAutowireCapableBeanFactory</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34747">#34747</a></li>
<li>Update Javadoc to stop mentioning 5.3.x as the status quo <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34740">#34740</a></li>
<li>Fix broken link for Server-Sent Events <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34705">#34705</a></li>
<li>Fix typo in Bean Validation section of reference manual <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34686">#34686</a></li>
<li>Remove unnecessary closing curly brackets in Javadoc <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34679">#34679</a></li>
<li>Add javadoc notes on potential exception suppression in
<code>ListableBeanFactory#getBeansOfType</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34629">#34629</a></li>
<li>Remove remaining references to Forwarded headers in
MvcUriComponentsBuilder <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34625">#34625</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/acktsap"><code>@​acktsap</code></a>, <a
href="https://github.com/dmitrysulman"><code>@​dmitrysulman</code></a>,
<a href="https://github.com/iggzq"><code>@​iggzq</code></a>, <a
href="https://github.com/izeye"><code>@​izeye</code></a>, <a
href="https://github.com/ngocnhan-tran1996"><code>@​ngocnhan-tran1996</code></a>,
<a href="https://github.com/obourgain"><code>@​obourgain</code></a>, and
<a
href="https://github.com/tobias-haenel"><code>@​tobias-haenel</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/90f9c0929b8cfee22f715834d53903d492309f42"><code>90f9c09</code></a>
Release v6.2.6</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/f40d98668da2cb91df22a508dc0b22c3ec91aba2"><code>f40d986</code></a>
Revise configuration for javadoc Gradle tasks</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9c13c6b695ac70cd4288016815105d0a694b62fb"><code>9c13c6b</code></a>
Revert &quot;Use optimistic locking where possible in
<code>ResponseBodyEmitter</code>&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/b49924ba37d588afc0c5232290f5a6726115c10b"><code>b49924b</code></a>
Revert &quot;Fix handling of timeout in SseEmitter&quot;</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/7b8c1040773ab6537acc5c74964f9d8b6563c5f8"><code>7b8c104</code></a>
Upgrade to github-changelog-generator 0.0.12</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/8f62a8f579c31aaa9fd7a2b16e6ba414d3e9163c"><code>8f62a8f</code></a>
Suppress recently introduced warning</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/d0966dfb58056d2e955b555d38993bf65dac41e7"><code>d0966df</code></a>
Revise contribution</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/bb45a3ae69c8068b72ce939e16df46c7dc8bb1cd"><code>bb45a3a</code></a>
Update AbstractAutowireCapableBeanFactory.ignoreDependencyInterface()
Javadoc</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/7095f4cb664f7fcf033dde84325eda83d67ece70"><code>7095f4c</code></a>
Use proper casing for parameter and variable names</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/a22d204681c575c3f61c325d205a96fb92ea8e7a"><code>a22d204</code></a>
Remove duplicate words in Java source code</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.5...v6.2.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-webmvc&package-manager=gradle&previous-version=6.2.5&new-version=6.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-20 16:41:57 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
66b234f1df Bump com.fathzer:javaluator from 3.0.5 to 3.0.6 (#3386)
Bumps [com.fathzer:javaluator](https://github.com/fathzer/javaluator)
from 3.0.5 to 3.0.6.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fathzer/javaluator/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fathzer:javaluator&package-manager=gradle&previous-version=3.0.5&new-version=3.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-20 16:41:08 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1c27944329 Bump io.micrometer:micrometer-core from 1.14.5 to 1.14.6 (#3353)
Bumps
[io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer)
from 1.14.5 to 1.14.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's
releases</a>.</em></p>
<blockquote>
<h2>1.14.6</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Gauge double registration warning for Kafka metrics <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5757">#5757</a></li>
<li>Log warning about &quot;function&quot; meter re-registration <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6070">#6070</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/izeye"><code>@​izeye</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/c3f3a809266bcf640537ecb1d68128ddc90d5640"><code>c3f3a80</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/fa523b1549ef38f44966c27ac921592196f09d3f"><code>fa523b1</code></a>
Bump io.micrometer:context-propagation from 1.1.2 to 1.1.3 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6115">#6115</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/d5f3d348ef7e147f3cf59866ba217f1dc0d4901d"><code>d5f3d34</code></a>
Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6111">#6111</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/9ebcde19324db5cbe2b347145bc250ea02c669ab"><code>9ebcde1</code></a>
Bump com.netflix.spectator:spectator-reg-atlas from 1.8.9 to 1.8.10 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6112">#6112</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/0ae9b47ecc16dfc3a0dd3d6b309b5e907ae197d0"><code>0ae9b47</code></a>
Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6107">#6107</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/d0e70fc69df111679b9ca0f83f3866da49b87a31"><code>d0e70fc</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/3b2270c885c27c3453b67631ccc2ac5be878ad6a"><code>3b2270c</code></a>
Bump uk.org.webcompere:system-stubs-jupiter from 2.1.7 to 2.1.8 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6096">#6096</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/f62f2eeea6aaf71a87703b759ad1e1afc80f0ceb"><code>f62f2ee</code></a>
Bump uk.org.webcompere:system-stubs-jupiter from 2.1.7 to 2.1.8 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6094">#6094</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/53b9a3511a3e999b53a2408cf10f81fccca16bab"><code>53b9a35</code></a>
Replace deprecated Project.task() (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6092">#6092</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/0ebdd7d5bbc1c0cb943e5cbd997a3147e3da125b"><code>0ebdd7d</code></a>
Bump com.netflix.spectator:spectator-reg-atlas from 1.8.8 to 1.8.9 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6091">#6091</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.5...v1.14.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.5&new-version=1.14.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-15 10:34:29 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7e726f8ac9 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#3341)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps commons-io:commons-io from 2.18.0 to 2.19.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io&package-manager=gradle&previous-version=2.18.0&new-version=2.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-12 17:04:11 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d47dbef41e Bump com.diffplug.spotless from 7.0.2 to 7.0.3 (#3340)
Bumps com.diffplug.spotless from 7.0.2 to 7.0.3.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.diffplug.spotless&package-manager=gradle&previous-version=7.0.2&new-version=7.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-12 17:03:46 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fd34782bcc Bump actions/setup-java from 4.7.0 to 4.7.1 (#3339)
Bumps [actions/setup-java](https://github.com/actions/setup-java) from
4.7.0 to 4.7.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-java/releases">actions/setup-java's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.1</h2>
<h2>What's Changed</h2>
<h3>Documentation changes</h3>
<ul>
<li>Add Documentation to Recommend Using GraalVM JDK 17 Version to
17.0.12 to Align with GFTC License Terms by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/704">actions/setup-java#704</a></li>
<li>Remove duplicated GraalVM section in documentation by <a
href="https://github.com/Marcono1234"><code>@​Marcono1234</code></a> in
<a
href="https://redirect.github.com/actions/setup-java/pull/716">actions/setup-java#716</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/766">actions/setup-java#766</a></li>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/744">actions/setup-java#744</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/743">actions/setup-java#743</a></li>
<li>Upgrade <code>@​action/cache</code> to 4.0.3 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/773">actions/setup-java#773</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-java/compare/v4...v4.7.1">https://github.com/actions/setup-java/compare/v4...v4.7.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-java/commit/c5195efecf7bdfc987ee8bae7a71cb8b11521c00"><code>c5195ef</code></a>
actions/cache upgrade to 4.0.3 (<a
href="https://redirect.github.com/actions/setup-java/issues/773">#773</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/dd38875f930accc291b5816356a21f72056c0b70"><code>dd38875</code></a>
Bump ts-jest from 29.1.2 to 29.2.5 (<a
href="https://redirect.github.com/actions/setup-java/issues/743">#743</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/148017a9b0c6af80330bcc5db11d1c670d2e7074"><code>148017a</code></a>
Bump <code>@​actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-java/issues/744">#744</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/3b6c050358614dd082e53cdbc55580431fc4e437"><code>3b6c050</code></a>
Remove duplicated GraalVM section in documentation (<a
href="https://redirect.github.com/actions/setup-java/issues/716">#716</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/b8ebb8ba1d9655f7f159c0a8b8135606ae11b5c9"><code>b8ebb8b</code></a>
upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 (<a
href="https://redirect.github.com/actions/setup-java/issues/766">#766</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/799ee7c97e9721ef38d1a7e8486c39753b9d6102"><code>799ee7c</code></a>
Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12
to Ali...</li>
<li>See full diff in <a
href="https://github.com/actions/setup-java/compare/3a4f6e1af504cf6a31855fa899c6aa5355ba6c12...c5195efecf7bdfc987ee8bae7a71cb8b11521c00">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-java&package-manager=github_actions&previous-version=4.7.0&new-version=4.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-12 17:03:17 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
606451a589 Bump github/codeql-action from 3.28.13 to 3.28.15 (#3303)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.13 to 3.28.15.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.15</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.14</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/45775bd8235c68ba998cffa5171334d58593da47"><code>45775bd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2854">#2854</a>
from github/update-v3.28.15-a35ae8c38</li>
<li><a
href="https://github.com/github/codeql-action/commit/dd78aab4078b17a672a66d6a80a990beb672ede1"><code>dd78aab</code></a>
Update CHANGELOG.md with bug fix details</li>
<li><a
href="https://github.com/github/codeql-action/commit/e40af591743761de70080085b4e6ce37f7f6e657"><code>e40af59</code></a>
Update changelog for v3.28.15</li>
<li><a
href="https://github.com/github/codeql-action/commit/a35ae8c380fa35365cd546f9a397a46f60dd82cf"><code>a35ae8c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2843">#2843</a>
from github/cklin/diff-informed-compat</li>
<li><a
href="https://github.com/github/codeql-action/commit/bb59df6c174a91d88eec1c48f2ab0ef7b5f96e99"><code>bb59df6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2842">#2842</a>
from github/henrymercer/zip64</li>
<li><a
href="https://github.com/github/codeql-action/commit/4b508f59648bef88ef72c74f1ffff531fda55ea8"><code>4b508f5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2845">#2845</a>
from github/mergeback/v3.28.14-to-main-fc7e4a0f</li>
<li><a
href="https://github.com/github/codeql-action/commit/ca00afb5f1457cf1c85da6cda07d73e720ff061a"><code>ca00afb</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/2969c78ce0262bf75658058604498d2b4bdb0b9b"><code>2969c78</code></a>
Update changelog and version after v3.28.14</li>
<li><a
href="https://github.com/github/codeql-action/commit/fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2"><code>fc7e4a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2844">#2844</a>
from github/update-v3.28.14-362ef4ce2</li>
<li><a
href="https://github.com/github/codeql-action/commit/be0175c800fe14dd962aaa2c97f55371f6f95b35"><code>be0175c</code></a>
Update changelog for v3.28.14</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...45775bd8235c68ba998cffa5171334d58593da47">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.13&new-version=3.28.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 09:54:47 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
076a2d5e6a Bump actions/create-github-app-token from 1.12.0 to 2.0.2 (#3304)
Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 1.12.0 to 2.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.2</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.1...v2.0.2">2.0.2</a>
(2025-04-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>improve log messages for token creation (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/226">#226</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/eaef29498fbc63724aabd0a6e832efd41baf2cc7">eaef294</a>)</li>
</ul>
<h2>v2.0.1</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v2.0.0...v2.0.1">2.0.1</a>
(2025-04-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump the production-dependencies group across
1 directory with 2 updates (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/228">#228</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/2411bfc7923448badb7a1faf23017f382e0fb895">2411bfc</a>)</li>
</ul>
<h2>v2.0.0</h2>
<h1><a
href="https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.0">2.0.0</a>
(2025-04-03)</h1>
<ul>
<li>feat!: remove deprecated inputs (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/213">#213</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/5cc811bc40176329bb642bff9e5d9e356099ad2a">5cc811b</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li>Removed deprecated inputs (<code>app_id</code>,
<code>private_key</code>, <code>skip_token_revoke</code>) and made
<code>app-id</code> and <code>private-key</code> required in the action
configuration.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5"><code>3ff1caa</code></a>
build(release): 2.0.2 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/eaef29498fbc63724aabd0a6e832efd41baf2cc7"><code>eaef294</code></a>
fix: improve log messages for token creation (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/226">#226</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/86e24964d68ec4c8b52e8e73e2592920edeef469"><code>86e2496</code></a>
build(release): 2.0.1 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/2411bfc7923448badb7a1faf23017f382e0fb895"><code>2411bfc</code></a>
fix(deps): bump the production-dependencies group across 1 directory
with 2 u...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/f17d09a7b5793a4b0dc1a459bbf5edf546efc2a6"><code>f17d09a</code></a>
build(deps-dev): bump the development-dependencies group with 3 updates
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/225">#225</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/e250d17c7aa1d7a66d86612292ee003805805f23"><code>e250d17</code></a>
ci(update-permission-inputs): add permissions (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/230">#230</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/ed258b491a44c74d929fca53dd9bdda60715a176"><code>ed258b4</code></a>
Rename workflow</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/5c652ca715a5ee7310cdd4924fdad2fa34e49f85"><code>5c652ca</code></a>
Update update-inputs.yml</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/60ee75db786fa4aab3e3f79d4f9a89671e5c05cc"><code>60ee75d</code></a>
