mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
ebf256fd5044d4f58b0a9e1f0045a24a1a80f589
100
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
ebf256fd50 |
build(deps): bump node from f4769ca to e80397b in /docker/frontend (#5498)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps node from `f4769ca` to `e80397b`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f678e1d2e3 |
build(deps): bump nginx from c083c37 to b0f7830 in /docker/frontend (#5500)
Bumps nginx from `c083c37` to `b0f7830`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
dd7925fbf4 |
build(deps): bump io.micrometer:micrometer-core from 1.16.1 to 1.16.2 (#5466)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.1 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.2</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>CaffeineCacheMetrics nullability is incompatible with Caffeine 3.2.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6973">#6973</a></li> <li>ExecutorServiceMetrics: repeatedly logs exception when monitoring <code>ThreadPerTaskExecutor</code> without <code>--add-opens</code> <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6726">#6726</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.24 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7027">#7027</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7051">#7051</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.14 to 0.12.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7020">#7020</a></li> <li>Bump grpc from 1.76.1 to 1.76.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6952">#6952</a></li> <li>Bump maven-resolver from 1.9.24 to 1.9.25 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6965">#6965</a></li> <li>Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7019">#7019</a></li> <li>Bump org.junit:junit-bom from 5.14.1 to 5.14.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7056">#7056</a></li> <li>Bump spring6 from 6.2.14 to 6.2.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6971">#6971</a></li> <li>Bump testcontainers from 1.21.3 to 1.21.4 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6993">#6993</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MariusVolkhart"><code>@MariusVolkhart</code></a> and <a href="https://github.com/izeye"><code>@izeye</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6286e854f943bce9a2daf1214ce3cef6c7aad84d"><code>6286e85</code></a> Bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7059">#7059</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5263cc740b73fd414ce30a910c78bc9bbb522854"><code>5263cc7</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0523810d0d3aada310d9ed91e04d52aa420ffd9f"><code>0523810</code></a> Polish CurrentObservationTest (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7048">#7048</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/3165fdffb9b1f7099f017805b3322c2a050653aa"><code>3165fdf</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50ba16bb3d55912e7f25a3903aa2a3e57f3eb98a"><code>50ba16b</code></a> Handle when ThreadPerTaskExecutor.threadCount() is not available (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7045">#7045</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/c38e88c7b2f0e6fd2e6e48ccc1949b389d61f2a4"><code>c38e88c</code></a> Bump org.junit:junit-bom from 5.14.1 to 5.14.2 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7056">#7056</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/22ba833062aacac4d877686e76c539c873d7c659"><code>22ba833</code></a> Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7051">#7051</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/916ced5cbc257a865c84dd2c59d6c2285c087e1b"><code>916ced5</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50d273be26275a4e0d5a1549bb7ab6453e085bbe"><code>50d273b</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6b44cf2b2148cd655c98592b183843823074f1d7"><code>6b44cf2</code></a> Relax time limit for PushMeterRegistryTest.waitForScheduledPublishToFinish_wh...</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.1...v1.16.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1b1d17f6f5 |
build(deps): bump logback from 1.5.23 to 1.5.24 (#5468)
Bumps `logback` from 1.5.23 to 1.5.24. Updates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2d254ef0f6 |
build(deps): bump actions/checkout from 4.2.2 to 6.0.1 (#5465)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955"><code>08eba0b</code></a> Prepare release v4.3.0 (<a href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/v4.2.2...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a28464a954 |
build(deps): bump reportlab from 4.4.5 to 4.4.9 in /testing/cucumber (#5505)
Bumps [reportlab](https://www.reportlab.com/) from 4.4.5 to 4.4.9. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fe56831889 |
build(deps-dev): bump stylelint-config-standard from 39.0.1 to 40.0.0 in /devTools (#5504)
Bumps [stylelint-config-standard](https://github.com/stylelint/stylelint-config-standard) from 39.0.1 to 40.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/releases">stylelint-config-standard's releases</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/blob/main/CHANGELOG.md">stylelint-config-standard's changelog</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/fbbe7b8e3efaf6ad84084268944be412e4bee3df"><code>fbbe7b8</code></a> Release 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/386">#386</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/e6368f9a6d83e178b97e3cf8eb1f76039f35df67"><code>e6368f9</code></a> Prepare 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/381">#381</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/481e21c6ee154cb43b34c5b406e75b3a72cbfbc3"><code>481e21c</code></a> Bump the dev-deps group with 3 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/382">#382</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/696689d525f3196bd90d4a58bb625cf56e6b67ba"><code>696689d</code></a> Bump stylelint/.github/.github/workflows/call-release-pr.yml from 0.3.1 to 0....</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/5d46c0f12b5ab9db4489508b1b58fea72d30a19c"><code>5d46c0f</code></a> Bump stylelint/.github/.github/workflows/call-lint.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/f888c90852fe7295926775580c1953d5c2d4580d"><code>f888c90</code></a> Bump stylelint/.github/.github/workflows/call-test.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/066dda1ba5047a6918141220ab0ef89247f93bf7"><code>066dda1</code></a> Fix vulnerable dependencies via <code>npm audit fix</code> (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/378">#378</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/b6e6aeceddacb35e781ebd1fb4e6c88d12aeb5cd"><code>b6e6aec</code></a> Bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/379">#379</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/63bb8ddee460919d160b4bd15b8442c6201c6096"><code>63bb8dd</code></a> Bump mdast-util-to-hast from 13.1.0 to 13.2.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/380">#380</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/0cc790a91bb5ba1fc29a83fe4f7156965fad23df"><code>0cc790a</code></a> Bump the dev-deps group with 2 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/377">#377</a>)</li> <li>Additional commits viewable in <a href="https://github.com/stylelint/stylelint-config-standard/compare/39.0.1...40.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f5fdb870a8 |
build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#5503)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li>Download Artifact Node24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> <li>fix: update <code>@actions/artifact</code> to fix Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li> <li>prepare release v7.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/37930b1c2abaa49bbe596cd826c3c89aef350131"><code>37930b1</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a> from actions/download-artifact-v7-release</li> <li><a href="https://github.com/actions/download-artifact/commit/72582b9e0acd370909e83fa4a1fd0fca3ad452d8"><code>72582b9</code></a> doc: update readme</li> <li><a href="https://github.com/actions/download-artifact/commit/0d2ec9d4cbcefe257d822f108de2a1f15f8da9f6"><code>0d2ec9d</code></a> chore: release v7.0.0 for Node.js 24 support</li> <li><a href="https://github.com/actions/download-artifact/commit/fd7ae8fda6dc16277a9ffbc91cdb0eedf156e912"><code>fd7ae8f</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a> from actions/fix-storage-blob</li> <li><a href="https://github.com/actions/download-artifact/commit/d484700543354b15886d6a52910cf61b7f1d2b27"><code>d484700</code></a> chore: restore minimatch.dep.yml license file</li> <li><a href="https://github.com/actions/download-artifact/commit/03a808050efe42bb6ad85281890afd4e4546672c"><code>03a8080</code></a> chore: remove obsolete dependency license files</li> <li><a href="https://github.com/actions/download-artifact/commit/56fe6d904b0968950f8b68ea17774c54973ed5e2"><code>56fe6d9</code></a> chore: update <code>@actions/artifact</code> license file to 5.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/8e3ebc4ab4d2e095e5eb44ba1a4a53b6b03976ad"><code>8e3ebc4</code></a> chore: update package-lock.json with <code>@actions/artifact</code><a href="https://github.com/5"><code>@5</code></a>.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/1e3c4b4d4906c98ab57453c24efefdf16c078044"><code>1e3c4b4</code></a> fix: update <code>@actions/artifact</code> to ^5.0.0 for Node.js 24 punycode fix</li> <li><a href="https://github.com/actions/download-artifact/commit/458627d354794c71bc386c8d5839d20b5885fe2a"><code>458627d</code></a> chore: use local <code>@actions/artifact</code> package for Node.js 24 testing</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8d6c8cbc11 |
build(deps): bump docker/login-action from 3.4.0 to 3.6.0 (#5464)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/5e57cd118135c172c3672efd75eb46360885c0ef"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/97e31439e8b415da4e1322633630e1563c42c0f2"><code>97e3143</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/3a0796b57f440ff1af59165907392527fa832e0c"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/5b7b28b1cc417bbd34cd8c225a957c9ce9adf7f2"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/abc9fb3154ad354cf35d6c78a862bee018dd4cb8"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/d46868881477a1d16bdcc80a5b2c05208b1befe4"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/a99b2f88fc4efabea32b8ba09581cf535c1577e9"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/0d7fae8057d840a981e4132ce97862f6c8f48b42"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9832253cb7b14f93bd4134396bd26e855e8e4bd2"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="https://github.com/docker/login-action/commit/09e05bbdf68bd9ce9eedefa6d2ebe03008c32b08"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/v3.4.0...5e57cd118135c172c3672efd75eb46360885c0ef">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0e8992e3a5 |