ci(update-inputs): create initial version (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/229">#229</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/064492a9a1762067169d50c792a7dc02bc3d1254"><code>064492a</code></a>
build(release): 2.0.0 [skip ci]</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/create-github-app-token/compare/d72941d797fd3113feb6b93fd0dec494b13a2547...3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=1.12.0&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 09:54:33 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
85b0f61f92 Bump actions/dependency-review-action from 4.5.0 to 4.6.0 (#3286)
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 4.5.0 to 4.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Updating multiple dependency versions by <a
href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/870">actions/dependency-review-action#870</a></li>
<li>Grouping minor and patch dependabot updates to lessen the number of
PRs by <a
href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/876">actions/dependency-review-action#876</a></li>
<li>Bump actions/stale from 9.0.0 to 9.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/878">actions/dependency-review-action#878</a></li>
<li>Bump undici from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/877">actions/dependency-review-action#877</a></li>
<li>DR Action should link to the proxima stamp when appropriate in error
messages by <a
href="https://github.com/AshelyTC"><code>@​AshelyTC</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/891">actions/dependency-review-action#891</a></li>
<li>Allow deny package removal by <a
href="https://github.com/ellenfieldn"><code>@​ellenfieldn</code></a> in
<a
href="https://redirect.github.com/actions/dependency-review-action/pull/888">actions/dependency-review-action#888</a></li>
<li>Fix typos by <a
href="https://github.com/omahs"><code>@​omahs</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/893">actions/dependency-review-action#893</a></li>
<li>Bump esbuild from 0.19.5 to 0.25.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/900">actions/dependency-review-action#900</a></li>
<li>Bump octokit and related dependencies by <a
href="https://github.com/RomanIakovlev"><code>@​RomanIakovlev</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/904">actions/dependency-review-action#904</a></li>
<li>Bump <code>@​babel/helpers</code> from 7.23.2 to 7.26.10 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/905">actions/dependency-review-action#905</a></li>
<li>Bump <code>@​octokit/plugin-paginate-rest</code> from 9.1.5 to 9.2.2
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/899">actions/dependency-review-action#899</a></li>
<li>Update transitive dependency spdx-license-ids by <a
href="https://github.com/ailox"><code>@​ailox</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/855">actions/dependency-review-action#855</a></li>
<li>To not print OpenSSF Scorecard section if no dependencies scanned by
<a href="https://github.com/fabasoad"><code>@​fabasoad</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/884">actions/dependency-review-action#884</a></li>
<li>Improve usage of this action in dependency-review.yml by <a
href="https://github.com/fabasoad"><code>@​fabasoad</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/883">actions/dependency-review-action#883</a></li>
<li>Clarify comment-summary-in-pr behaviour by <a
href="https://github.com/Pantelis-Santorinios"><code>@​Pantelis-Santorinios</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/902">actions/dependency-review-action#902</a></li>
<li>Prepare 4.6.0 Release candidate by <a
href="https://github.com/brrygrdn"><code>@​brrygrdn</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/910">actions/dependency-review-action#910</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/AshelyTC"><code>@​AshelyTC</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/891">actions/dependency-review-action#891</a></li>
<li><a
href="https://github.com/ellenfieldn"><code>@​ellenfieldn</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/888">actions/dependency-review-action#888</a></li>
<li><a href="https://github.com/omahs"><code>@​omahs</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/893">actions/dependency-review-action#893</a></li>
<li><a
href="https://github.com/RomanIakovlev"><code>@​RomanIakovlev</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/904">actions/dependency-review-action#904</a></li>
<li><a href="https://github.com/ailox"><code>@​ailox</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/855">actions/dependency-review-action#855</a></li>
<li><a href="https://github.com/fabasoad"><code>@​fabasoad</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/884">actions/dependency-review-action#884</a></li>
<li><a
href="https://github.com/Pantelis-Santorinios"><code>@​Pantelis-Santorinios</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/902">actions/dependency-review-action#902</a></li>
<li><a href="https://github.com/brrygrdn"><code>@​brrygrdn</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/910">actions/dependency-review-action#910</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.5.0...v4.6.0">https://github.com/actions/dependency-review-action/compare/v4.5.0...v4.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/ce3cf9537a52e8119d91fd484ab5b8a807627bf8"><code>ce3cf95</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/910">#910</a>
from actions/brrygrdn/4.6.0-release-candidate</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/479b69732e832663bc5bcaf0bdba115749c8a9bd"><code>479b697</code></a>
Prepare 4.6.0</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/aee95908eac366b40b414329f8ba60a3bfc71d5d"><code>aee9590</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/902">#902</a>
from Pantelis-Santorinios/patch-1</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/080ada628110c1782e56d699fdba17f860641e49"><code>080ada6</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/883">#883</a>
from fabasoad/fix/ci</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/430e5f0bbfde79de0a811466e75d015791b742f4"><code>430e5f0</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/884">#884</a>
from fabasoad/fix/863</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/51699b6461ee529b8c1e077ff5e7de2dbed5e1ac"><code>51699b6</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/855">#855</a>
from ailox/ailox/fix/invalid-new-licenses</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/ac9b193bebc6a308717bebfeaedd0204c20b693c"><code>ac9b193</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/899">#899</a>
from actions/dependabot/npm_and_yarn/octokit/plugin-p...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/d630451aa0e2431936e97ac48fe650bd35af14ae"><code>d630451</code></a>
Pin <code>@​octokit/types</code> version for compatibility</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/c8dafca32b571835e7a3cf7200e7810364ce7b95"><code>c8dafca</code></a>
Add dist for <code>@​octokit/plugin-paginate-rest</code> version
bump</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/bc858b56499582a4d424a0d3a9cc9917dcb9345d"><code>bc858b5</code></a>
Bump <code>@​octokit/plugin-paginate-rest</code> from 9.1.5 to
9.2.2</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/3b139cfc5fae8b618d3eae3675e383bb1769c019...ce3cf9537a52e8119d91fd484ab5b8a807627bf8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.5.0&new-version=4.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 16:53:32 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2938fcc044 Bump step-security/harden-runner from 2.11.0 to 2.11.1 (#3285)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.11.0 to 2.11.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.11.1</h2>
<h2>What's Changed</h2>
<ul>
<li>cache: add support for GitHub Actions cache v2 by <a
href="https://github.com/h0x0er"><code>@​h0x0er</code></a> in <a
href="https://redirect.github.com/step-security/harden-runner/pull/529">step-security/harden-runner#529</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.11.1">https://github.com/step-security/harden-runner/compare/v2...v2.11.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/c6295a65d1254861815972266d5933fd6e532bdf"><code>c6295a6</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/530">#530</a>
from step-security/rc-19</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/3e118b145bd13a08b2e465cf3a216df0f6c7746e"><code>3e118b1</code></a>
Improve error handling</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b38e918ba8cf8d08113e53089af0d89429dcc51a"><code>b38e918</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/529">#529</a>
from h0x0er/jatin/cache-fix</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/0664d30cda4109be234d326b54ac1cc6385597a2"><code>0664d30</code></a>
cache: added support for cache v2</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b131ca5ebfca4930fe6d4a3e82d1e386b4873c94"><code>b131ca5</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/524">#524</a>
from step-security/fix/security/GHSA-968p-4wvh-cqc8</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/2dc9579753e01c4033425fcc7b74e652b583ca50"><code>2dc9579</code></a>
Address vulnerabilities</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/f054d811b5b89fde2f954d54dc8622ec3aaab9ab"><code>f054d81</code></a>
Update README (<a
href="https://redirect.github.com/step-security/harden-runner/issues/522">#522</a>)</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/8a09271fed8277ab7fb02dbb5917c8d0e78323b4"><code>8a09271</code></a>
Update Readme (<a
href="https://redirect.github.com/step-security/harden-runner/issues/520">#520</a>)</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6ec6af7d622602bd852df48848f3cae95c760a48"><code>6ec6af7</code></a>
Update readme (<a
href="https://redirect.github.com/step-security/harden-runner/issues/518">#518</a>)</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/539365ba33fd040cf8c4db243b6f0ed3b32c3283"><code>539365b</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/516">#516</a>
from vorburger/patch-1</li>
<li>Additional commits viewable in <a
href="https://github.com/step-security/harden-runner/compare/4d991eb9b905ef189e4c376166672c3f2f230481...c6295a65d1254861815972266d5933fd6e532bdf">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.11.0&new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 16:53:13 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
30d7053150 Bump actions/create-github-app-token from 1.11.7 to 1.12.0 (#3279)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 1.11.7 to 1.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v1.12.0</h2>
<h1><a
href="https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0">1.12.0</a>
(2025-03-27)</h1>
<h3>Features</h3>
<ul>
<li>permissions (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/168">#168</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/0e0aa99a86bd82ec98421533ae985fef61554361">0e0aa99</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/d72941d797fd3113feb6b93fd0dec494b13a2547"><code>d72941d</code></a>
build(release): 1.12.0 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/0e0aa99a86bd82ec98421533ae985fef61554361"><code>0e0aa99</code></a>
feat: permissions (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/168">#168</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/f5779415062400dd18cb017a69efddabff4ac24c"><code>f577941</code></a>
Remove individuals form CODEOWNERS (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/215">#215</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/create-github-app-token/compare/af35edadc00be37caa72ed9f3e6d5f7801bfdf09...d72941d797fd3113feb6b93fd0dec494b13a2547">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=1.11.7&new-version=1.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:41:56 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d00a082f66 Bump actions/setup-python from 5.4.0 to 5.5.0 (#3278)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 5.4.0 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Support free threaded Python versions like '3.13t' by <a
href="https://github.com/colesbury"><code>@​colesbury</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for
free threaded and Upgrade <code>@​action/cache</code> from 4.0.0 to
4.0.3 by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1056">actions/setup-python#1056</a></li>
<li>Add support for .tool-versions file in setup-python by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fix architecture for pypy on Linux ARM64 by <a
href="https://github.com/mayeut"><code>@​mayeut</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1011">actions/setup-python#1011</a>
This update maps arm64 to aarch64 for Linux ARM64 PyPy
installations.</li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1016">actions/setup-python#1016</a></li>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1015">actions/setup-python#1015</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/colesbury"><code>@​colesbury</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li><a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.5.0">https://github.com/actions/setup-python/compare/v5...v5.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/8d9ed9ac5c53483de85588cdf95a591a75ab9f55"><code>8d9ed9a</code></a>
Add e2e Testing for free threaded and Bump <code>@​action/cache</code>
from 4.0.0 to 4.0.3 ...</li>
<li><a
href="https://github.com/actions/setup-python/commit/19e4675e06535f6b54e894da5c1f044400bb4996"><code>19e4675</code></a>
Add support for .tool-versions file in setup-python (<a
href="https://redirect.github.com/actions/setup-python/issues/1043">#1043</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6fd11e170a18f6ae448d1080a4a63cc987aed84c"><code>6fd11e1</code></a>
Bump <code>@​actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-python/issues/1015">#1015</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/9e62be81b28222addecf85e47571213eb7680449"><code>9e62be8</code></a>
Support free threaded Python versions like '3.13t' (<a
href="https://redirect.github.com/actions/setup-python/issues/973">#973</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6ca8e8598faa206f7140a65ba31b899bebe16f58"><code>6ca8e85</code></a>
Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/1016">#1016</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/8039c45ed9a312fba91f3399cd0605ba2ebfe93c"><code>8039c45</code></a>
fix: install PyPy on Linux ARM64 (<a
href="https://redirect.github.com/actions/setup-python/issues/1011">#1011</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/42375524e23c412d93fb67b49958b491fce71c38...8d9ed9ac5c53483de85588cdf95a591a75ab9f55">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.4.0&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:41:16 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b1c8166716 Bump crazy-max/ghaction-github-labeler from 5.2.0 to 5.3.0 (#3277)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler)
from 5.2.0 to 5.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crazy-max/ghaction-github-labeler/releases">crazy-max/ghaction-github-labeler's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.0</h2>
<ul>
<li>Bump <code>@​octokit/plugin-paginate-rest</code> from 9.2.1 to 9.2.2
in <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/pull/229">crazy-max/ghaction-github-labeler#229</a></li>
<li>Bump <code>@​octokit/request</code> from 8.4.0 to 8.4.1 in <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/pull/232">crazy-max/ghaction-github-labeler#232</a></li>
<li>Bump <code>@​octokit/request-error</code> from 5.1.0 to 5.1.1 in <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/pull/228">crazy-max/ghaction-github-labeler#228</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/crazy-max/ghaction-github-labeler/compare/v5.2.0...v5.3.0">https://github.com/crazy-max/ghaction-github-labeler/compare/v5.2.0...v5.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/24d110aa46a59976b8a7f35518cb7f14f434c916"><code>24d110a</code></a>
Merge pull request <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/issues/229">#229</a>
from crazy-max/dependabot/npm_and_yarn/octokit/plugin...</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/38fb29f900243eb0487a528b6bcbea970fca2f96"><code>38fb29f</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/0113fc2ceb9c7de1c2ca4771bdb816a31f12b1c2"><code>0113fc2</code></a>
chore(deps): bump <code>@​octokit/plugin-paginate-rest</code> from 9.2.1
to 9.2.2</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/42f774ec78ba04d628e7d09102a2ff4bb200041c"><code>42f774e</code></a>
Merge pull request <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/issues/228">#228</a>
from crazy-max/dependabot/npm_and_yarn/octokit/reques...</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/99839924fa2d67d0ae4c9f40e8d81b53327944ff"><code>9983992</code></a>
chore(deps): bump <code>@​octokit/request-error</code> from 5.1.0 to
5.1.1</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/32d1878445d7c4da206628cf616d981a4e098428"><code>32d1878</code></a>
Merge pull request <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/issues/232">#232</a>
from crazy-max/dependabot/npm_and_yarn/octokit/reques...</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/3faa84509c32730067031d32c5028c779182fdde"><code>3faa845</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/16efe0430ed4435c8036492cd092bcd865e0f5d7"><code>16efe04</code></a>
Merge pull request <a
href="https://redirect.github.com/crazy-max/ghaction-github-labeler/issues/233">#233</a>
from crazy-max/ci-fix-codecov</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/7f6122ba12c5457004662d0f5af3004313ae6b2a"><code>7f6122b</code></a>
ci: fix test workflow</li>
<li><a
href="https://github.com/crazy-max/ghaction-github-labeler/commit/2ea799d7b8ae2d0bf3516468f26450ef655d2e2c"><code>2ea799d</code></a>
chore(deps): bump <code>@​octokit/request</code> from 8.4.0 to
8.4.1</li>
<li>Additional commits viewable in <a
href="https://github.com/crazy-max/ghaction-github-labeler/compare/31674a3852a9074f2086abcf1c53839d466a47e7...24d110aa46a59976b8a7f35518cb7f14f434c916">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crazy-max/ghaction-github-labeler&package-manager=github_actions&previous-version=5.2.0&new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:40:52 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
472d0b14db Bump gradle/actions from 4.3.0 to 4.3.1 (#3276)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.3.0 to
4.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/actions/releases">gradle/actions's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<p>This release fixes a couple of minor issues, as well as keeping
dependencies up to date.</p>
<h2>Fixed issues</h2>
<ul>
<li>The develocity-allow-untrusted-server parameter should be honoured
when fetching short-lived access tokens <a
href="https://redirect.github.com/gradle/actions/issues/583">#583</a></li>
<li>Build summary may incorrectly report build success <a
href="https://redirect.github.com/gradle/actions/issues/415">#415</a></li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Update develocity-injection init script to v1.1.1 by <a
href="https://github.com/bot-githubaction"><code>@​bot-githubaction</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/545">gradle/actions#545</a></li>
<li>Bump the github-actions group across 2 directories with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/gradle/actions/pull/547">gradle/actions#547</a></li>
<li>Bump the npm-dependencies group in /sources with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/gradle/actions/pull/548">gradle/actions#548</a></li>
<li>Update develocity-injection init script to v1.2 by <a
href="https://github.com/bot-githubaction"><code>@​bot-githubaction</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/550">gradle/actions#550</a></li>
<li>Bump the github-actions group across 1 directory with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/gradle/actions/pull/552">gradle/actions#552</a></li>
<li>Bump the npm-dependencies group across 1 directory with 5 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/gradle/actions/pull/558">gradle/actions#558</a></li>
<li>Update known wrapper checksums by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/560">gradle/actions#560</a></li>
<li>Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by
<a
href="https://github.com/bot-githubaction"><code>@​bot-githubaction</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/561">gradle/actions#561</a></li>
<li>Catch more build failures in job summary by <a
href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a
href="https://redirect.github.com/gradle/actions/pull/571">gradle/actions#571</a></li>
<li>Scope captured build failures by <a
href="https://github.com/erichaagdev"><code>@​erichaagdev</code></a> in
<a
href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li>
<li>Ignore SSL certificate validation when fetching Develocity
short-lived access token if
<code>develocity-allow-untrusted-server</code> is enabled by <a
href="https://github.com/remcomokveld"><code>@​remcomokveld</code></a>
in <a
href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li>
<li>Dependency updates by <a
href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a
href="https://redirect.github.com/gradle/actions/pull/579">gradle/actions#579</a></li>
<li>Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in
/.github/workflow-samples/kotlin-dsl in the gradle group across 1
directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/gradle/actions/pull/580">gradle/actions#580</a></li>
<li>Bump the github-actions group across 2 directories with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/gradle/actions/pull/582">gradle/actions#582</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/erichaagdev"><code>@​erichaagdev</code></a>
made their first contribution in <a
href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li>
<li><a
href="https://github.com/remcomokveld"><code>@​remcomokveld</code></a>
made their first contribution in <a
href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/actions/compare/v4.3.0...v4.3.1">https://github.com/gradle/actions/compare/v4.3.0...v4.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gradle/actions/commit/06832c7b30a0129d7fb559bcc6e43d26f6374244"><code>06832c7</code></a>
Bump the github-actions group across 2 directories with 2 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/b7b029e5c461bcd4187e3922253a207372ea1d04"><code>b7b029e</code></a>
Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in
/.github/workflo...</li>
<li><a
href="https://github.com/gradle/actions/commit/a0bd2ca5cbf6404f68a1a02c2e2741218f894b90"><code>a0bd2ca</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/7974541d55b5d4265df89850a40d5063d2d3036e"><code>7974541</code></a>
Dependency updates (<a
href="https://redirect.github.com/gradle/actions/issues/579">#579</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/a58163930329ccce0ace4389791c82734e52204b"><code>a581639</code></a>
Update DSL samples to use test suites</li>
<li><a
href="https://github.com/gradle/actions/commit/acd2925667ac1dae317b3b2de03ce2d3b5da2205"><code>acd2925</code></a>
Update java-toolchain sample to use Kotlin DSL</li>
<li><a
href="https://github.com/gradle/actions/commit/aa88309fbde788037cd53df497543c8c40e5e2ae"><code>aa88309</code></a>
Update gradle-plugin sample to use Kotlin DSL</li>
<li><a
href="https://github.com/gradle/actions/commit/086c9e4b25c544ef148c374d34a7a844517c740b"><code>086c9e4</code></a>
Revert update to eslint-plugin-github</li>
<li><a
href="https://github.com/gradle/actions/commit/d31b81842d0028028432bad95773235ec859b85c"><code>d31b818</code></a>
Update patch file for actions/[email protected]</li>
<li><a
href="https://github.com/gradle/actions/commit/2778b4a120e9ad2ed71a81933fa2e09c33c15a72"><code>2778b4a</code></a>
Bump the npm-dependencies group across 1 directory with 8 updates</li>
<li>Additional commits viewable in <a
href="https://github.com/gradle/actions/compare/94baf225fe0a508e581a564467443d0e2379123b...06832c7b30a0129d7fb559bcc6e43d26f6374244">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/actions&package-manager=github_actions&previous-version=4.3.0&new-version=4.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:40:34 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
e449c05340 Bump org.projectlombok:lombok from 1.18.36 to 1.18.38 (#3275)
Bumps
[org.projectlombok:lombok](https://github.com/projectlombok/lombok) from
1.18.36 to 1.18.38.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown">org.projectlombok:lombok's
changelog</a>.</em></p>
<blockquote>
<h3>v1.18.38 (March 31st, 2025)</h3>
<ul>
<li>PLATFORM: JDK24 support added.</li>
<li>FEATURE: Lombok's nullity annotation now supports <a
href="https://jspecify.dev">JSpecify</a> out of the box, using <a
href="https://projectlombok.org/features/configuration">config key</a>
<code>jspecify</code>.</li>
<li>BUGFIX: Recent eclipse releases would get you 'negative length'
error. The bug had always been in lombok but didn't matter until recent
releases. [Issue <a
href="https://redirect.github.com/projectlombok/lombok/issues/3823">#3823</a>](<a
href="https://redirect.github.com/projectlombok/lombok/issues/3823">projectlombok/lombok#3823</a>).</li>
<li>BUGFIX: The 'extract local variable' refactor script of VSCode
wouldn't replace all occurrences if run on a method call to a lombok
generated method. [Issue <a
href="https://redirect.github.com/projectlombok/lombok/issues/3783">#3783</a>](<a
href="https://redirect.github.com/projectlombok/lombok/issues/3783">projectlombok/lombok#3783</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/projectlombok/lombok/commit/37b7e192c9e46ccafc26d6cab424c93cbcaf95d5"><code>37b7e19</code></a>
[release] pre-release version bump for v1.18.38</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/ec886ae07b077196eceef9bf7176ea3453ddf1ee"><code>ec886ae</code></a>
[changelog] Mention fixing of <a
href="https://redirect.github.com/projectlombok/lombok/issues/3783">#3783</a>
in changelog.</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/ed0965b5f938240ba13d8c58f4f3443477123fbe"><code>ed0965b</code></a>
[docs] Cleaned up use of <code>\&lt;p&gt;</code> in maven and edge
html.</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/b7896c5a74de2fa2c4467c21aea5469d6673f197"><code>b7896c5</code></a>
<a
href="https://redirect.github.com/projectlombok/lombok/issues/3824">#3824</a>
Our own 'Comment' ad hoc impl now also needs to provide an impl for
`...</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/8ed8234ac08ddbec9e587d58baf4ddb18c1a46e8"><code>8ed8234</code></a>
[unused-code] We kept a ref to the <code>storeEnd</code> in
PrettyPrinter but we never u...</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/975f96f37a2a5344648942aab72daf73db4dcb8c"><code>975f96f</code></a>
Merge pull request <a
href="https://redirect.github.com/projectlombok/lombok/issues/3856">#3856</a>
from mmoayyed/github-workflow-config</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/77837601a13aab5cb68005bea1ed13e0ad61e8ee"><code>7783760</code></a>
Fix github workflow YAML configuration</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/3aa9779ef41bd9097cf47183df741bec065f2315"><code>3aa9779</code></a>
[changelog] Mention fix for eclipse negative length (<a
href="https://redirect.github.com/projectlombok/lombok/issues/3823">#3823</a>)
in changelog.</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/f4e5bbb31203e6cf432b76133a2c91a4c4756ba7"><code>f4e5bbb</code></a>
[fix <a
href="https://redirect.github.com/projectlombok/lombok/issues/3839">#3839</a>]
Fixing a mistake in my merge of 3939.</li>
<li><a
href="https://github.com/projectlombok/lombok/commit/41dfb0d752c5b1b4bc38793a498a2241403497f1"><code>41dfb0d</code></a>
[fix <a
href="https://redirect.github.com/projectlombok/lombok/issues/3825">#3825</a>]
Stub compilation requires all non-core-java classes to be stubbed.</li>
<li>Additional commits viewable in <a
href="https://github.com/projectlombok/lombok/compare/v1.18.36...v1.18.38">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.projectlombok:lombok&package-manager=gradle&previous-version=1.18.36&new-version=1.18.38)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:40:16 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c7dda21ae3 Bump org.sonarqube from 6.0.1.5171 to 6.1.0.5360 (#3274)
Bumps org.sonarqube from 6.0.1.5171 to 6.1.0.5360.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.sonarqube&package-manager=gradle&previous-version=6.0.1.5171&new-version=6.1.0.5360)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 13:39:57 +01:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
948fa5ff6c Bump github/codeql-action from 3.28.12 to 3.28.13 (#3239)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.12 to 3.28.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.13</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.13/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/1b549b9259bda1cb5ddde3b41741a82a2d15a841"><code>1b549b9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2819">#2819</a>
from github/update-v3.28.13-e0ea14102</li>
<li><a
href="https://github.com/github/codeql-action/commit/82630c85f38b5b7c2c9cc279f06af77a080fba19"><code>82630c8</code></a>
Update changelog for v3.28.13</li>
<li><a
href="https://github.com/github/codeql-action/commit/e0ea141027937784e3c10ed1679e503fcc2245bc"><code>e0ea141</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2818">#2818</a>
from github/cklin/empty-pr-diff-range</li>
<li><a
href="https://github.com/github/codeql-action/commit/b361a915088c90790a0c458a63a4b63108a9ab0a"><code>b361a91</code></a>
Diff-informed analysis: fix empty PR handling</li>
<li><a
href="https://github.com/github/codeql-action/commit/bd1d9ab4eda903e1b5caa241368836575c6c476b"><code>bd1d9ab</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2816">#2816</a>
from github/cklin/overlay-file-list</li>
<li><a
href="https://github.com/github/codeql-action/commit/b98ae6ca52694a727f4a03c9bf7a52df66492f23"><code>b98ae6c</code></a>
Add overlay-database-utils tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/9825184a0aec625d59c8e5bcc122734a77e38e7b"><code>9825184</code></a>
Add getFileOidsUnderPath() tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/ac67cffe5c20e84b598930c8453336a7404b2786"><code>ac67cff</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2817">#2817</a>
from github/cklin/default-setup-diff-informed</li>
<li><a
href="https://github.com/github/codeql-action/commit/9c674ba4f548f8b6a6f1a7990756e80453894f56"><code>9c674ba</code></a>
build: refresh js files</li>
<li><a
href="https://github.com/github/codeql-action/commit/d109dd5d333ab79c34032e0443e15643c347e966"><code>d109dd5</code></a>
Detect PR branches for Default Setup</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/5f8171a638ada777af81d42b55959a643bb29017...1b549b9259bda1cb5ddde3b41741a82a2d15a841">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.12&new-version=3.28.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-25 17:57:39 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2e231feb6a Bump ch.qos.logback:logback-core from 1.5.17 to 1.5.18 (#3230)
Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback)
from 1.5.17 to 1.5.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.18</h2>
<p><strong>2025-03-18 Release of logback version 1.5.18</strong></p>
<p>• Added<a
href="https://logback.qos.ch/manual/appenders.html#fileCompression">
support for XZ compression</a> for archived log files. Note that XZ
compression requires Tukaani project's <a
href="https://tukaani.org/xz/java.html">XZ library</a> for Java. In case
XZ compression is requested but the XZ library is missing, then logback
will substitute GZ compression as a fallback. This feature was requested
in issues/755.</p>
<p>• Removed references to <code>java.security.AccessController</code>
class. This class has been deprecated for some time and is slated for
removal in future JDK versions.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag
v_1.5.18. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/b2a02f065379a9b1ba5ff837fc08913b744774bc"><code>b2a02f0</code></a>
prepare release 1.5.18</li>
<li><a