build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#5463)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"><code>8d2750c</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/455">#455</a> from crazy-max/install-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e81846bcc4416a0bf18b8389e4f6fce279619ddc"><code>e81846b</code></a> deprecate install input</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65d18f8f8a05aab1b2d761032bec9cd5578caadb"><code>65d18f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/454">#454</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/000d75d273dec231f74115df50b6ee04c9b25e55"><code>000d75d</code></a> build(deps): bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1583c0f09d26c58c59d25b0eef29792b7ce99d9a"><code>1583c0f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/443">#443</a> from nicolasleger/patch-1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ed158e796328af702db08c75bebb92f2fb10be88"><code>ed158e7</code></a> doc: bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4cc794f83e4b7488282e879f4469e86246e52ddd"><code>4cc794f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/441">#441</a> from docker/dependabot/github_actions/actions/checkout-5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dfc3d6c5d9e9534040f8d8b55bd4a98459b62b7"><code>4dfc3d6</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/af1b253b8dc984466d22633f04ef341c1520ed2f"><code>af1b253</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/440">#440</a> from crazy-max/k3s-build</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3c6ab92b04d9f3e63233e0e0168ba114c6b448bc"><code>3c6ab92</code></a> ci: k3s test with latest buildx</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
aa39435303 |
build(deps): bump debian from 1c25564 to 449673e in /docker/embedded (#5357)
Bumps debian from `1c25564` to `449673e`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3eaccc1e0e |
build(deps): bump alpine from 3.22.1 to 3.23.2 in /docker/embedded (#5319)
Bumps alpine from 3.22.1 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1a7fd6ac4e |
build(deps): bump alpine from 3.22.2 to 3.23.2 in /docker/backend (#5316)
Bumps alpine from 3.22.2 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e49793a6b7 |
build(deps): bump urllib3 from 2.5.0 to 2.6.3 in /testing/cucumber in the pip group across 1 directory (#5456)
Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.5.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
392462a325 |
build(deps): bump globals from 16.5.0 to 17.0.0 in /frontend (#5413)
Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.0.0</h2> <h3>Breaking</h3> <ul> <li>Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>) 7bc293e</li> </ul> <h3>Improvements</h3> <ul> <li>Update globals (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>) ebe1063</li> <li>Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>) 59ceff8</li> <li>Add <code>bunBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>denoBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>) 4b78f56</li> <li>Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>) 4a02a85</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/bb89b18916b00f6c4f089baa0d66cb7f0771ab1b"><code>bb89b18</code></a> 17.0.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/ebe106340137419b4ac0150f746b7567fb78ce03"><code>ebe1063</code></a> Update globals (2026-01-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e3d8da349da72d66fcadf94d926d4ff96da3319c"><code>e3d8da3</code></a> Revert "Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)" (<a href="https://redirect.github.com/sindresorhus/globals/issues/328">#328</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e7c0453f80840ebcef3a6bccaabc7a9dc0cb7a84"><code>e7c0453</code></a> Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/1bc6e3bc6658d4243a714bb7dd7401f206fd3bc5"><code>1bc6e3b</code></a> Add <code>bunBuiltin</code> and <code>denoBuiltin</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4b78f56c1c305e34161183e8fd5ac89e92c72e84"><code>4b78f56</code></a> Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/59ceff80cb22de31a78651acdda4db1a91eefb11"><code>59ceff8</code></a> Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4a02a852463c03ae722f14f06944c5aa7e0e06e0"><code>4a02a85</code></a> Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/7bc293ec2498be49293e3aec46186a98a76e5ecd"><code>7bc293e</code></a> Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/814075ffd71e6b0599f2611cd445b00906ad2181"><code>814075f</code></a> Fix browser launch (<a href="https://redirect.github.com/sindresorhus/globals/issues/319">#319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0a801fe3a6 |
build(deps): bump nginx from 8491795 to c083c37 in /docker/frontend (#5448)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps nginx from `8491795` to `c083c37`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
646df1bfb5 |
build(deps): bump node from 20-alpine to 25-alpine in /docker/frontend (#5311)
Bumps node from 20-alpine to 25-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
daf27b6128 |
build(deps): bump step-security/harden-runner from 2.12.1 to 2.14.0 (#5324)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> <h2>v2.13.2</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.</li> <li>Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li> <p>Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.</p> </li> <li> <p>Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.</p> </li> <li> <p>Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/95d9a5deda9de15063e7595e9719c11c38c90ae2"><code>95d9a5d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/606">#606</a> from step-security/rc-28</li> <li><a href="https://github.com/step-security/harden-runner/commit/87e429d3fb470bcc827f338e5cce1155ff99c6eb"><code>87e429d</code></a> Update limitations.md</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/v2.12.1...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
818c30cb55 |
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#5326)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/c7c53464625b32c7a7e944ae62b3e17d2b600130"><code>c7c5346</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a517a1a6f815421d6c0f8ab069bd9cae3024828"><code>3a517a1</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/a5b45edf7e42dbe6d762ad8053bd35a7d336a850"><code>a5b45ed</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.67.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a64278e93930d340f1caabd280b2e78b36b5032"><code>3a64278</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a> from docker/dependabot/npm_and_yarn/brace-expansion-1...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/94906ba253608103ef32875025dd58d7f74e2716"><code>94906ba</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/4027abfd67ddf4bd8f75dbf3bb8bf3b69764ded6"><code>4027abf</code></a> build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/bee0aaad0f43394cdb4b8756cd994ae278b0667c"><code>bee0aaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/0d7e25756e271776f152e7669522f64f54c5e3e2"><code>0d7e257</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b86960130e28d1756dfa88e15e28ee5880e893de"><code>b869601</code></a> build(deps): bump tmp from 0.2.3 to 0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a043edff31c211e56ebb1e00a76ce49a831bd24"><code>3a043ed</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a> from docker/dependabot/npm_and_yarn/undici-5.29.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...c7c53464625b32c7a7e944ae62b3e17d2b600130">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7460e58abf |
build(deps): bump io.micrometer:micrometer-core from 1.16.0 to 1.16.1 (#5358)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.0 to 1.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.1</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Don't filter log events in LogbackMetricsBenchmark <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6891">#6891</a></li> <li>Return value nullability is incorrect on function wrapper methods <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6869">#6869</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Add link to the latest Micrometer Team talk <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6881">#6881</a></li> <li>Document JSpecify dependency <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6886">#6886</a></li> <li>Make cross-references more consistent in the docs <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6915">#6915</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6877">#6877</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6904">#6904</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6937">#6937</a></li> <li>Bump grpc from 1.76.0 to 1.76.1 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6902">#6902</a></li> <li>Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6876">#6876</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6868">#6868</a></li> <li>Bump spring6 from 6.2.12 to 6.2.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6890">#6890</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MiLabuda"><code>@MiLabuda</code></a>, <a href="https://github.com/izeye"><code>@izeye</code></a>, and <a href="https://github.com/ngocnhan-tran1996"><code>@ngocnhan-tran1996</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0550e769cb9b4f15cff86c1e503fce8ae03ef84f"><code>0550e76</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e8dd176ffe60d6ea068c7f536e5662278499cd8f"><code>e8dd176</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d8a46b5a7080738e6f9afd623cfdfcf984f44185"><code>d8a46b5</code></a> Fixed flaky test for mongo client (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6924">#6924</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0bbe73b0f447ca5ca94e1d2b621eda83d7735477"><code>0bbe73b</code></a> Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6937">#6937</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d0b368dbbc1cd8511f693e7be97810978f67787d"><code>d0b368d</code></a> Polish <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6612">gh-6612</a> (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6932">#6932</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/aa9eac0d31acb389a03be50f266bc968c8ef207f"><code>aa9eac0</code></a> Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6930">#6930</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/57bd4ff8ebb64d941ece6d9fb04d2c921bd77ac1"><code>57bd4ff</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/11d8fb1f8081098ad91efc40ea8902b9113d03d3"><code>11d8fb1</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5779b09fcb1d5266c614b50ecefe1ad42264b3c2"><code>5779b09</code></a> Backport fixing typos in docs</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8b88e43a98221f50f56d43cdd5b0eafb986e835b"><code>8b88e43</code></a> Merge branch '1.15.x' into 1.16.x</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.0...v1.16.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a9ee7f6a8e |