href="https://github.com/qos-ch/logback/commit/991de5828b2afc2ddb8fbc7b233bd660096d793f"><code>991de58</code></a>
remove references to AccessController marked for deletion in the
JDK</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f54ab16c8436475f16579e887c1305506212ac5a"><code>f54ab16</code></a>
If compression mode is XZ but the XZ library is missing, then fallback
to GZ ...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/fb45971e5457296abfcf706322a06563fb3df62a"><code>fb45971</code></a>
add support for XZ compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/31c1f55a1bf177922cf6a3c609a9d379f12d0693"><code>31c1f55</code></a>
add xz compression support with tests</li>
<li><a
href="https://github.com/qos-ch/logback/commit/8968d0fd43d065f2f0e63b6679e59c89e0c2a8b8"><code>8968d0f</code></a>
introduce strategy based compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/834059cb64ea8a6ca6e51c78fa0ac2b2797df0ed"><code>834059c</code></a>
start work on 1.5.18-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.17...v_1.5.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-core&package-manager=gradle&previous-version=1.5.17&new-version=1.5.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:37:56 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7a3000b926 Bump org.springframework.boot from 3.4.3 to 3.4.4 (#3229)
Bumps
[org.springframework.boot](https://github.com/spring-projects/spring-boot)
from 3.4.3 to 3.4.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.4.3&new-version=3.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:37:41 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1f8b5ce41e Bump actions/create-github-app-token from 1.11.6 to 1.11.7 (#3227)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 1.11.6 to 1.11.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.7</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v1.11.6...v1.11.7">1.11.7</a>
(2025-03-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump undici from 5.28.4 to 7.5.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/214">#214</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/a24b46a4626bf0f67abb297b82d863218920d5e2">a24b46a</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/af35edadc00be37caa72ed9f3e6d5f7801bfdf09"><code>af35eda</code></a>
build(release): 1.11.7 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/a24b46a4626bf0f67abb297b82d863218920d5e2"><code>a24b46a</code></a>
fix(deps): bump undici from 5.28.4 to 7.5.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/214">#214</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/create-github-app-token/compare/21cfef2b496dd8ef5b904c159339626a10ad380e...af35edadc00be37caa72ed9f3e6d5f7801bfdf09">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=1.11.6&new-version=1.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:37:23 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fa2a439121 Bump github/codeql-action from 3.28.11 to 3.28.12 (#3226)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.11 to 3.28.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.12</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.12/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/5f8171a638ada777af81d42b55959a643bb29017"><code>5f8171a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2814">#2814</a>
from github/update-v3.28.12-6349095d1</li>
<li><a
href="https://github.com/github/codeql-action/commit/bb59f7707d836b040802dbdf2ad1a16482d319da"><code>bb59f77</code></a>
Update changelog for v3.28.12</li>
<li><a
href="https://github.com/github/codeql-action/commit/6349095d19ec30397ffb02a63b7aa4f867deb563"><code>6349095</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2810">#2810</a>
from github/update-bundle/codeql-bundle-v2.20.7</li>
<li><a
href="https://github.com/github/codeql-action/commit/d7d03fda1241f6b0b3fae460c9f19c6e887158ad"><code>d7d03fd</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/4e3a5342c5e8e627915b9a29b363f49da8c4a32e"><code>4e3a534</code></a>
Update default bundle to codeql-bundle-v2.20.7</li>
<li><a
href="https://github.com/github/codeql-action/commit/55f023701cfc1e7d11ef2ae0c5ec3193dae4fce4"><code>55f0237</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2802">#2802</a>
from github/mbg/dependency-caching/java-buildless</li>
<li><a
href="https://github.com/github/codeql-action/commit/6a151cd77488e58567da1dcf953e7aeeaca4950c"><code>6a151cd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2811">#2811</a>
from github/dependabot/github_actions/actions-c2c311...</li>
<li><a
href="https://github.com/github/codeql-action/commit/7866bcdb1b15b5d5cba0021b87f36d9f6d977156"><code>7866bcd</code></a>
Manually bump workflow to match autogenerated file</li>
<li><a
href="https://github.com/github/codeql-action/commit/611289e0b0ce1f6fc14820f1b72edaed2de4ba2c"><code>611289e</code></a>
build(deps): bump ruby/setup-ruby in the actions group</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c409a5b664afa7d5b12cd8487e310f286487472"><code>4c409a5</code></a>
Remove temporary dependency directory in <code>analyze</code> post
action</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/6bb031afdd8eb862ea3fc1848194185e076637e5...5f8171a638ada777af81d42b55959a643bb29017">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.11&new-version=3.28.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:37:09 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f159c62a36 Bump actions/download-artifact from 4.1.9 to 4.2.1 (#3225)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.1.9 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add unit tests by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li>
<li>Fix bug introduced in 4.2.0 by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/lkfortuna"><code>@​lkfortuna</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li>
<li>Bump artifact version, do digest check by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lkfortuna"><code>@​lkfortuna</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0">https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/95815c38cf2ff2164869cbab79da8d1f422bc89e"><code>95815c3</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/391">#391</a>
from GhadimiR/main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/278fca438a0f334c0505181835b4796f2785949b"><code>278fca4</code></a>
Move log statements</li>
<li><a
href="https://github.com/actions/download-artifact/commit/68909842a1073010f1cf920ed7f153e2948f9c16"><code>6890984</code></a>
Merge branch 'main' into main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f9415c0ec30f02c18e075f091cafcfe4159168d0"><code>f9415c0</code></a>
Run unit tests in CI</li>
<li><a
href="https://github.com/actions/download-artifact/commit/76a6eb5cbca98dccb5e14c0116e53f5df13b220d"><code>76a6eb5</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/392">#392</a>
from GhadimiR/add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/a2426d7c4522072f4d5824c9508d7ea97107cb8e"><code>a2426d7</code></a>
Merge branch 'main' into add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/3ffa694f6f7e3d53f63807f78267796f57911dd4"><code>3ffa694</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/53f6aa5f93b626e252398abac720a28f6eb048ed"><code>53f6aa5</code></a>
Add extra assertion to download single artifact test</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b456700053c87aa7d6b31d212292755e1e6eb923"><code>b456700</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/9eab798a9885c1be58a1c4381da1109644016e98"><code>9eab798</code></a>
Configure tsconfig</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/cc203385981b70ca67e1cc392babf9cc229d5806...95815c38cf2ff2164869cbab79da8d1f422bc89e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.1.9&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:22:46 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c6c195e903 Bump springBootVersion from 3.4.3 to 3.4.4 (#3224)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps `springBootVersion` from 3.4.3 to 3.4.4.
Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.3 to
3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-web's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.3
to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-jetty's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from
3.4.3 to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-thymeleaf's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-security` from
3.4.3 to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-security's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-data-jpa` from
3.4.3 to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-data-jpa's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-oauth2-client`
from 3.4.3 to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-oauth2-client's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.3
to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-test's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade to Groovy 4.0.26 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44546">#44546</a></li>
<li>Upgrade to Hibernate 6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44739">#44739</a></li>
<li>Upgrade to Infinispan 15.0.14.Final <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44548">#44548</a></li>
<li>Upgrade to Jackson Bom 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44549">#44549</a></li>
<li>Upgrade to Jetty 12.0.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44774">#44774</a></li>
<li>Upgrade to Jetty Reactive HTTPClient 4.0.9 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44773">#44773</a></li>
<li>Upgrade to jOOQ 3.19.21 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44665">#44665</a></li>
<li>Upgrade to Logback 1.5.18 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44775">#44775</a></li>
<li>Upgrade to Maven Deploy Plugin 3.1.4 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44552">#44552</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/d4eb5561217be6bd490634fe5254fc4824d8dd87"><code>d4eb556</code></a>
Increase Nexus timeouts</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/0226b6a70a3c192a7acb8a4a46dd08b068d8230d"><code>0226b6a</code></a>
Release v3.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6ba94aebee4595b73a96ea5fc4ae3824ff03173f"><code>6ba94ae</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/36a5936494af6d78556c810da3f18fcfcf193a63"><code>36a5936</code></a>
Next development version (v3.3.11-SNAPSHOT)</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/375aba6985955a93d5efe3beda8125e58e7ded8e"><code>375aba6</code></a>
Upgrade to Spring Framework 6.2.5</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/37e4a3c56652f1e7e29c3073ac1007b5e0b6fd71"><code>37e4a3c</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/99fa21cfbb1c01c27fa09d64c94d514a9e227d64"><code>99fa21c</code></a>
Upgrade to asciidoctor-extensions 1.0.0-alpha.17</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/f86a6fb16483bf2daf26a40100932a673fdf9ade"><code>f86a6fb</code></a>
Upgrade to Spring Batch 5.2.2</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/6567609cbc55dc9a98f9c031e5645e7e36137a7b"><code>6567609</code></a>
Merge branch '3.3.x' into 3.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-boot/commit/80b6c596696ab84b8539ae54ae5d409f43dcd844"><code>80b6c59</code></a>
Improve debuggability of DockerComposeTestExtension</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-boot/compare/v3.4.3...v3.4.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `org.springframework.boot:spring-boot-starter-actuator` from
3.4.3 to 3.4.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-starter-actuator's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.4</h2>
<h2> Noteworthy Changes</h2>
<p>Tomcat APR support is now disabled by default if you are using Java
24 or higher. This change has been made to prevent JDK from issuing
warnings.</p>
<p>Please see <a
href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4-Release-Notes#tomcat-apr">the
updated release notes</a> for details.</p>
<h2>🐞 Bug Fixes</h2>
<ul>
<li>Actuator throws an exception when using prototype scoped DataSource
bean <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44706">#44706</a></li>
<li>Docker API error message is missing in some cases <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44630">#44630</a></li>
<li>DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry
should not be public <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44585">#44585</a></li>
<li>When an application contains multiple DataSource beans,
EntityManagerFactoryBuilder will default ddl-auto to a value that may
only be appropriate for the primary DataSource <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44516">#44516</a></li>
<li>When the main class is not proxied, native testing that uses the
application's main method does not work <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44481">#44481</a></li>
<li>When loading configuration from a Resource, Log4J2LoggingSystem may
not close the InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44473">#44473</a></li>
<li>When loading from a resource, PemContent does not close the
InputStream <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44454">#44454</a></li>
<li>ResourceBanner does not close the InputStream used to read the
banner <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44452">#44452</a></li>
<li>ConfigDataLocationResolvers and PropertySourceLoaders are loaded
using a potentially different class loader <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44450">#44450</a></li>
<li>Kafka message sending fails with 'class SslBundleSslEngineFactory
could not be found' <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44437">#44437</a></li>
<li>Kafka in native-image fails when using SSL bundles <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44436">#44436</a></li>
<li>Nested test classes don't inherit properties from
<code>@DataJpaTest</code> on enclosing class <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44407">#44407</a></li>
<li>Failure diagnostics are poor when trying to use an image platform
that is not supported by the builder <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44059">#44059</a></li>
<li>Checking if APR is available logs a warning on Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44033">#44033</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Multiline properties in documentation are missing backslashes <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44790">#44790</a></li>
<li>Polish javadoc of SqlR2dbcScriptDatabaseInitializer <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44764">#44764</a></li>
<li>Document support for Java 24 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44754">#44754</a></li>
<li>Remove OpenShift link that 404s <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44748">#44748</a></li>
<li>Fix link to javadoc for JavaExec.setArgsString <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44536">#44536</a></li>
<li>Fix typo in documentation <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44523">#44523</a></li>
<li>Update descriptions of properties that no longer require Flyway
Teams <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44483">#44483</a></li>
<li>Fix typo in javadoc of
CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA <a
href="https://redirect.github.com/spring-projects/spring-boot/pull/44469">#44469</a></li>
<li>Samples for metadata annotation processers have invalid fold
attribute <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44420">#44420</a></li>
<li>Clarify which Mongo properties are ignored when URI property is set
<a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44404">#44404</a></li>
<li>Adapt Javadoc reference of JooqExceptionTranslator to use
ExceptionTranslatorExecuteListener <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44402">#44402</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Upgrade to ActiveMQ 6.1.6 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44663">#44663</a></li>
<li>Upgrade to AspectJ 1.9.23 <a
href="https://redirect.github.com/spring-projects/spring-boot/issues/44720">#44720</a></li>
<li>Upgrade t...

_Description has been truncated_

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:21:56 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b2ca702301 Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#3223)
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.1 to 4.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package &amp; prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a>
from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a>
Prepare for new release of actions/upload-artifact with new toolkit
cache ver...</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:21:36 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
902341565d Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 (#3222)
Bumps
[ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from
1.5.17 to 1.5.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.18</h2>
<p><strong>2025-03-18 Release of logback version 1.5.18</strong></p>
<p>• Added<a
href="https://logback.qos.ch/manual/appenders.html#fileCompression">
support for XZ compression</a> for archived log files. Note that XZ
compression requires Tukaani project's <a
href="https://tukaani.org/xz/java.html">XZ library</a> for Java. In case
XZ compression is requested but the XZ library is missing, then logback
will substitute GZ compression as a fallback. This feature was requested
in issues/755.</p>
<p>• Removed references to <code>java.security.AccessController</code>
class. This class has been deprecated for some time and is slated for
removal in future JDK versions.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag
v_1.5.18. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/b2a02f065379a9b1ba5ff837fc08913b744774bc"><code>b2a02f0</code></a>
prepare release 1.5.18</li>
<li><a
href="https://github.com/qos-ch/logback/commit/991de5828b2afc2ddb8fbc7b233bd660096d793f"><code>991de58</code></a>
remove references to AccessController marked for deletion in the
JDK</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f54ab16c8436475f16579e887c1305506212ac5a"><code>f54ab16</code></a>
If compression mode is XZ but the XZ library is missing, then fallback
to GZ ...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/fb45971e5457296abfcf706322a06563fb3df62a"><code>fb45971</code></a>
add support for XZ compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/31c1f55a1bf177922cf6a3c609a9d379f12d0693"><code>31c1f55</code></a>
add xz compression support with tests</li>
<li><a
href="https://github.com/qos-ch/logback/commit/8968d0fd43d065f2f0e63b6679e59c89e0c2a8b8"><code>8968d0f</code></a>
introduce strategy based compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/834059cb64ea8a6ca6e51c78fa0ac2b2797df0ed"><code>834059c</code></a>
start work on 1.5.18-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.17...v_1.5.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=gradle&previous-version=1.5.17&new-version=1.5.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 10:20:45 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
40fa725578 Bump org.springframework:spring-jdbc from 6.2.3 to 6.2.4 (#3189)
Bumps
[org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework)
from 6.2.3 to 6.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-jdbc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.4</h2>
<h2> New Features</h2>
<ul>
<li>JettyCoreHttpHandlerAdapter compatibility with Jetty 12.0.17 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34561">#34561</a></li>
<li>HandlerMethodValidationException.Visitor should support RequestBody
with method parameter constraints <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34549">#34549</a></li>
<li>Allow <code>ContentResultMatchersDsl</code> matchers for supertypes
of the checked type <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34542">#34542</a></li>
<li>Avoid <code>JarURLConnection</code> resource leak in
<code>AbstractFileResolvingResource.exists()</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34528">#34528</a></li>
<li>Deprecate <code>rowsExpected</code> property of
<code>SqlQuery</code> for removal <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34526">#34526</a></li>
<li>Supply <code>RuntimeHints</code> to an <code>AotContextLoader</code>
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34513">#34513</a></li>
<li>Deprecate and remove use of UrlPathHelper in
ServletWebSocketHandlerRegistry <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34508">#34508</a></li>
<li>Avoid unnecessary CGLIB processing on configuration classes <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34486">#34486</a></li>
<li>Inconsistent default class loaders in hint classes <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34470">#34470</a></li>
<li>Add missing converters to <code>DefaultRestClientBuilder</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34439">#34439</a></li>
<li>Improve <code>BeanFactory</code>/<code>ObjectProvider</code> to
select the only one default candidate among non-default candidates <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34432">#34432</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li><code>MockCookie.parse()</code> fails to parse custom attribute with
a value <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34575">#34575</a></li>
<li><code>BeanNotOfRequiredTypeException</code> if <code>@Bean</code>
factory method returns <code>null</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34543">#34543</a></li>
<li>Regression in 6.2.3: No unique bean available for injection point
with unresolvable generics <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34541">#34541</a></li>
<li>GenericConversionService cannot find a converter when converting to
a Kotlin list of maps <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34535">#34535</a></li>
<li>isClientDisconnectedException needs to protect against null input <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34533">#34533</a></li>
<li>spring boot 3.4.3 + TimedAspect causes thread to hang <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34522">#34522</a></li>
<li>Missing Partitioned cookie support in reactive HTTP clients <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34521">#34521</a></li>
<li>DefaultManagedTaskExecutor throws
java.lang.UnsupportedOperationException: isShutdown when rejecting tasks
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34514">#34514</a></li>
<li>FileSystemResource location does not end with slash for
RouterFunction check <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34509">#34509</a></li>
<li>AbstractJackson2HttpMessageConverter not resolving generic type for
request body since 6.2.3 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34504">#34504</a></li>
<li>Request param handling in HttpRequestValues overrides existing URI
variables with same name <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34499">#34499</a></li>
<li>MockHttpServletResponse - handle multiple values for
Content-Language header <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34488">#34488</a></li>
<li>Endless loop with DataSourceUtils in spring-jdbc <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34484">#34484</a></li>
<li>MockHttpServletResponse#setHeader does not remove header for null
values <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34464">#34464</a></li>
<li>ContentCachingResponseWrapper.setHeader does not handle null value
properly. <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34460">#34460</a></li>
<li>Component scan fails to find bean candidates in the embedded jar
file in META-INF/context.xml for embedded Tomcat application <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34446">#34446</a></li>
<li>6.2.0 broke with &quot;Could not register object
[<code>@someHash</code>] under bean name 'blabla': there is already
object [<code>@sameHash</code>] bound&quot; <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34427">#34427</a></li>
<li>503 status code after completing SseEmitter in onTimeout <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34426">#34426</a></li>
<li><code>NullPointerException</code> thrown when
<code>ConfigurationClassEnhancer</code> creates CGLIB proxy <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34423">#34423</a></li>
<li>Add onRequest() hook for propagating request from downstream <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34388">#34388</a></li>
<li>Content-Type response header duplicated for failed
StreamingResponseBody return value <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34366">#34366</a></li>
<li>Task scheduler configured by XML is not eligible for getting
processed by all BeanPostProcessors <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34015">#34015</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Fix typo in Spring MVC error responses documentation <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34552">#34552</a></li>
<li>Document that Spring Framework 6.x does not yet support JSpecify
annotations <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34551">#34551</a></li>
<li>Fix web and webflux reference links <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34517">#34517</a></li>
<li>Document default KeyGenerator in spring-cache XSD <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34468">#34468</a></li>
<li>Fix broken antora task <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34454">#34454</a></li>
<li>Add <code>@since</code> tag for formField() and formFields in
MockHttpServletRequestDsl <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34448">#34448</a></li>
<li>Improve Javadoc of ObjectProvider to clarify what is unique <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34447">#34447</a></li>
<li>rest-http-interface example code can't run <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34443">#34443</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/eb3f034cd9d9982abfbd20c3f78da80c6a204bd0"><code>eb3f034</code></a>
Release v6.2.4</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/387677eae8ebc2b641e24d274c87980743c6d1cc"><code>387677e</code></a>
Upgrade to JUnit 5.12</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/4a314867d733fa39c3f749b4664812f44fb3b91f"><code>4a31486</code></a>
Upgrade to Reactor 2024.0.4 and Micrometer 1.14.5</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/020f556841a60071add53144365358f4f1fd5d7b"><code>020f556</code></a>
Support custom attribute with a value in MockCookie.parse()</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/6ea3b5a0e887a0f1ad7cf593ee1ded2c87de3d81"><code>6ea3b5a</code></a>
Fix Javadoc failure</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/d764087dbf2b40031d271bf14184eecab307878c"><code>d764087</code></a>
Correct since tag</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9ab43b138aafca1dfbdfe4b300cf25f5b5a9e1db"><code>9ab43b1</code></a>
Enhancement in HandlerMethodValidationException</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/09ae080b99c454a2020100eecd0c1bff241cdf3a"><code>09ae080</code></a>
isDisconnectedClientException protected for null</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/70a1b2fae3d1fe3c7ec7754947d5f532997cc3dc"><code>70a1b2f</code></a>
Upgrade to Checkstyle 10.21.4</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/90ddb40d7a26798c340cdfdd74f379a57e931ed1"><code>90ddb40</code></a>
Upgrade to Jetty 12.0.17 and Jetty Reactive HttpClient 4.0.9</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.3...v6.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-jdbc&package-manager=gradle&previous-version=6.2.3&new-version=6.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 08:23:19 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f41dc25987 Bump org.springframework:spring-webmvc from 6.2.3 to 6.2.4 (#3190)
Bumps
[org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework)
from 6.2.3 to 6.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-framework/releases">org.springframework:spring-webmvc's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.4</h2>
<h2> New Features</h2>
<ul>
<li>JettyCoreHttpHandlerAdapter compatibility with Jetty 12.0.17 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34561">#34561</a></li>
<li>HandlerMethodValidationException.Visitor should support RequestBody
with method parameter constraints <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34549">#34549</a></li>
<li>Allow <code>ContentResultMatchersDsl</code> matchers for supertypes
of the checked type <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34542">#34542</a></li>
<li>Avoid <code>JarURLConnection</code> resource leak in
<code>AbstractFileResolvingResource.exists()</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34528">#34528</a></li>
<li>Deprecate <code>rowsExpected</code> property of
<code>SqlQuery</code> for removal <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34526">#34526</a></li>
<li>Supply <code>RuntimeHints</code> to an <code>AotContextLoader</code>
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34513">#34513</a></li>
<li>Deprecate and remove use of UrlPathHelper in
ServletWebSocketHandlerRegistry <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34508">#34508</a></li>
<li>Avoid unnecessary CGLIB processing on configuration classes <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34486">#34486</a></li>
<li>Inconsistent default class loaders in hint classes <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34470">#34470</a></li>
<li>Add missing converters to <code>DefaultRestClientBuilder</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34439">#34439</a></li>
<li>Improve <code>BeanFactory</code>/<code>ObjectProvider</code> to
select the only one default candidate among non-default candidates <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34432">#34432</a></li>
</ul>
<h2>🐞 Bug Fixes</h2>
<ul>
<li><code>MockCookie.parse()</code> fails to parse custom attribute with
a value <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34575">#34575</a></li>
<li><code>BeanNotOfRequiredTypeException</code> if <code>@Bean</code>
factory method returns <code>null</code> <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34543">#34543</a></li>
<li>Regression in 6.2.3: No unique bean available for injection point
with unresolvable generics <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34541">#34541</a></li>
<li>GenericConversionService cannot find a converter when converting to
a Kotlin list of maps <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34535">#34535</a></li>
<li>isClientDisconnectedException needs to protect against null input <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34533">#34533</a></li>
<li>spring boot 3.4.3 + TimedAspect causes thread to hang <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34522">#34522</a></li>
<li>Missing Partitioned cookie support in reactive HTTP clients <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34521">#34521</a></li>
<li>DefaultManagedTaskExecutor throws
java.lang.UnsupportedOperationException: isShutdown when rejecting tasks
<a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34514">#34514</a></li>
<li>FileSystemResource location does not end with slash for
RouterFunction check <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34509">#34509</a></li>
<li>AbstractJackson2HttpMessageConverter not resolving generic type for
request body since 6.2.3 <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34504">#34504</a></li>
<li>Request param handling in HttpRequestValues overrides existing URI
variables with same name <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34499">#34499</a></li>
<li>MockHttpServletResponse - handle multiple values for
Content-Language header <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34488">#34488</a></li>
<li>Endless loop with DataSourceUtils in spring-jdbc <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34484">#34484</a></li>
<li>MockHttpServletResponse#setHeader does not remove header for null
values <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34464">#34464</a></li>
<li>ContentCachingResponseWrapper.setHeader does not handle null value
properly. <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34460">#34460</a></li>
<li>Component scan fails to find bean candidates in the embedded jar
file in META-INF/context.xml for embedded Tomcat application <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34446">#34446</a></li>