build(deps): bump pypdf from 6.4.0 to 6.6.0 in /testing/cucumber (#5422)
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.4.0 to 6.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>) by <a href="https://github.com/mainuddin-md"><code>@mainuddin-md</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>) by <a href="https://github.com/rassie"><code>@rassie</code></a></li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h2>What's new</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h2>What's new</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>) by <a href="https://github.com/jgillard"><code>@jgillard</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>)</li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>)</li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>)</li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow deleting non-existent annotations (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3559">#3559</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/10df9c72fa7fb9ab14101b9cb911d66e680282a8"><code>10df9c7</code></a> REL: 6.6.0</li> <li><a href="https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"><code>2941657</code></a> SEC: Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/712688005e49d2d0a4427db0b16abbae160fe106"><code>7126880</code></a> DEV: Update to urllib3 2.6.3 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3593">#3593</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f189f0755eb111564ae8667a990738a9e7ab4ba9"><code>f189f07</code></a> DOC: Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a29e5326f543f93c4c317cf9f92df54aff68c584"><code>a29e532</code></a> BUG: Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/d9ce594772717fdcfcd505d0309843461579bbf7"><code>d9ce594</code></a> MAINT: Converge on one shared Font class for text extraction and appearance s...</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a65708c778467f1525662dfe5614a486adbd16b0"><code>a65708c</code></a> DEV: Check for JavaScript library updates on GitHub Pages (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3592">#3592</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/6951bb7c039afd02bd273dda412c3f36df76eba3"><code>6951bb7</code></a> MAINT: Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/97d47a001d574dfda54bf16c4dcee89ccbfabec8"><code>97d47a0</code></a> TST: Improve test coverage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3584">#3584</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/bda80a4846a8646419a04cc253d81b73773d3cec"><code>bda80a4</code></a> DEV: Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> <li>Additional commits viewable in <a href="https://github.com/py-pdf/pypdf/compare/6.4.0...6.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
36e0fd566a |
build(deps): bump github/codeql-action from 4.31.5 to 4.31.10 (#5449)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.6 - 01 Dec 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a> from github/update-v4.31.10-0fa411efd</li> <li><a href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a> Update changelog for v4.31.10</li> <li><a href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a> from github/update-bundle/codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a> Update default bundle to codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a> from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li> <li><a href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a> Bump the npm-minor group with 2 updates</li> <li><a href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a> from github/kaspersv/bump-min-cli-v-for-overlay</li> <li><a href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a> from github/henrymercer/generate-mergeback-last</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8f1af5f967 |
build(deps-dev): bump stylelint from 16.26.0 to 16.26.1 in /devTools (#5314)
Bumps [stylelint](https://github.com/stylelint/stylelint) from 16.26.0 to 16.26.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint/releases">stylelint's releases</a>.</em></p> <blockquote> <h2>16.26.1</h2> <p>It fixes numerous false positive bugs, including many in the <code>declaration-property-value-no-unknown</code> rule for the latest CSS specifications.</p> <ul> <li>Fixed: <code>*-no-unknown</code> false positives for latest specs by integrating <code>@csstools/css-syntax-patches-for-csstree</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8850">#8850</a>) (<a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed: <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8851">#8851</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code>, <code>if()</code> and custom functions (<a href="https://redirect.github.com/stylelint/stylelint/issues/8853">#8853</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/issues/8804">#8804</a>) (<a href="https://github.com/taearls"><code>@taearls</code></a>).</li> <li>Fixed: <code>selector-pseudo-element-no-unknown</code> false positives for <code>::scroll-button()</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8856">#8856</a>) (<a href="https://github.com/Mouvedia"><code>@Mouvedia</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md">stylelint's changelog</a>.</em></p> <blockquote> <h2>16.26.1 - 2025-11-28</h2> <p>It fixes numerous false positive bugs, including many in the <code>declaration-property-value-no-unknown</code> rule for the latest CSS specifications.</p> <ul> <li>Fixed: <code>*-no-unknown</code> false positives for latest specs by integrating <code>@csstools/css-syntax-patches-for-csstree</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8850">#8850</a>) (<a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed: <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8851">#8851</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code>, <code>if()</code> and custom functions (<a href="https://redirect.github.com/stylelint/stylelint/pull/8853">#8853</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/pull/8804">#8804</a>) (<a href="https://github.com/taearls"><code>@taearls</code></a>).</li> <li>Fixed: <code>selector-pseudo-element-no-unknown</code> false positives for <code>::scroll-button()</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8856">#8856</a>) (<a href="https://github.com/Mouvedia"><code>@Mouvedia</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stylelint/stylelint/commit/b96814344b7d1088e3459c44dcafebfbdabff412"><code>b968143</code></a> Release 16.26.1 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8857">#8857</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/2b24b9cd5030b4ef6726d575ea71d34005dd9929"><code>2b24b9c</code></a> Fix <code>selector-pseudo-element-no-unknown</code> false positives for `::scroll-button...</li> <li><a href="https://github.com/stylelint/stylelint/commit/f152564f037047a4f1a40c812fba77dde05d0062"><code>f152564</code></a> Fix <code>*-no-unknown</code> false positives for latest specs by integrating `@csstools...</li> <li><a href="https://github.com/stylelint/stylelint/commit/431cb53c0a181eaacc3b208a71c0e765c14faedf"><code>431cb53</code></a> Fix <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8851">#8851</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/119097ea694cca6bf477ac534fd02c39c8b37c8e"><code>119097e</code></a> Fix <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code> and ...</li> <li><a href="https://github.com/stylelint/stylelint/commit/4b9c68be0763a87df187a7fc9de00bced940d916"><code>4b9c68b</code></a> Fix <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/issues/8804">#8804</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/8cc4ced2e8938785aa29559609984df8c4d83431"><code>8cc4ced</code></a> Bump rollup from 4.52.5 to 4.53.2 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8848">#8848</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/4383feb6dfacb57fc334ab6441ba32e7ea4e3008"><code>4383feb</code></a> Bump file-entry-cache from 11.1.0 to 11.1.1 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8846">#8846</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/a8a7560c49f78ce1baaa1fd182c03685c12c7b37"><code>a8a7560</code></a> Bump the eslint group with 2 updates (<a href="https://redirect.github.com/stylelint/stylelint/issues/8845">#8845</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/947ad33c1562b03e54b440693db69c5fbb4b39fb"><code>947ad33</code></a> Fix <code>patch-package</code> warning about mismatched <code>@types/css-tree</code> version (<a href="https://redirect.github.com/stylelint/stylelint/issues/8844">#8844</a>)</li> <li>See full diff in <a href="https://github.com/stylelint/stylelint/compare/16.26.0...16.26.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
16cd453870 |
build(deps): bump org.sonarqube from 7.1.0.6387 to 7.2.2.6593 (#5313)
Bumps org.sonarqube from 7.1.0.6387 to 7.2.2.6593. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
42f9384ece |
build(deps): bump debian from 7cb087f to 1c25564 in /docker/embedded (#5310)
Bumps debian from `7cb087f` to `1c25564`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d97820c232 |
build(deps): bump docker/metadata-action from 5.8.0 to 5.10.0 (#5299)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.8.0 to 5.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> <h2>v5.9.0</h2> <ul> <li>Add <code>tag-names</code> output to return tag names without image base name by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li> <li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li> <li>Bump csv-parse from 5.6.0 to 6.1.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li> <li>Bump semver from 7.7.2 to 7.7.3 in in <a href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li> <li>Bump tmp from 0.2.3 to 0.2.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/metadata-action/commit/c299e40c65443455700f0fdfc63efafe5b349051"><code>c299e40</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/569">#569</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/metadata-action/commit/f015d7914a06d5c4931affc0780479c2336fd8e3"><code>f015d79</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/121bcc2ca8f5f246e9af338aeb41e55825fe7c88"><code>121bcc2</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.68.0</li> <li><a href="https://github.com/docker/metadata-action/commit/f7b6bf41b94feca9834c527e3bd584efa2e7280b"><code>f7b6bf4</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/564">#564</a> from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/0b95c6b8604d853d90ab386caf3a1e754d9697f7"><code>0b95c6b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/565">#565</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/metadata-action/commit/17f70d7525d8de2c783e41c092e28219c8fc2a67"><code>17f70d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/568">#568</a> from motoki317/docs/fix-to-24h-schedule-pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/afd7e6d7bbf70ea7bc2e4f3c782fe1feabe42d88"><code>afd7e6d</code></a> docs(README): Fix date format from 12h to 24h in schedule pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/602aff8e11accbaf5f2233069201ffe332de3d5e"><code>602aff8</code></a> chore(deps): Bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/metadata-action/commit/aecb1a49a52523dc3b4dcab352cae7572eb61c87"><code>aecb1a4</code></a> chore(deps): Bump js-yaml from 3.14.1 to 3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/8d8c7c12f7b958582a5cb82ba16d5903cb27976a"><code>8d8c7c1</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/559">#559</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li>Additional commits viewable in <a href="https://github.com/docker/metadata-action/compare/v5.8.0...c299e40c65443455700f0fdfc63efafe5b349051">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
03cd7c1456 |
build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 (#5300)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v8.0.0</h2> <h2>What's new in v8</h2> <ul> <li>Requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later if you are using a self-hosted runner for Node 24 support.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: Update checkout action version to v6 by <a href="https://github.com/yonas"><code>@yonas</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li>Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> <li>feat: v8 by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4260">peter-evans/create-pull-request#4260</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yonas"><code>@yonas</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0">https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0</a></p> <h2>Create Pull Request v7.0.11</h2> <h2>What's Changed</h2> <ul> <li>fix: restrict remote prune to self-hosted runners by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4250">peter-evans/create-pull-request#4250</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11">https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11</a></p> <h2>Create Pull Request v7.0.10</h2> <p>⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4235">peter-evans/create-pull-request#4235</a></li> <li>build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4240">peter-evans/create-pull-request#4240</a></li> <li>fix: provider list pulls fallback for multi fork same owner by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4245">peter-evans/create-pull-request#4245</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/obnyis"><code>@obnyis</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4064">peter-evans/create-pull-request#4064</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10">https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10</a></p> <h2>Create Pull Request v7.0.9</h2> <p>⚙️ Fixes an <a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4228">incompatibility</a> with the recently released <code>actions/checkout@v6</code>.</p> <h2>What's Changed</h2> <ul> <li>~70 dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>docs: fix workaround description about <code>ready_for_review</code> by <a href="https://github.com/ybiquitous"><code>@ybiquitous</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3939">peter-evans/create-pull-request#3939</a></li> <li>Docs: <code>add-paths</code> default behavior by <a href="https://github.com/joeflack4"><code>@joeflack4</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li>docs: update to create-github-app-token v2 by <a href="https://github.com/Goooler"><code>@Goooler</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li>Fix compatibility with actions/checkout@v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joeflack4"><code>@joeflack4</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li><a href="https://github.com/Goooler"><code>@Goooler</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li><a href="https://github.com/ericsciple"><code>@ericsciple</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/98357b18bf14b5342f975ff684046ec3b2a07725"><code>98357b1</code></a> feat: v8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4260">#4260</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/41c0e4b7899a4a0922bf899d64c5f25738cfe356"><code>41c0e4b</code></a> Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4259">#4259</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/994332de4c8124517167807167073cf397678768"><code>994332d</code></a> chore: Update checkout action version to v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4258">#4258</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/22a9089034f40e5a961c8808d113e2c98fb63676"><code>22a9089</code></a> fix: restrict remote prune to self-hosted runners (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4250">#4250</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/d4f3be6ce6f4083b7ac7490ab98b48a62db1ee41"><code>d4f3be6</code></a> fix: provider list pulls fallback for multi fork same owner (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4245">#4245</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/bc8a47f5657f110049f4afd030c95529a9c62b76"><code>bc8a47f</code></a> build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4240">#4240</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a67ef28ca5df73d51a15007068e5931257943b0d"><code>a67ef28</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4235">#4235</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/84ae59a2cdc2258d6fa0732dd66352dddae2a412"><code>84ae59a</code></a> fix: compatibility with actions/checkout@v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4230">#4230</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b4733b9419fd47bbfa1807b15627e17cd70b5b22"><code>b4733b9</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4222">#4222</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/0edc001d28a2959cd7a6b505629f1d82f0a6e67d"><code>0edc001</code></a> build(deps-dev): bump the npm group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4201">#4201</a>)</li> <li>Additional commits viewable in <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.8...98357b18bf14b5342f975ff684046ec3b2a07725">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
b1b37366e8 |
build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#5302)
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v8.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update Node.js version support to 24.x by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li> <li>README for updating actions/github-script from v7 to v8 by <a href="https://github.com/sneha-krip"><code>@sneha-krip</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li> <li><a href="https://github.com/sneha-krip"><code>@sneha-krip</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0</a></p> <h2>v7.1.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade husky to v9 by <a href="https://github.com/benelan"><code>@benelan</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li> <li>Upgrade IA Publish by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/486">actions/github-script#486</a></li> <li>Fix workflow status badges by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/497">actions/github-script#497</a></li> <li>Update usage of <code>actions/upload-artifact</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/512">actions/github-script#512</a></li> <li>Clear up package name confusion by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/514">actions/github-script#514</a></li> <li>Update dependencies with <code>npm audit fix</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/515">actions/github-script#515</a></li> <li>Specify that the used script is JavaScript by <a href="https://github.com/timotk"><code>@timotk</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li> <li>chore: Add Dependabot for NPM and Actions by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/472">actions/github-script#472</a></li> <li>Define <code>permissions</code> in workflows and update actions by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/531">actions/github-script#531</a></li> <li>chore: Add Dependabot for .github/actions/install-dependencies by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/532">actions/github-script#532</a></li> <li>chore: Remove .vscode settings by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/533">actions/github-script#533</a></li> <li>ci: Use github/setup-licensed by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/473">actions/github-script#473</a></li> <li>make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by <a href="https://github.com/iamstarkov"><code>@iamstarkov</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li> <li>Remove <code>octokit</code> README updates for v7 by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/557">actions/github-script#557</a></li> <li>docs: add "exec" usage examples by <a href="https://github.com/neilime"><code>@neilime</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li> <li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/github-script/pull/563">actions/github-script#563</a></li> <li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/github-script/pull/575">actions/github-script#575</a></li> <li>Clearly document passing inputs to the <code>script</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/603">actions/github-script#603</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/benelan"><code>@benelan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li> <li><a href="https://github.com/timotk"><code>@timotk</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li> <li><a href="https://github.com/iamstarkov"><code>@iamstarkov</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li> <li><a href="https://github.com/neilime"><code>@neilime</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v7...v7.1.0">https://github.com/actions/github-script/compare/v7...v7.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd"><code>ed59741</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/653">#653</a> from actions/sneha-krip/readme-for-v8</li> <li><a href="https://github.com/actions/github-script/commit/2dc352e4baefd91bec0d06f6ae2f1045d1687ca3"><code>2dc352e</code></a> Bold minimum Actions Runner version in README</li> <li><a href="https://github.com/actions/github-script/commit/01e118c8d0d22115597e46514b5794e7bc3d56f1"><code>01e118c</code></a> Update README for Node 24 runtime requirements</li> <li><a href="https://github.com/actions/github-script/commit/8b222ac82eda86dcad7795c9d49b839f7bf5b18b"><code>8b222ac</code></a> Apply suggestion from <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a></li> <li><a href="https://github.com/actions/github-script/commit/adc0eeac992408a7b276994ca87edde1c8ce4d25"><code>adc0eea</code></a> README for updating actions/github-script from v7 to v8</li> <li><a href="https://github.com/actions/github-script/commit/20fe497b3fe0c7be8aae5c9df711ac716dc9c425"><code>20fe497</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/637">#637</a> from actions/node24</li> <li><a href="https://github.com/actions/github-script/commit/e7b7f222b11a03e8b695c4c7afba89a02ea20164"><code>e7b7f22</code></a> update licenses</li> <li><a href="https://github.com/actions/github-script/commit/2c81ba05f308415d095291e6eeffe983d822345b"><code>2c81ba0</code></a> Update Node.js version support to 24.x</li> <li><a href="https://github.com/actions/github-script/commit/f28e40c7f34bde8b3046d885e986cb6290c5673b"><code>f28e40c</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/610">#610</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/github-script/commit/1ae9958572fde544457e4d51aed5ea044e8936f3"><code>1ae9958</code></a> Update README.md</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v7.0.1...ed597411d8f924073f98dfc5c65a23a2325f34cd">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c3cd8c48b5 |