<li>6.2.0 broke with &quot;Could not register object
[<code>@someHash</code>] under bean name 'blabla': there is already
object [<code>@sameHash</code>] bound&quot; <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34427">#34427</a></li>
<li>503 status code after completing SseEmitter in onTimeout <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34426">#34426</a></li>
<li><code>NullPointerException</code> thrown when
<code>ConfigurationClassEnhancer</code> creates CGLIB proxy <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34423">#34423</a></li>
<li>Add onRequest() hook for propagating request from downstream <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34388">#34388</a></li>
<li>Content-Type response header duplicated for failed
StreamingResponseBody return value <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34366">#34366</a></li>
<li>Task scheduler configured by XML is not eligible for getting
processed by all BeanPostProcessors <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34015">#34015</a></li>
</ul>
<h2>📔 Documentation</h2>
<ul>
<li>Fix typo in Spring MVC error responses documentation <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34552">#34552</a></li>
<li>Document that Spring Framework 6.x does not yet support JSpecify
annotations <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34551">#34551</a></li>
<li>Fix web and webflux reference links <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34517">#34517</a></li>
<li>Document default KeyGenerator in spring-cache XSD <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34468">#34468</a></li>
<li>Fix broken antora task <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34454">#34454</a></li>
<li>Add <code>@since</code> tag for formField() and formFields in
MockHttpServletRequestDsl <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34448">#34448</a></li>
<li>Improve Javadoc of ObjectProvider to clarify what is unique <a
href="https://redirect.github.com/spring-projects/spring-framework/pull/34447">#34447</a></li>
<li>rest-http-interface example code can't run <a
href="https://redirect.github.com/spring-projects/spring-framework/issues/34443">#34443</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/eb3f034cd9d9982abfbd20c3f78da80c6a204bd0"><code>eb3f034</code></a>
Release v6.2.4</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/387677eae8ebc2b641e24d274c87980743c6d1cc"><code>387677e</code></a>
Upgrade to JUnit 5.12</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/4a314867d733fa39c3f749b4664812f44fb3b91f"><code>4a31486</code></a>
Upgrade to Reactor 2024.0.4 and Micrometer 1.14.5</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/020f556841a60071add53144365358f4f1fd5d7b"><code>020f556</code></a>
Support custom attribute with a value in MockCookie.parse()</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/6ea3b5a0e887a0f1ad7cf593ee1ded2c87de3d81"><code>6ea3b5a</code></a>
Fix Javadoc failure</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/d764087dbf2b40031d271bf14184eecab307878c"><code>d764087</code></a>
Correct since tag</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/9ab43b138aafca1dfbdfe4b300cf25f5b5a9e1db"><code>9ab43b1</code></a>
Enhancement in HandlerMethodValidationException</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/09ae080b99c454a2020100eecd0c1bff241cdf3a"><code>09ae080</code></a>
isDisconnectedClientException protected for null</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/70a1b2fae3d1fe3c7ec7754947d5f532997cc3dc"><code>70a1b2f</code></a>
Upgrade to Checkstyle 10.21.4</li>
<li><a
href="https://github.com/spring-projects/spring-framework/commit/90ddb40d7a26798c340cdfdd74f379a57e931ed1"><code>90ddb40</code></a>
Upgrade to Jetty 12.0.17 and Jetty Reactive HttpClient 4.0.9</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-framework/compare/v6.2.3...v6.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-webmvc&package-manager=gradle&previous-version=6.2.3&new-version=6.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 08:21:31 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
976342e10a Bump docker/login-action from 3.3.0 to 3.4.0 (#3188)
Bumps [docker/login-action](https://github.com/docker/login-action) from
3.3.0 to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<ul>
<li>Bump <code>@​actions/core</code> from 1.10.1 to 1.11.1 in <a
href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> to 3.766.0 in <a
href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a>
<a
href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> to 3.758.0 in <a
href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a>
<a
href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a>
<a
href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a>
<a
href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li>
<li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a
href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li>
<li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a
href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li>
<li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a
href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/74a5d142397b4f367a81961eba4e8cd7edddf772"><code>74a5d14</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/856">#856</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/2f4f00e4c6fe8a50cdd1fd618421be2e92b2f201"><code>2f4f00e</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/67c184546cf989af16f02a1b5359e4bde3cdc524"><code>67c1845</code></a>
build(deps): bump the aws-sdk-dependencies group across 1 directory with
2 up...</li>
<li><a
href="https://github.com/docker/login-action/commit/3d4cc89e85e0cac73870ab81d3b72c0b700870d1"><code>3d4cc89</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/844">#844</a>
from graysonpike/master</li>
<li><a
href="https://github.com/docker/login-action/commit/6cc823a6c4738f797f031790fa7f982b7a8dcfdc"><code>6cc823a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/823">#823</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="https://github.com/docker/login-action/commit/d94e792124647378e94c07359922f0f821a9fab2"><code>d94e792</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/033db0da3047b4d01e249d66f56ae16a2ed6af87"><code>033db0d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/812">#812</a>
from docker/dependabot/github_actions/codecov/codecov...</li>
<li><a
href="https://github.com/docker/login-action/commit/09c2ae9716c0bacef3c03e120a61c28adfb8595b"><code>09c2ae9</code></a>
build(deps): bump https-proxy-agent</li>
<li><a
href="https://github.com/docker/login-action/commit/ba56f006fc7190f752d4e6e1312f85697984a229"><code>ba56f00</code></a>
ci: update deprecated input for codecov-action</li>
<li><a
href="https://github.com/docker/login-action/commit/75bf9a79af089e9aa009972a6ecb22190a520679"><code>75bf9a7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/858">#858</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 07:58:56 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f0fd6526b6 Bump org.springframework.security:spring-security-saml2-service-provider from 6.4.3 to 6.4.4 (#3197)
Bumps
[org.springframework.security:spring-security-saml2-service-provider](https://github.com/spring-projects/spring-security)
from 6.4.3 to 6.4.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's
releases</a>.</em></p>
<blockquote>
<h2>6.4.4</h2>
<h2>🪲 Bug Fixes</h2>
<ul>
<li>Add testRuntimeOnly junit-platform-launcher <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16756">#16756</a></li>
<li>Align Method Traversal Algorithm with Spring Framework <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16751">#16751</a></li>
<li>Disable Flaky WebAuthnWebDriverTests <a
href="https://redirect.github.com/spring-projects/spring-security/issues/16753">#16753</a></li>
<li>Fix <code>@PostResult</code> example in method-security doc <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16628">#16628</a></li>
<li>Grammar Fixes in OAuth 2.0 JavaDoc <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16619">#16619</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16649">#16649</a></li>
<li>Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16692">#16692</a></li>
<li>Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to
0.28.6.RELEASE <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16691">#16691</a></li>
<li>Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16715">#16715</a></li>
<li>Bump io.mockk:mockk from 1.13.16 to 1.13.17 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16675">#16675</a></li>
<li>Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16725">#16725</a></li>
<li>Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to
6.6.11.Final <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16748">#16748</a></li>
<li>Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to
4.33.24 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16669">#16669</a></li>
<li>Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16650">#16650</a></li>
<li>Bump org.springframework.data:spring-data-bom from 2024.1.3 to
2024.1.4 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16749">#16749</a></li>
<li>Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 <a
href="https://redirect.github.com/spring-projects/spring-security/pull/16733">#16733</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/Kuba15"><code>@​Kuba15</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot],
and <a
href="https://github.com/pat-mccusker"><code>@​pat-mccusker</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spring-projects/spring-security/commit/3d9cd31122161aed337655e68da5c395f8b6c3f6"><code>3d9cd31</code></a>
Release 6.4.4</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/04f530bc1bf75fe3251c2adbf3f58ce6579d496b"><code>04f530b</code></a>
opensamlFiveTest.extendsFrom testRuntimeOnly</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/bf619fc3dc43acf7d943149348f5538394ec1358"><code>bf619fc</code></a>
Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/488de5af701ee7a0a3ac3634a451aa19fb0d0303"><code>488de5a</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/709d9bc039ea45642a2748e18764f51fe886a48b"><code>709d9bc</code></a>
Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/067ed2bab42fb5a86f4f6e7328982b2c1f4f1785"><code>067ed2b</code></a>
Bump org.springframework.data:spring-data-bom from 2024.1.3 to
2024.1.4</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/1db6718f69d0899745e1c620b46729dc6fe3beba"><code>1db6718</code></a>
Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to
6.6.11.Final</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/41fc38397416ff1cb880ed62ca8ec00f7acb77db"><code>41fc383</code></a>
Merge branch '6.3.x' into 6.4.x</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/d9bb16e913ddb0086f06f49236e16f5509a0c6da"><code>d9bb16e</code></a>
Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16</li>
<li><a
href="https://github.com/spring-projects/spring-security/commit/11114919ec545492621fde37b0cd420df05a7b38"><code>1111491</code></a>
Bump org.springframework.data:spring-data-bom from 2024.0.9 to
2024.0.10</li>
<li>Additional commits viewable in <a
href="https://github.com/spring-projects/spring-security/compare/6.4.3...6.4.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.security:spring-security-saml2-service-provider&package-manager=gradle&previous-version=6.4.3&new-version=6.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 07:54:06 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
0747ea68f5 Bump io.micrometer:micrometer-core from 1.14.4 to 1.14.5 (#3159)
Bumps
[io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer)
from 1.14.4 to 1.14.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's
releases</a>.</em></p>
<blockquote>
<h2>1.14.5</h2>
<h2>🐞 Bug Fixes</h2>
<ul>
<li><code>Distribution value with |count| of 0 has a non-zero |mean|
value of XXX</code> errors in logs - similar to <a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/4868">#4868</a>
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5927">#5927</a></li>
</ul>
<h2>🔨 Dependency Upgrades</h2>
<ul>
<li>Bump com.fasterxml.jackson.core:jackson-databind from 2.18.2 to
2.18.3 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5989">#5989</a></li>
<li>Bump com.netflix.spectator:spectator-reg-atlas from 1.8.4 to 1.8.6
<a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5941">#5941</a></li>
<li>Bump io.prometheus:prometheus-metrics-bom from 1.3.5 to 1.3.6 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5938">#5938</a></li>
<li>Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.5 to 0.4.6 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5940">#5940</a></li>
<li>Bump spring6 from 6.1.16 to 6.1.17 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5926">#5926</a></li>
<li>Bump testcontainers from 1.20.4 to 1.20.5 <a
href="https://redirect.github.com/micrometer-metrics/micrometer/pull/5949">#5949</a></li>
</ul>
<h2>❤️ Contributors</h2>
<p>Thank you to all the contributors who worked on this release:</p>
<p><a href="https://github.com/AlexElin"><code>@​AlexElin</code></a>,
and <a href="https://github.com/izeye"><code>@​izeye</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/4ff1bbf5b1326419d3a044ef9e2fac23377a51f9"><code>4ff1bbf</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/c92ff3dae61458523e1ca623db3b18476dd8e7ab"><code>c92ff3d</code></a>
Added release train gh action workflow</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/7cdce348561c9021e6ce42375f9e9fb26dc43ce2"><code>7cdce34</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/3a55d71bc2c711fbe1a099ad4f087a4afd28d53a"><code>3a55d71</code></a>
Clarify JavaDoc for JMS <code>DESTINATION_NAME</code> (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5988">#5988</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/0d6bcec434656a34a4aeebe209ac1eb61513c8dd"><code>0d6bcec</code></a>
Merge branch '1.13.x' into 1.14.x</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/6e70957c4c8438889b1a9d6ee20a973516511683"><code>6e70957</code></a>
Fix flakiness in
JmsInstrumentationTests.shouldInstrumentMessageListener() (#...</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/a5fe903b82fcd778cc0536a0928ea7ceaa9667c2"><code>a5fe903</code></a>
Try to reduce flakiness in
JvmGcMetricsTest.gcTimingIsCorrectForPauseCycleCol...</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/41069635c0db2c7cb550f0008903054d1f071ee4"><code>4106963</code></a>
Bump testcontainers from 1.20.5 to 1.20.6 (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5998">#5998</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/c3d8dcf4591eb7f3d663f2bde375f738fba99a16"><code>c3d8dcf</code></a>
Bump com.fasterxml.jackson.core:jackson-databind from 2.18.2 to 2.18.3
(<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5989">#5989</a>)</li>
<li><a
href="https://github.com/micrometer-metrics/micrometer/commit/d73e34108b63e328b8f31536dec5908f00b5c8d2"><code>d73e341</code></a>
Bump io.netty:netty-bom from 4.1.118.Final to 4.1.119.Final (<a
href="https://redirect.github.com/micrometer-metrics/micrometer/issues/5980">#5980</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micrometer-metrics/micrometer/compare/v1.14.4...v1.14.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.4&new-version=1.14.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 10:19:49 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
885b3f049e Bump gradle from 8.12-jdk21 to 8.13-jdk21 (#3158)
Bumps gradle from 8.12-jdk21 to 8.13-jdk21.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle&package-manager=docker&previous-version=8.12-jdk21&new-version=8.13-jdk21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 10:19:27 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
b99ad89db0 Bump github/codeql-action from 3.28.10 to 3.28.11 (#3144)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.10 to 3.28.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.11</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.11/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/6bb031afdd8eb862ea3fc1848194185e076637e5"><code>6bb031a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2798">#2798</a>
from github/update-v3.28.11-56b25d5d5</li>
<li><a
href="https://github.com/github/codeql-action/commit/6bca7dd940f38115b5e3696bd79bbb020563bb1f"><code>6bca7dd</code></a>
Update changelog for v3.28.11</li>
<li><a