build(deps): bump imageioVersion from 3.12.0 to 3.13.0 (#5295)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `imageioVersion` from 3.12.0 to 3.13.0. Updates `com.twelvemonkeys.imageio:imageio-batik` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-bmp` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-jpeg` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-tiff` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-webp` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-psd` from 3.12.0 to 3.13.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2502a8def0 |
build(deps): bump logback from 1.5.22 to 1.5.23 (#5298)
Bumps `logback` from 1.5.22 to 1.5.23. Updates `ch.qos.logback:logback-core` from 1.5.22 to 1.5.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.23</h2> <p><strong>2025-12-21 Release of logback version 1.5.23</strong></p> <p>• In response to <a href="https://redirect.github.com/qos-ch/logback/issues/959">issues/959</a> file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the <code>ConcurrentModificationException</code> reported in the issue.</p> <p>• ZIP and XZ compression now use a <code>BufferedOutputStream</code> when writing to the compressed file. This issue was reported in <a href="https://redirect.github.com/qos-ch/logback/issues/988">issues/988</a>.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/0bcc3feb54a6d99caac70969ee5f8334aad1fbaf"><code>0bcc3fe</code></a> prepare release 1.5.23</li> <li><a href="https://github.com/qos-ch/logback/commit/4627dbd618cbb2365a09c8013ec3fc00d349743e"><code>4627dbd</code></a> better to use BufferedOutputStream during ZIP and XZ compression, especially ...</li> <li><a href="https://github.com/qos-ch/logback/commit/299f091d3211ad38869aadadbf7b2f66f231ad52"><code>299f091</code></a> add collision test in presence of conditional processing</li> <li><a href="https://github.com/qos-ch/logback/commit/b446f3f06188f4041cea827832ffb8a90fb07241"><code>b446f3f</code></a> In Context, remove collision map</li> <li><a href="https://github.com/qos-ch/logback/commit/a3eb14df4886ce8c398f6486b22ea77ad45ba9af"><code>a3eb14d</code></a> in response to issues/959, collision detection is now done by FileCollisionAn...</li> <li><a href="https://github.com/qos-ch/logback/commit/681b2be7e11dc46f883ead7ed4603dbad92812ae"><code>681b2be</code></a> remove unused method, minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/17a3edfccc6021cfdd6f0ff52bfd2ae8bcc2c393"><code>17a3edf</code></a> start work on 1.5.23-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.22...v_1.5.23">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.22 to 1.5.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.23</h2> <p><strong>2025-12-21 Release of logback version 1.5.23</strong></p> <p>• In response to <a href="https://redirect.github.com/qos-ch/logback/issues/959">issues/959</a> file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the <code>ConcurrentModificationException</code> reported in the issue.</p> <p>• ZIP and XZ compression now use a <code>BufferedOutputStream</code> when writing to the compressed file. This issue was reported in <a href="https://redirect.github.com/qos-ch/logback/issues/988">issues/988</a>.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/0bcc3feb54a6d99caac70969ee5f8334aad1fbaf"><code>0bcc3fe</code></a> prepare release 1.5.23</li> <li><a href="https://github.com/qos-ch/logback/commit/4627dbd618cbb2365a09c8013ec3fc00d349743e"><code>4627dbd</code></a> better to use BufferedOutputStream during ZIP and XZ compression, especially ...</li> <li><a href="https://github.com/qos-ch/logback/commit/299f091d3211ad38869aadadbf7b2f66f231ad52"><code>299f091</code></a> add collision test in presence of conditional processing</li> <li><a href="https://github.com/qos-ch/logback/commit/b446f3f06188f4041cea827832ffb8a90fb07241"><code>b446f3f</code></a> In Context, remove collision map</li> <li><a href="https://github.com/qos-ch/logback/commit/a3eb14df4886ce8c398f6486b22ea77ad45ba9af"><code>a3eb14d</code></a> in response to issues/959, collision detection is now done by FileCollisionAn...</li> <li><a href="https://github.com/qos-ch/logback/commit/681b2be7e11dc46f883ead7ed4603dbad92812ae"><code>681b2be</code></a> remove unused method, minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/17a3edfccc6021cfdd6f0ff52bfd2ae8bcc2c393"><code>17a3edf</code></a> start work on 1.5.23-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.22...v_1.5.23">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e997f0d4ff |
build(deps): bump com.squareup.okhttp3:okhttp-bom from 5.3.1 to 5.3.2 (#4961)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [com.squareup.okhttp3:okhttp-bom](https://github.com/square/okhttp) from 5.3.1 to 5.3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md">com.squareup.okhttp3:okhttp-bom's changelog</a>.</em></p> <blockquote> <h2>Version 5.3.2</h2> <p><em>2025-11-18</em></p> <ul> <li> <p>Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.</p> </li> <li> <p>Upgrade: [Okio 3.16.4][okio_3_16_4].</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/square/okhttp/commit/75b9c267744cdd2e8b222d247052748ff0954304"><code>75b9c26</code></a> Prepare for release 5.3.2.</li> <li><a href="https://github.com/square/okhttp/commit/ab48e5d86d0c0b16b3679b9b9522acf65db73da4"><code>ab48e5d</code></a> Okio 3.16.4 (<a href="https://redirect.github.com/square/okhttp/issues/9200">#9200</a>)</li> <li><a href="https://github.com/square/okhttp/commit/a9a4638b3d38b83782a959514b4183ddea0f071f"><code>a9a4638</code></a> Prepare next development version.</li> <li>See full diff in <a href="https://github.com/square/okhttp/compare/parent-5.3.1...parent-5.3.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e137436656 |
build(deps): bump bouncycastleVersion from 1.82 to 1.83 (#5111)
Bumps `bouncycastleVersion` from 1.82 to 1.83. Updates `org.bouncycastle:bcprov-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.83<!-- raw HTML omitted --> Date: 2025, November 27th.</p> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.2.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.82<!-- raw HTML omitted --> Date: 2025, 17th September.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Updates `org.bouncycastle:bcpkix-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcpkix-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.83<!-- raw HTML omitted --> Date: 2025, November 27th.</p> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.2.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.82<!-- raw HTML omitted --> Date: 2025, 17th September.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1649b9bffb |
build(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#5134)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.2 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: mark release as draft until all artifacts are uploaded by <a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump the npm group across 1 directory with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/697">softprops/action-gh-release#697</a></li> <li>chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/689">softprops/action-gh-release#689</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.4.2...v2.5.0">https://github.com/softprops/action-gh-release/compare/v2.4.2...v2.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: mark release as draft until all artifacts are uploaded by <a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.4.2</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: Ensure generated release notes cannot be over 125000 characters by <a href="https://github.com/BeryJu"><code>@BeryJu</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/684">softprops/action-gh-release#684</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.4.1</h2> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>fix(util): support brace expansion globs containing commas in parseInputFiles by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/672">softprops/action-gh-release#672</a></li> <li>fix: gracefully fallback to body when body_path cannot be read by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/671">softprops/action-gh-release#671</a></li> </ul> <h2>2.4.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat(action): respect working_directory for files globs by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/667">softprops/action-gh-release#667</a></li> </ul> <h2>2.3.4</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix(action): handle 422 already_exists race condition by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/665">softprops/action-gh-release#665</a></li> </ul> <h3>Other Changes 🔄</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/a06a81a03ee405af7f2048a818ed3f03bbf83c7b"><code>a06a81a</code></a> release 2.5.0</li> <li><a href="https://github.com/softprops/action-gh-release/commit/7da8983734babbd3165bced7ac7add895656129f"><code>7da8983</code></a> feat: mark release as draft until all artifacts are uploaded (<a href="https://redirect.github.com/softprops/action-gh-release/issues/692">#692</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/87973286a4d52a3789332acb79caa97720ecde8d"><code>8797328</code></a> chore(deps): bump actions/checkout in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/689">#689</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/1bfc62a71b435bb6eb12e454577ad67e07938581"><code>1bfc62a</code></a> chore(deps): bump the npm group across 1 directory with 5 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/697">#697</a>)</li> <li>See full diff in <a href="https://github.com/softprops/action-gh-release/compare/5be0e66d93ac7ed76da52eca8bb058f665c3a5fe...a06a81a03ee405af7f2048a818ed3f03bbf83c7b">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | softprops/action-gh-release | [>= 2.2.a, < 2.3] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e6d3f20c36 |
build(deps): bump actions/stale from 10.1.0 to 10.1.1 (#5133)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/stale](https://github.com/actions/stale) from 10.1.0 to 10.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.1.1</h2> <h2>What's Changed</h2> <h3>Bug Fix</h3> <ul> <li>Add Missing Input Reading for <code>only-issue-types</code> by <a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1298">actions/stale#1298</a></li> </ul> <h3>Improvement</h3> <ul> <li>Improves error handling when rate limiting is disabled on GHES. by <a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1276">actions/stale#1276</a></li> <li>Upgrade <code>@types/node</code> from 20.10.3 to 24.2.0 and document breaking changes in v10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1280">actions/stale#1280</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1291">actions/stale#1291</a></li> <li>Upgrade actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1306">actions/stale#1306</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.1.1">https://github.com/actions/stale/compare/v10...v10.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d"><code>9971854</code></a> build(deps): bump actions/checkout from 4 to 6 (<a href="https://redirect.github.com/actions/stale/issues/1306">#1306</a>)</li> <li><a href="https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece"><code>5611b9d</code></a> build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/stale/issues/1291">#1291</a>)</li> <li><a href="https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849"><code>fad0de8</code></a> Improves error handling when rate limiting is disabled on GHES. (<a href="https://redirect.github.com/actions/stale/issues/1300">#1300</a>)</li> <li><a href="https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49"><code>39bea7d</code></a> Add Missing Input Reading for <code>only-issue-types</code> (<a href="https://redirect.github.com/actions/stale/issues/1298">#1298</a>)</li> <li><a href="https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e"><code>e46bbab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.10.3 to 24.2.0 and document breakin...</li> <li><a href="https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0"><code>65d1d48</code></a> build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (<a href="https://redirect.github.com/actions/stale/issues/1276">#1276</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/5f858e3efba33a5ca4407a664cc011ad407f2008...997185467fa4f803885201cee163a9f38240193d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
79d5bc942d |
build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#4992)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Add support for <code>pip-install</code> input by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1201">actions/setup-python#1201</a></li> <li>Add graalpy early-access and windows builds by <a href="https://github.com/timfel"><code>@timfel</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/880">actions/setup-python#880</a></li> </ul> <h3>Dependency and Documentation updates:</h3> <ul> <li>Enhanced wording and updated example usage for <code>allow-prereleases</code> by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> <li>Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1139">actions/setup-python#1139</a></li> <li>Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1094">actions/setup-python#1094</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1199">actions/setup-python#1199</a></li> <li>Upgrade requests from 2.32.2 to 2.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1130">actions/setup-python#1130</a></li> <li>Upgrade prettier from 3.5.3 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1234">actions/setup-python#1234</a></li> <li>Upgrade <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1235">actions/setup-python#1235</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.1.0">https://github.com/actions/setup-python/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/83679a892e2d95755f2dac6acb0bfd1e9ac5d548"><code>83679a8</code></a> Bump <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...</li> <li><a href="https://github.com/actions/setup-python/commit/bfc4944b43a5d84377eca3cf6ab5b7992ba61923"><code>bfc4944</code></a> Bump prettier from 3.5.3 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-python/issues/1234">#1234</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/97aeb3efb8a852c559869050c7fb175b4efcc8cf"><code>97aeb3e</code></a> Bump requests from 2.32.2 to 2.32.4 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/1130">#1130</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/443da59188462e2402e2942686db5aa6723f4bed"><code>443da59</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...</li> <li><a href="https://github.com/actions/setup-python/commit/cfd55ca82492758d853442341ad4d8010466803a"><code>cfd55ca</code></a> graalpy: add graalpy early-access and windows builds (<a href="https://redirect.github.com/actions/setup-python/issues/880">#880</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/bba65e51ff35d50c6dbaaacd8a4681db13aa7cb4"><code>bba65e5</code></a> Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (<a href="https://redirect.github.com/actions/setup-python/issues/1094">#1094</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/18566f86b301499665bd3eb1a2247e0849c64fa5"><code>18566f8</code></a> Improve wording and "fix example" (remove 3.13) on testing against pre-releas...</li> <li><a href="https://github.com/actions/setup-python/commit/2e3e4b15a884dc73a63f962bff250a855150a234"><code>2e3e4b1</code></a> Add support for pip-install input (<a href="https://redirect.github.com/actions/setup-python/issues/1201">#1201</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/4267e283df95c05d9f16ece6624106f44613b489"><code>4267e28</code></a> Bump urllib3 from 1.26.19 to 2.5.0 in /<strong>tests</strong>/data and document breaking c...</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/e797f83bcb11b83ae66e0230d6156d7c80228e7c...83679a892e2d95755f2dac6acb0bfd1e9ac5d548">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d652fc1d1c |
build(deps): bump actions/ai-inference from 1.2.8 to 2.0.4 (#5132)
Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.8 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h2>What's Changed</h2> <ul> <li>Clarify token requirements for MCP integration by <a href="https://github.com/GulerSevil"><code>@GulerSevil</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/139">actions/ai-inference#139</a></li> <li>Pass GitHub MCP Tools by <a href="https://github.com/maartenvandiemen"><code>@maartenvandiemen</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/142">actions/ai-inference#142</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GulerSevil"><code>@GulerSevil</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/139">actions/ai-inference#139</a></li> <li><a href="https://github.com/maartenvandiemen"><code>@maartenvandiemen</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/142">actions/ai-inference#142</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.4">https://github.com/actions/ai-inference/compare/v2...v2.0.4</a></p> <h2>v2.0.3</h2> <h2>What's Changed</h2> <ul> <li>Mock inference in CI by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/150">actions/ai-inference#150</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.3">https://github.com/actions/ai-inference/compare/v2...v2.0.3</a></p> <h2>v2.0.2</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/94">actions/ai-inference#94</a></li> <li>docs: update documentation on mcp usage by <a href="https://github.com/FidelusAleksander"><code>@FidelusAleksander</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/93">actions/ai-inference#93</a></li> <li>Clarify PAT requirement for github-mcp-token by <a href="https://github.com/srt32"><code>@srt32</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/147">actions/ai-inference#147</a></li> <li>fix: do template substition after parsing prompt YAML by <a href="https://github.com/dsanders11"><code>@dsanders11</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/136">actions/ai-inference#136</a></li> <li>feat: support modelParameters in prompt.yaml files by <a href="https://github.com/dsanders11"><code>@dsanders11</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/148">actions/ai-inference#148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/FidelusAleksander"><code>@FidelusAleksander</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/93">actions/ai-inference#93</a></li> <li><a href="https://github.com/srt32"><code>@srt32</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/147">actions/ai-inference#147</a></li> <li><a href="https://github.com/dsanders11"><code>@dsanders11</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/136">actions/ai-inference#136</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.2">https://github.com/actions/ai-inference/compare/v2...v2.0.2</a></p> <h2>v2.0.1</h2> <h2>What's Changed</h2> <ul> <li>Parse inference response format defensively by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/97">actions/ai-inference#97</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.1">https://github.com/actions/ai-inference/compare/v2...v2.0.1</a></p> <h2>v2.0.0</h2> <h2>What's Changed</h2> <ul> <li>Node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/79">actions/ai-inference#79</a></li> <li>Pin two imported actions to a set sha by <a href="https://github.com/garman"><code>@garman</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/90">actions/ai-inference#90</a></li> <li>Uses tmp library to ensure more secure tmp file creation by <a href="https://github.com/JessRudder"><code>@JessRudder</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/91">actions/ai-inference#91</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/79">actions/ai-inference#79</a></li> <li><a href="https://github.com/garman"><code>@garman</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/90">actions/ai-inference#90</a></li> <li><a href="https://github.com/JessRudder"><code>@JessRudder</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/91">actions/ai-inference#91</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/334892bb203895caaed82ec52d23c1ed9385151e"><code>334892b</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/142">#142</a> from maartenvandiemen/feature/pass-toolsets</li> <li><a href="https://github.com/actions/ai-inference/commit/bbe0ccb2444c1e35852645a7e65bf1d83941efdd"><code>bbe0ccb</code></a> Fix failing tests</li> <li><a href="https://github.com/actions/ai-inference/commit/ca3b99ea743cc306cdaa68d07f817e930927c489"><code>ca3b99e</code></a> Undo changes in tests.</li> <li><a href="https://github.com/actions/ai-inference/commit/8a5d2ea4a1b866720d3acc8bbbccd159e6ca7c3a"><code>8a5d2ea</code></a> Merge branch 'main' into feature/pass-toolsets</li> <li><a href="https://github.com/actions/ai-inference/commit/112739fb15acc0a01a0d9ffc4637a0f5ca7dcc50"><code>112739f</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/139">#139</a> from GulerSevil/patch-1</li> <li><a href="https://github.com/actions/ai-inference/commit/f95554969e9a265f90a0c97938d04a6f319db7f3"><code>f955549</code></a> Merge branch 'main' into patch-1</li> <li><a href="https://github.com/actions/ai-inference/commit/9e60aa0a3f27cab0e62286d74d9c77b04b1d0596"><code>9e60aa0</code></a> Lint fix</li> <li><a href="https://github.com/actions/ai-inference/commit/02c6cc30ae592ce65ee356387748dfc2fd5f7993"><code>02c6cc3</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/150">#150</a> from actions/sgoedecke/mock-inference-in-ci</li> <li><a href="https://github.com/actions/ai-inference/commit/18d468666d48874954c853d63c0d9091bdfeb3b2"><code>18d4686</code></a> fix: keep response-file temp file for downstream steps</li> <li><a href="https://github.com/actions/ai-inference/commit/fd73d0264cd240d895c114657b06fd1b952b97b6"><code>fd73d02</code></a> Mock inference in CI</li> <li>Additional commits viewable in <a href="https://github.com/actions/ai-inference/compare/b81b2afb8390ee6839b494a404766bef6493c7d9...334892bb203895caaed82ec52d23c1ed9385151e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0c3c0765a3 |