href="https://github.com/github/codeql-action/commit/56b25d5d5251df651f82070735778784aa383094"><code>56b25d5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2793">#2793</a>
from github/update-bundle/codeql-bundle-v2.20.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/256aa1658211f7bf42a0ee5b18a106fe81baa524"><code>256aa16</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/911d845ab60270de25813c5a148ec9501e857340"><code>911d845</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2796">#2796</a>
from github/nickfyson/adjust-rate-error-string</li>
<li><a
href="https://github.com/github/codeql-action/commit/7b7ed635033f63c6f84ab377f726dc0b933bd593"><code>7b7ed63</code></a>
adjust string for handling rate limit error</li>
<li><a
href="https://github.com/github/codeql-action/commit/608ccd6cd915d2c43d3059c3da518f36f07a56b0"><code>608ccd6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2794">#2794</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/35d04d3627f40144b1b19daa99f2449297367ec9"><code>35d04d3</code></a>
Update supported GitHub Enterprise Server versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/ec3b22164b6b09c9b3d63ff4e9d41084895602b0"><code>ec3b221</code></a>
Update supported GitHub Enterprise Server versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/8dc01f6342a3f934d1a339917531a4d8beda41bc"><code>8dc01f6</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...6bb031afdd8eb862ea3fc1848194185e076637e5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.10&new-version=3.28.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-10 08:21:28 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
d65974a7e1 Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#3145)
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 7.0.7 to 7.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v7.0.8</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3751">peter-evans/create-pull-request#3751</a></li>
<li>build(deps-dev): bump eslint-import-resolver-typescript from 3.8.1
to 3.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3752">peter-evans/create-pull-request#3752</a></li>
<li>build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from
11.4.2 to 11.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3753">peter-evans/create-pull-request#3753</a></li>
<li>build(deps-dev): bump prettier from 3.5.1 to 3.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3754">peter-evans/create-pull-request#3754</a></li>
<li>fix: suppress output for some git operations by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3776">peter-evans/create-pull-request#3776</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v7.0.7...v7.0.8">https://github.com/peter-evans/create-pull-request/compare/v7.0.7...v7.0.8</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/271a8d0340265f705b14b6d32b9829c1cb33d45e"><code>271a8d0</code></a>
fix: suppress output for some git operations (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3776">#3776</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/6f7efd1c24d02e0d947dd3f6f9618019afb36781"><code>6f7efd1</code></a>
test: update cpr-example-command</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/13c47c574799c8eb0a033eba252619135e70f392"><code>13c47c5</code></a>
build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3754">#3754</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/63e58290d72e889603c931363c5169ba1bbe3fed"><code>63e5829</code></a>
build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from
11.4.2 to 11.4.3 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3753">#3753</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a92c90fcab983421cc9bc736a06daea58c68d0db"><code>a92c90f</code></a>
build(deps-dev): bump eslint-import-resolver-typescript (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3752">#3752</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/b23b62d48799ec46790610dd74b29cb9ba2eef30"><code>b23b62d</code></a>
build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3751">#3751</a>)</li>
<li>See full diff in <a
href="https://github.com/peter-evans/create-pull-request/compare/dd2324fc52d5d43c699a5636bcf19fceaa70c284...271a8d0340265f705b14b6d32b9829c1cb33d45e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.7&new-version=7.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-10 08:21:15 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
58edc777c0 Bump actions/create-github-app-token from 1.11.5 to 1.11.6 (#3109)
Bumps
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
from 1.11.5 to 1.11.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.6</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6">1.11.6</a>
(2025-03-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump the production-dependencies group with 2
updates (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/210">#210</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/1ff1dea6a9d1de5b4795e5314291e04acc63c38b">1ff1dea</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/21cfef2b496dd8ef5b904c159339626a10ad380e"><code>21cfef2</code></a>
build(release): 1.11.6 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/1ff1dea6a9d1de5b4795e5314291e04acc63c38b"><code>1ff1dea</code></a>
fix(deps): bump the production-dependencies group with 2 updates (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/210">#210</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/create-github-app-token/compare/0d564482f06ca65fa9e77e2510873638c82206f2...21cfef2b496dd8ef5b904c159339626a10ad380e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/create-github-app-token&package-manager=github_actions&previous-version=1.11.5&new-version=1.11.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 08:39:41 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ba7c949d1a Bump actions/download-artifact from 4.1.8 to 4.1.9 (#3090)
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.1.8 to 4.1.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.9</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li>
<li>docs: small migration fix by <a
href="https://github.com/froblesmartin"><code>@​froblesmartin</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li>
<li>Update MIGRATION.md by <a
href="https://github.com/andyfeller"><code>@​andyfeller</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li>
<li>Update artifact package to 2.2.2 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li>
<li><a
href="https://github.com/froblesmartin"><code>@​froblesmartin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li>
<li><a
href="https://github.com/andyfeller"><code>@​andyfeller</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li>
<li><a href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4...v4.1.9">https://github.com/actions/download-artifact/compare/v4...v4.1.9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/cc203385981b70ca67e1cc392babf9cc229d5806"><code>cc20338</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/380">#380</a>
from actions/yacaovsnc/release_4_1_9</li>
<li><a
href="https://github.com/actions/download-artifact/commit/1fc0fee191f40422f502da571c0f01ff460afe53"><code>1fc0fee</code></a>
Update artifact package to 2.2.2</li>
<li><a
href="https://github.com/actions/download-artifact/commit/7fba95161a0924506ed1ae69cdbae8371ee00b3f"><code>7fba951</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/372">#372</a>
from andyfeller/patch-1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f9ceb7763ba1fdfd81b2e2f93aa1f6015ff6b35d"><code>f9ceb77</code></a>
Update MIGRATION.md</li>
<li><a
href="https://github.com/actions/download-artifact/commit/533298bc57c27f112a2c04a74a04a4d43e2866fd"><code>533298b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/370">#370</a>
from froblesmartin/patch-1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/d06289e120b300840a833b25db66cb8c19f5d274"><code>d06289e</code></a>
docs: small migration fix</li>
<li><a
href="https://github.com/actions/download-artifact/commit/d0ce8fd1167ed839810201de977912a090ab10a7"><code>d0ce8fd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/354">#354</a>
from actions/Jcambass-patch-1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/1ce0d91ace59dfbf6763107ee5aa8466ebbadf48"><code>1ce0d91</code></a>
Add workflow file for publishing releases to immutable action
package</li>
<li>See full diff in <a
href="https://github.com/actions/download-artifact/compare/fa0a91b85d4f404e444e00e005971372dc801d16...cc203385981b70ca67e1cc392babf9cc229d5806">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.1.8&new-version=4.1.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:40:33 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
04cfa9b0f3 Bump docker/build-push-action from 6.14.0 to 6.15.0 (#3091)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.14.0 to 6.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.15.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.55.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1330">docker/build-push-action#1330</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0">https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/471d1dc4e07e5cdedd4c2171150001c434f0b7a4"><code>471d1dc</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1330">#1330</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="https://github.com/docker/build-push-action/commit/b89ff0a6f27deae3d7f5803e80f1de9415b673c8"><code>b89ff0a</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/1e3ae3a4d3bba144fbd440e91219e1cd3bc38d69"><code>1e3ae3a</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.55.0 to
0.56.0</li>
<li><a
href="https://github.com/docker/build-push-action/commit/b16f42f92abaeb7610fd7fc99ab230d13e79e275"><code>b16f42f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1325">#1325</a>
from crazy-max/buildx-edge</li>
<li><a
href="https://github.com/docker/build-push-action/commit/dc0fea5e62c3379ed8d79ee70c09796499a5f799"><code>dc0fea5</code></a>
ci: update buildx to edge and buildkit to latest</li>
<li>See full diff in <a
href="https://github.com/docker/build-push-action/compare/0adf9959216b96bec444f325f1e493d4aa344497...471d1dc4e07e5cdedd4c2171150001c434f0b7a4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.14.0&new-version=6.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:37:06 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bc9148073c Bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#3092)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.4.0 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<ul>
<li>Display binfmt version by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/202">docker/setup-qemu-action#202</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0</a></p>
<h2>v3.5.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/205">docker/setup-qemu-action#205</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/29109295f81e9208d7d86ff1c6c12d2833863392"><code>2910929</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/202">#202</a>
from crazy-max/binfmt-version</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/7ffe24aa9a8440b164354dd7e2e6793b43bc73fa"><code>7ffe24a</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/17bc18bb05034c78f2ede32a8bbefcb428ed3f54"><code>17bc18b</code></a>
display binfmt version</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/5964de0df58d5ad28b04d8fe2e6b80ad47105b91"><code>5964de0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/205">#205</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/862b6633f805f5f6aa43ff50a2177924d5a38852"><code>862b663</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/138de3b6464b863fed6a98c1fae46faa58f98dee"><code>138de3b</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.54.0 to
0.56.0</li>
<li>See full diff in <a
href="https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.4.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:36:23 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5c4f463cc8 Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#3093)
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 3.9.0 to 3.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.10.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/408">docker/setup-buildx-action#408</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0">https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"><code>b5ca514</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/408">#408</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/1418a4ef330cff3d80e8707b47780be815fb20db"><code>1418a4e</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/93acf831ce48bc806b62b1e892b89fca8bf213e0"><code>93acf83</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.54.0 to
0.56.0</li>
<li>See full diff in <a
href="https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=3.9.0&new-version=3.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:35:43 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
127256c3da Bump docker/metadata-action from 5.6.1 to 5.7.0 (#3094)
Bumps
[docker/metadata-action](https://github.com/docker/metadata-action) from
5.6.1 to 5.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/metadata-action/releases">docker/metadata-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.7.0</h2>
<ul>
<li>Global expressions support for labels and annotations by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/metadata-action/pull/489">docker/metadata-action#489</a></li>
<li>Support disabling outputs as environment variables by <a
href="https://github.com/omus"><code>@​omus</code></a> in <a
href="https://redirect.github.com/docker/metadata-action/pull/497">docker/metadata-action#497</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.44.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/507">docker/metadata-action#507</a>
<a
href="https://redirect.github.com/docker/metadata-action/pull/509">docker/metadata-action#509</a></li>
<li>Bump csv-parse from 5.5.6 to 5.6.0 in <a
href="https://redirect.github.com/docker/metadata-action/pull/482">docker/metadata-action#482</a></li>
<li>Bump moment-timezone from 0.5.46 to 0.5.47 in <a
href="https://redirect.github.com/docker/metadata-action/pull/501">docker/metadata-action#501</a></li>
<li>Bump semver from 7.6.3 to 7.7.1 in <a
href="https://redirect.github.com/docker/metadata-action/pull/504">docker/metadata-action#504</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0">https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/metadata-action/commit/902fa8ec7d6ecbf8d84d538b9b233a880e428804"><code>902fa8e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/504">#504</a>
from docker/dependabot/npm_and_yarn/semver-7.7.1</li>
<li><a
href="https://github.com/docker/metadata-action/commit/c30b9c27e61e950956355394454702216b74bd42"><code>c30b9c2</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/metadata-action/commit/0698804aabf8041ea6b78301daf0baeb8dad2496"><code>0698804</code></a>
chore(deps): Bump semver from 7.6.3 to 7.7.1</li>
<li><a
href="https://github.com/docker/metadata-action/commit/bb3eecaaf832752e6a3e352de3b1ff2d11194b49"><code>bb3eeca</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/501">#501</a>
from docker/dependabot/npm_and_yarn/moment-timezone-0...</li>
<li><a
href="https://github.com/docker/metadata-action/commit/94a839cf6aa9c58e06cf1ea8c8490eae3ef9794b"><code>94a839c</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/metadata-action/commit/ecd51a0f6a5f2594db412c7e8304064c1be02f6a"><code>ecd51a0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/509">#509</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/metadata-action/commit/a85b1dbfe6a9f73e361ba3404493fe57f9d783e7"><code>a85b1db</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.55.0 to
0.56.0</li>
<li><a
href="https://github.com/docker/metadata-action/commit/5a76a0efcf13a52fea4449d4e07d44d6f1e61046"><code>5a76a0e</code></a>
chore(deps): Bump moment-timezone from 0.5.46 to 0.5.47</li>
<li><a
href="https://github.com/docker/metadata-action/commit/1cc4a9856a30691d5bd4376b110fab84260af4b5"><code>1cc4a98</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/482">#482</a>
from docker/dependabot/npm_and_yarn/csv-parse-5.6.0</li>
<li><a
href="https://github.com/docker/metadata-action/commit/d84de1e022f1b49a635274988425c331f19d0f7a"><code>d84de1e</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.6.1&new-version=5.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:35:32 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8f7153b30a Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 (#3069)
Bumps
[ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from
1.5.16 to 1.5.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.17</h2>
<p><strong>2025-02-25 Release of logback version 1.5.17</strong></p>
<p>• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe
console when the default terminal application is set to &quot;Windows
Console Host&quot;. This problem was reported in issues/753 by Michael
Lyubkin.</p>
<p>• Fixed race condition occurring in case MDC class is initialized
while org.slf4j.LoggerFactory is initializing logback-classic's
LoggerContext. When this race conditions occurs, the MDCAdapter instance
used by MDC does not match the instance used by logback-classic. This
issue was reported in SLF4J issues/450. While logback-classic version
1.5.17 remains compatible with SLF4J versions in the 2.0.x series,
fixing this particular MDC issue requires SLF4J version 2.0.17.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag
v_1.5.17. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/10358724ed723b3745c010aa40cb02a2dfed4593"><code>1035872</code></a>
prepare release 1.5.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/2e6984d1e16c78c703a62bf2789a9c157d7bc050"><code>2e6984d</code></a>
bump to slf4j version 2.0.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/100995244bf75ded9cb51bade91f84e63f349474"><code>1009952</code></a>
use a new LoggerContert instance when running LogbackListenerTest. This
shoul...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/a3bb4b096aa32874eec304cb0456e526711402f4"><code>a3bb4b0</code></a>
Merge branch 'master' of github.com:qos-ch/logback</li>
<li><a
href="https://github.com/qos-ch/logback/commit/b507297eaa2868479b2d41a666f0aef750fe0079"><code>b507297</code></a>
Fixed race condition occurring in case MDC class is initialized while
org.slf...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f5b3bc56cd1c1bcf4e8419383c1049912bc51c6f"><code>f5b3bc5</code></a>
add warning about the deprecation of SerializedModelConfigurator if
activated</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5bc0998ce1899195bd6c57b9708493197a68db95"><code>5bc0998</code></a>
Update README.md</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5610c96b4d705a4fe6ded9c42d4f47cb92bbbd95"><code>5610c96</code></a>
correct relocation address</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f3d100b89d1546b10da553b1d8f741ad404504bd"><code>f3d100b</code></a>
update logback-access evaluator examples</li>
<li><a
href="https://github.com/qos-ch/logback/commit/51e390303eb27a70b16b0b8902e0240bb79f7d51"><code>51e3903</code></a>
fix issues/753 for the second time</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=gradle&previous-version=1.5.16&new-version=1.5.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-26 16:23:09 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
366bec602d Bump ch.qos.logback:logback-core from 1.5.16 to 1.5.17 (#3068)
Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback)
from 1.5.16 to 1.5.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.17</h2>
<p><strong>2025-02-25 Release of logback version 1.5.17</strong></p>
<p>• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe
console when the default terminal application is set to &quot;Windows
Console Host&quot;. This problem was reported in issues/753 by Michael
Lyubkin.</p>
<p>• Fixed race condition occurring in case MDC class is initialized
while org.slf4j.LoggerFactory is initializing logback-classic's
LoggerContext. When this race conditions occurs, the MDCAdapter instance
used by MDC does not match the instance used by logback-classic. This
issue was reported in SLF4J issues/450. While logback-classic version
1.5.17 remains compatible with SLF4J versions in the 2.0.x series,
fixing this particular MDC issue requires SLF4J version 2.0.17.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag
v_1.5.17. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/10358724ed723b3745c010aa40cb02a2dfed4593"><code>1035872</code></a>
prepare release 1.5.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/2e6984d1e16c78c703a62bf2789a9c157d7bc050"><code>2e6984d</code></a>
bump to slf4j version 2.0.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/100995244bf75ded9cb51bade91f84e63f349474"><code>1009952</code></a>
use a new LoggerContert instance when running LogbackListenerTest. This
shoul...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/a3bb4b096aa32874eec304cb0456e526711402f4"><code>a3bb4b0</code></a>
Merge branch 'master' of github.com:qos-ch/logback</li>
<li><a
href="https://github.com/qos-ch/logback/commit/b507297eaa2868479b2d41a666f0aef750fe0079"><code>b507297</code></a>
Fixed race condition occurring in case MDC class is initialized while
org.slf...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f5b3bc56cd1c1bcf4e8419383c1049912bc51c6f"><code>f5b3bc5</code></a>
add warning about the deprecation of SerializedModelConfigurator if
activated</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5bc0998ce1899195bd6c57b9708493197a68db95"><code>5bc0998</code></a>
Update README.md</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5610c96b4d705a4fe6ded9c42d4f47cb92bbbd95"><code>5610c96</code></a>
correct relocation address</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f3d100b89d1546b10da553b1d8f741ad404504bd"><code>f3d100b</code></a>
update logback-access evaluator examples</li>
<li><a
href="https://github.com/qos-ch/logback/commit/51e390303eb27a70b16b0b8902e0240bb79f7d51"><code>51e3903</code></a>
fix issues/753 for the second time</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-core&package-manager=gradle&previous-version=1.5.16&new-version=1.5.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-26 15:56:35 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
f64d7d42d9 Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#3051)
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 7.0.6 to 7.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v7.0.7</h2>
<p>⚙️ Fixes an issue with commit signing where modifications to the same
file in multiple commits squash into the first commit.</p>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump <code>@​octokit/core</code> from 6.1.2 to 6.1.3 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3593">peter-evans/create-pull-request#3593</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.68 to
18.19.70 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3594">peter-evans/create-pull-request#3594</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3603">peter-evans/create-pull-request#3603</a></li>
<li>build(deps-dev): bump typescript from 5.7.2 to 5.7.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3610">peter-evans/create-pull-request#3610</a></li>
<li>build(deps): bump octokit dependencies by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3618">peter-evans/create-pull-request#3618</a></li>
<li>docs: add workflow tip for showing message via workflow command by
<a href="https://github.com/ybiquitous"><code>@​ybiquitous</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3626">peter-evans/create-pull-request#3626</a></li>
<li>build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3628">peter-evans/create-pull-request#3628</a></li>
<li>build(deps): bump node-fetch-native from 1.6.4 to 1.6.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3627">peter-evans/create-pull-request#3627</a></li>
<li>build(deps-dev): bump undici from 6.21.0 to 6.21.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3630">peter-evans/create-pull-request#3630</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.70 to
18.19.71 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3629">peter-evans/create-pull-request#3629</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3647">peter-evans/create-pull-request#3647</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.71 to
18.19.74 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3657">peter-evans/create-pull-request#3657</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.74 to
18.19.75 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3663">peter-evans/create-pull-request#3663</a></li>
<li>build(deps): bump
<code>@​octokit/plugin-rest-endpoint-methods</code> from 13.3.0 to
13.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3670">peter-evans/create-pull-request#3670</a></li>
<li>build(deps-dev): bump prettier from 3.4.2 to 3.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3671">peter-evans/create-pull-request#3671</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3680">peter-evans/create-pull-request#3680</a></li>
<li>build(deps): bump <code>@​octokit/request-error</code> from 6.1.6 to
6.1.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3685">peter-evans/create-pull-request#3685</a></li>
<li>build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from
11.4.0 to 11.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3688">peter-evans/create-pull-request#3688</a></li>
<li>build(deps): bump <code>@​octokit/endpoint</code> from 10.1.2 to
10.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3700">peter-evans/create-pull-request#3700</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3691">peter-evans/create-pull-request#3691</a></li>
<li>build(deps-dev): bump prettier from 3.5.0 to 3.5.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3709">peter-evans/create-pull-request#3709</a></li>
<li>build(deps-dev): bump eslint-import-resolver-typescript from 3.7.0
to 3.8.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3710">peter-evans/create-pull-request#3710</a></li>
<li>build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from
11.4.1 to 11.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3713">peter-evans/create-pull-request#3713</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.75 to
18.19.76 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3712">peter-evans/create-pull-request#3712</a></li>
<li>build(deps): bump <code>@​octokit/core</code> from 6.1.3 to 6.1.4 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3711">peter-evans/create-pull-request#3711</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3736">peter-evans/create-pull-request#3736</a></li>
<li>Use showFileAtRefBase64 to read per-commit file contents by <a
href="https://github.com/grahamc"><code>@​grahamc</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3744">peter-evans/create-pull-request#3744</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ybiquitous"><code>@​ybiquitous</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3626">peter-evans/create-pull-request#3626</a></li>
<li><a href="https://github.com/grahamc"><code>@​grahamc</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3744">peter-evans/create-pull-request#3744</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v7.0.6...v7.0.7">https://github.com/peter-evans/create-pull-request/compare/v7.0.6...v7.0.7</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/dd2324fc52d5d43c699a5636bcf19fceaa70c284"><code>dd2324f</code></a>
fix: use showFileAtRefBase64 to read per-commit file contents (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3744">#3744</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/367180cbdfa0448fc1ca9136e4adb020658cf4e5"><code>367180c</code></a>
ci: remove testv5 cmd</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/25575a12f382fb9c68692ffce1174138b61417d7"><code>25575a1</code></a>
build: update distribution (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3736">#3736</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a56e7a56e9186132269996d8937494f12ff51f77"><code>a56e7a5</code></a>
build(deps): bump <code>@​octokit/core</code> from 6.1.3 to 6.1.4 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3711">#3711</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/eac17dc6a391b3ae789deacc22d4d36f5e62ef6b"><code>eac17dc</code></a>
build(deps-dev): bump <code>@​types/node</code> from 18.19.75 to
18.19.76 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3712">#3712</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a2e685f8147c673583a881447134a26d6fa3d0f7"><code>a2e685f</code></a>
build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from
11.4.1 to 11.4.2 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3713">#3713</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/6cfd146ec94d1142c1ea0bd8b540622c50f3a34b"><code>6cfd146</code></a>
build(deps-dev): bump eslint-import-resolver-typescript (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3710">#3710</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/b38e8d38a18a291242f9072a0d9843d4c0ed6792"><code>b38e8d3</code></a>
build(deps-dev): bump prettier from 3.5.0 to 3.5.1 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3709">#3709</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/8a41570d993b6f7de42d9533f6b785fc151c96e6"><code>8a41570</code></a>
build: update distribution (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3691">#3691</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/2e9b4cc10ed4becca3a04f63d54db8baf010d424"><code>2e9b4cc</code></a>
build(deps): bump <code>@​octokit/endpoint</code> from 10.1.2 to 10.1.3
(<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3700">#3700</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/peter-evans/create-pull-request/compare/67ccf781d68cd99b580ae25a5c18a1cc84ffff1f...dd2324fc52d5d43c699a5636bcf19fceaa70c284">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.6&new-version=7.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-25 21:29:06 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9df5e2aca0 Bump github/codeql-action from 3.28.9 to 3.28.10 (#3035)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.9 to 3.28.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.10</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d"><code>b56ba49</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2778">#2778</a>
from github/update-v3.28.10-9856c48b1</li>
<li><a
href="https://github.com/github/codeql-action/commit/60c9c77c33f2cd66390a3778d54de88b735b2526"><code>60c9c77</code></a>
Update changelog for v3.28.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/9856c48b1a54789454314b4c32ef2354fe213208"><code>9856c48</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2773">#2773</a>
from github/redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/9572e09da430b4c71f7488e4195b4ca6ce1c6ef0"><code>9572e09</code></a>
Rust: fix log string</li>
<li><a
href="https://github.com/github/codeql-action/commit/1a529366ac3620317d953e2d4018eafa7459cb1c"><code>1a52936</code></a>
Rust: special case default setup</li>
<li><a
href="https://github.com/github/codeql-action/commit/cf7e90952bcceaebd4a548c2809ea6a5d461a1bc"><code>cf7e909</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2772">#2772</a>
from github/update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/b7006aab6d38638d18e38a27c18f67138529c2f8"><code>b7006aa</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/cfedae723eaced5e13052b529375e7b00d49a9cd"><code>cfedae7</code></a>
Rust: throw configuration errors if requested and not correctly
enabled</li>
<li><a
href="https://github.com/github/codeql-action/commit/3971ed2a74ede0669fa7f4f5af4292030280dbfd"><code>3971ed2</code></a>
Merge branch 'main' into redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/d38c6e60dfb0232f85e388dd416559ed07da5f3a"><code>d38c6e6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2775">#2775</a>
from github/angelapwen/bump-octokit</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.9&new-version=3.28.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-23 19:55:21 +00:00
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6aad45fcec Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#3034)
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.0 to 4.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.2.2 package by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1"><code>4cec3d8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/673">#673</a>
from actions/yacaovsnc/artifact_2.2.2</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e9fad966ccdffceea5de0445882c9455934bcf8e"><code>e9fad96</code></a>
license cache update for artifact</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b26fd06e9da88a61ada55f23d7863325b1f115d3"><code>b26fd06</code></a>
Update to use artifact 2.2.2 package</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.0&new-version=4.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-23 19:55:08 +00:00