Bump logback from 1.5.21 to 1.5.22 (#5281)
Bumps `logback` from 1.5.21 to 1.5.22. Updates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.22</h2> <p><strong>2025-12-11 Release of logback version 1.5.22</strong></p> <p>• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in <a href="https://redirect.github.com/qos-ch/logback/issues/986">issues/986</a>.</p> <p>• Logback now takes the overridden <code>toString()</code> method of <code>Throwable</code> subclasses into account when printing stack traces. This issue was reported in <a href="https://jira.qos.ch/browse/LOGBACK-543">LOGBACK-543</a> by Alvin Chee, with a fix provided in <a href="https://redirect.github.com/qos-ch/logback/pull/404">PR 404</a> by Brett Kail.</p> <p>• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/572379aabd2f672b49593e4020696c624541e5b0"><code>572379a</code></a> prepare release 1.5.22</li> <li><a href="https://github.com/qos-ch/logback/commit/39d17ea3b3381d08b181c300e27ca0713ffc20b8"><code>39d17ea</code></a> fix status printing of variable substitution when the variable name contains ...</li> <li><a href="https://github.com/qos-ch/logback/commit/75509a918665cc16a8d35ee4024be03e17c7147a"><code>75509a9</code></a> fix PR 404, LOGBACK-543</li> <li><a href="https://github.com/qos-ch/logback/commit/8eb93569728ab33c50b963d42ea9fcd4269c502f"><code>8eb9356</code></a> remove unused import</li> <li><a href="https://github.com/qos-ch/logback/commit/6131a3ad0af65a72df2e78d56424d9ac0fed8935"><code>6131a3a</code></a> use a slightly more sophisticated guard for printing status messages</li> <li><a href="https://github.com/qos-ch/logback/commit/9efca21c6e07feefa2a6ffb6b9b3807f357515e8"><code>9efca21</code></a> add no-args constructor to support various serialization frameworks</li> <li><a href="https://github.com/qos-ch/logback/commit/1bea5804f8329a7e49a4197e34cc297ad46a597c"><code>1bea580</code></a> minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/bd07fddf12b8b74d28d313a56e7357f6202d2449"><code>bd07fdd</code></a> update angus, greenmail versions</li> <li><a href="https://github.com/qos-ch/logback/commit/aef993c64b4a7119f9e831fd4acaa7e470e267ca"><code>aef993c</code></a> start work on 1.5.22-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.22</h2> <p><strong>2025-12-11 Release of logback version 1.5.22</strong></p> <p>• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in <a href="https://redirect.github.com/qos-ch/logback/issues/986">issues/986</a>.</p> <p>• Logback now takes the overridden <code>toString()</code> method of <code>Throwable</code> subclasses into account when printing stack traces. This issue was reported in <a href="https://jira.qos.ch/browse/LOGBACK-543">LOGBACK-543</a> by Alvin Chee, with a fix provided in <a href="https://redirect.github.com/qos-ch/logback/pull/404">PR 404</a> by Brett Kail.</p> <p>• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/572379aabd2f672b49593e4020696c624541e5b0"><code>572379a</code></a> prepare release 1.5.22</li> <li><a href="https://github.com/qos-ch/logback/commit/39d17ea3b3381d08b181c300e27ca0713ffc20b8"><code>39d17ea</code></a> fix status printing of variable substitution when the variable name contains ...</li> <li><a href="https://github.com/qos-ch/logback/commit/75509a918665cc16a8d35ee4024be03e17c7147a"><code>75509a9</code></a> fix PR 404, LOGBACK-543</li> <li><a href="https://github.com/qos-ch/logback/commit/8eb93569728ab33c50b963d42ea9fcd4269c502f"><code>8eb9356</code></a> remove unused import</li> <li><a href="https://github.com/qos-ch/logback/commit/6131a3ad0af65a72df2e78d56424d9ac0fed8935"><code>6131a3a</code></a> use a slightly more sophisticated guard for printing status messages</li> <li><a href="https://github.com/qos-ch/logback/commit/9efca21c6e07feefa2a6ffb6b9b3807f357515e8"><code>9efca21</code></a> add no-args constructor to support various serialization frameworks</li> <li><a href="https://github.com/qos-ch/logback/commit/1bea5804f8329a7e49a4197e34cc297ad46a597c"><code>1bea580</code></a> minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/bd07fddf12b8b74d28d313a56e7357f6202d2449"><code>bd07fdd</code></a> update angus, greenmail versions</li> <li><a href="https://github.com/qos-ch/logback/commit/aef993c64b4a7119f9e831fd4acaa7e470e267ca"><code>aef993c</code></a> start work on 1.5.22-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0a02e3e231 |
build(deps): bump io.micrometer:micrometer-core from 1.15.3 to 1.15.4 (#4420)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.15.3 to 1.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.15.4</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>NettyAllocatorMetrics should not prevent collecting executors <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6641">#6641</a></li> <li>[JOOQ] MetricsDSLContext - fetchExists doesn't report provided tags <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6583">#6583</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>add compatibility note for jOOQ overload delegation <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6681">#6681</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump dropwizard-metrics from 4.2.33 to 4.2.36 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6677">#6677</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/HeeChanN"><code>@HeeChanN</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/68c4d2210b97d90bf82cda6402f327cc87e667d2"><code>68c4d22</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/2c77f869489cc66d1e811f044f94b751f7101b60"><code>2c77f86</code></a> Bump org.ehcache:ehcache from 3.10.8 to 3.10.9 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6698">#6698</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/05c9c05b53b227dfe3f7ec42d6cd70c2c34b12f9"><code>05c9c05</code></a> Bump org.apache.felix:org.apache.felix.scr from 2.2.12 to 2.2.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6699">#6699</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/dc9285f292f90511509943ebf000c17972a0f97f"><code>dc9285f</code></a> Bump org.apache.felix:org.apache.felix.scr from 2.2.12 to 2.2.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6696">#6696</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/2840e4860192ab99d5ecb3ce86311b01be325b8e"><code>2840e48</code></a> Bump org.ehcache:ehcache from 3.10.8 to 3.10.9 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6697">#6697</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6ad623e782beb19b3d66540ccce50c75644f17ee"><code>6ad623e</code></a> Bump io.netty:netty-bom from 4.1.124.Final to 4.1.126.Final (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6691">#6691</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/ada8cff39efc07a122708ffcaacf31707df6c9fc"><code>ada8cff</code></a> Bump io.netty:netty-bom from 4.1.124.Final to 4.1.126.Final (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6690">#6690</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/f4ef3e79a7497c44cdb743d8ace61e7c7f2078fc"><code>f4ef3e7</code></a> Bump dropwizard-metrics from 4.2.35 to 4.2.36 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6688">#6688</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/3cd227bb341922cb1308e2ffcb486903ff6d8497"><code>3cd227b</code></a> Bump dropwizard-metrics from 4.2.35 to 4.2.36 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6685">#6685</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/9303ddb1fdb943a0f5254b654c14600af87e2731"><code>9303ddb</code></a> add compatibility note for jOOQ overload delegation (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6681">#6681</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.15.3...v1.15.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f59b2e4f86 |
build(deps): bump ch.qos.logback:logback-core from 1.5.18 to 1.5.19 (#4561)
Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/e572d4f87f06674788eb3ca7148e8d1dffc615fa"><code>e572d4f</code></a> skip deployment of blackbox and example modules, published as version 1.5.9</li> <li><a href="https://github.com/qos-ch/logback/commit/4adae8bdcdcf018bb29e51387175412bd9c6d546"><code>4adae8b</code></a> add plugin for Maven Central deployment</li> <li><a href="https://github.com/qos-ch/logback/commit/ee70cf4cd99774ea5fe1f7e2d928061126e45eeb"><code>ee70cf4</code></a> prepare release 1.5.19</li> <li><a href="https://github.com/qos-ch/logback/commit/20802cff1dc1ba3bd73b9d7a93102f3b6fd16e2a"><code>20802cf</code></a> mindor javadoc changes</li> <li><a href="https://github.com/qos-ch/logback/commit/81160699fcecbefdecf79ea44c0f7f2877d9eb8d"><code>8116069</code></a> comment out code in COWArrayListConcurrencyTest to make IDE happy</li> <li><a href="https://github.com/qos-ch/logback/commit/7f653409c95e40efd79b2b1bbeefde6dd649ceab"><code>7f65340</code></a> minor changes</li> <li><a href="https://github.com/qos-ch/logback/commit/8d2262d3c5227f209905ac1705a3333ebd8a33c8"><code>8d2262d</code></a> soften warning on using ConsoleAppender</li> <li><a href="https://github.com/qos-ch/logback/commit/c76fed3c01f389e4c18db914bcba1e72bccc2d1e"><code>c76fed3</code></a> ViewStatusMessagesServlet requires method POST for button 'Clear' (<a href="https://redirect.github.com/qos-ch/logback/issues/971">#971</a>)</li> <li><a href="https://github.com/qos-ch/logback/commit/61f6a2544f36b3016e0efd434ee21f19269f1df7"><code>61f6a25</code></a> disallow new in if condition attribute in config files</li> <li><a href="https://github.com/qos-ch/logback/commit/a07cfd53e4a3122dc83c4ad36b96f6f6fc78375c"><code>a07cfd5</code></a> logback-core: fix spelling errors (<a href="https://redirect.github.com/qos-ch/logback/issues/956">#956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b18c652727 |
build(deps): bump actions/stale from 10.0.0 to 10.1.0 (#4603)
Bumps [actions/stale](https://github.com/actions/stale) from 10.0.0 to 10.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.1.0</h2> <h2>What's Changed</h2> <ul> <li>Add <code>only-issue-types</code> option to filter issues by type by <a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1255">actions/stale#1255</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1255">actions/stale#1255</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.1.0">https://github.com/actions/stale/compare/v10...v10.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/5f858e3efba33a5ca4407a664cc011ad407f2008"><code>5f858e3</code></a> Add <code>only-issue-types</code> option to filter issues by type (<a href="https://redirect.github.com/actions/stale/issues/1255">#1255</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/3a9db7e6a41a89f618792c92c0e97cc736e1b13f...5f858e3efba33a5ca4407a664cc011ad407f2008">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5b90ad4a92 |
build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#4601)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.5 to 3.30.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.6 - 02 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.2. <a href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.30.6 - 02 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.2. <a href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li> </ul> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li> </ul> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li> </ul> <h2>3.30.1 - 05 Sep 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.0. <a href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li> </ul> <h2>3.30.0 - 01 Sep 2025</h2> <ul> <li>Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. <a href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li> </ul> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/64d10c13136e1c5bce3e5fbde8d4906eeaafc885"><code>64d10c1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3172">#3172</a> from github/update-v3.30.6-10feb5d2a</li> <li><a href="https://github.com/github/codeql-action/commit/909610e8a847f0bd00aec15db1ca9e69b006b832"><code>909610e</code></a> Update changelog for v3.30.6</li> <li><a href="https://github.com/github/codeql-action/commit/10feb5d2a2535fc4a649a440d3cc1605adc4b401"><code>10feb5d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3167">#3167</a> from github/mbg/upload-sarif/find-then-filter</li> <li><a href="https://github.com/github/codeql-action/commit/4182ea3d4e571a0ef1fe400e2be7dac377d0bfab"><code>4182ea3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3168">#3168</a> from github/update-bundle/codeql-bundle-v2.23.2</li> <li><a href="https://github.com/github/codeql-action/commit/34afe5b7b14d3606c13bf651daa19ddd8a0f7266"><code>34afe5b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3171">#3171</a> from github/mbg/start-proxy/telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/096fe67f97e494ef06346b2edba7862069e6f879"><code>096fe67</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2</li> <li><a href="https://github.com/github/codeql-action/commit/b4964014adc5c667e691999fa475b29d2634750c"><code>b496401</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3170">#3170</a> from github/mbg/start-proxy/remove-update-workflow</li> <li><a href="https://github.com/github/codeql-action/commit/d573787cca00bdd533d895012a2af0dad5f2e66a"><code>d573787</code></a> Report registry types that are configured for CodeQL in <code>start-proxy</code> telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/15916800df051ff24b89c0f961260e8bea28d85f"><code>1591680</code></a> Send a basic status report in <code>start-proxy</code> Action if it succeeds</li> <li><a href="https://github.com/github/codeql-action/commit/cb5a2849ac05d53b82c70a5feb2a56a85feb20d4"><code>cb5a284</code></a> Send status report when <code>start-proxy</code> fails</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...64d10c13136e1c5bce3e5fbde8d4906eeaafc885">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1120f54cda |
build(deps): bump softprops/action-gh-release from 2.3.3 to 2.3.4 (#4602)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.3.3 to 2.3.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.3.4</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix(action): handle 422 already_exists race condition by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/665">softprops/action-gh-release#665</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/656">softprops/action-gh-release#656</a></li> <li>chore(deps): bump <code>@types/node</code> from 20.19.11 to 20.19.13 in the npm group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/655">softprops/action-gh-release#655</a></li> <li>chore(deps): bump vite from 7.0.0 to 7.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/657">softprops/action-gh-release#657</a></li> <li>chore(deps): bump the npm group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/662">softprops/action-gh-release#662</a></li> <li>chore(deps): bump the npm group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/666">softprops/action-gh-release#666</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2...v2.3.4">https://github.com/softprops/action-gh-release/compare/v2...v2.3.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.3.4</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix(action): handle 422 already_exists race condition by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/665">softprops/action-gh-release#665</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.3.3</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: add input option <code>overwrite_files</code> by <a href="https://github.com/asfernandes"><code>@asfernandes</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/343">softprops/action-gh-release#343</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.3.2</h2> <ul> <li>fix: revert fs <code>readableWebStream</code> change</li> </ul> <h2>2.3.1</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: fix file closing issue by <a href="https://github.com/WailGree"><code>@WailGree</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/629">softprops/action-gh-release#629</a></li> </ul> <h2>2.3.0</h2> <ul> <li>Migrate from jest to vitest</li> <li>Replace <code>mime</code> with <code>mime-types</code></li> <li>Bump to use node 24</li> <li>Dependency updates</li> </ul> <h2>2.2.2</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: updating release draft status from true to false by <a href="https://github.com/galargh"><code>@galargh</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/316">softprops/action-gh-release#316</a></li> </ul> <h3>Other Changes 🔄</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/62c96d0c4e8a889135c1f3a25910db8dbe0e85f7"><code>62c96d0</code></a> release 2.3.4</li> <li><a href="https://github.com/softprops/action-gh-release/commit/7dc9b8ac0f2368b3a87cf0705832afc474fc7cd8"><code>7dc9b8a</code></a> fix(action): handle 422 already_exists race condition (<a href="https://redirect.github.com/softprops/action-gh-release/issues/665">#665</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/0f0e0b98e953d8219f04f51a8608dd41c902f012"><code>0f0e0b9</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/666">#666</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/97d42c1b50f585f357413698aa1b779307aa0d52"><code>97d42c1</code></a> chore(deps): bump the npm group across 1 directory with 2 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/662">#662</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/19cd0bcd2b95a5f9e0aab8377b3cae33e51c2234"><code>19cd0bc</code></a> chore(deps): bump vite from 7.0.0 to 7.1.5 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/657">#657</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/5d1b0b11643723aa24b0a5f8cef9618f9c2ed69b"><code>5d1b0b1</code></a> chore(deps): bump <code>@types/node</code> from 20.19.11 to 20.19.13 in the npm group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/655">#655</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f6021cf9a4e291961602215a20006a3bcfb743c1"><code>f6021cf</code></a> chore(deps): bump actions/setup-node in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/656">#656</a>)</li> <li>See full diff in <a href="https://github.com/softprops/action-gh-release/compare/6cbd405e2c4e67a21c47fa9e383d020e4e28b836...62c96d0c4e8a889135c1f3a25910db8dbe0e85f7">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | softprops/action-gh-release | [>= 2.2.a, < 2.3] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
31b03475e7 |
build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#4604)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.3</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the <a href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard v5.3.0 release notes</a>.</p> <h2>Documentation</h2> <ul> <li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for private repos by <a href="https://github.com/pankajtaneja5"><code>@pankajtaneja5</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li>📖 Fix recommended command to test the image in development by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li> </ul> <h2>Other</h2> <ul> <li>add missing top-level token permissions to workflows by <a href="https://github.com/timothyklee"><code>@timothyklee</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li>setup codeowners for requesting reviews by <a href="https://github.com/spencerschrock"><code>@spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li> <li>🌱 Improve printing options by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/timothyklee"><code>@timothyklee</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li><a href="https://github.com/pankajtaneja5"><code>@pankajtaneja5</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li><a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a> bump docker to ghcr v2.4.3 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a> 🌱 Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a> 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a> 📖 Fix recommended command to test the image in development (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a> 🌱 Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a> 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a> 🌱 Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a> 🌱 Improve printing options (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a> 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
612c7e06e7 |
build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.4 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/amyu"><code>@amyu</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/721">gradle/actions#721</a></li> </ul> <p>Make sure your runner is updated to this version or newer to use this release. v2.327.1 <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <h3>Dependency upgrades</h3> <ul> <li>Bump the github-actions group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/748">gradle/actions#748</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4...v5.0.0">https://github.com/gradle/actions/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2"><code>4d9f0ba</code></a> Bump the github-actions group across 1 directory with 2 updates (<a href="https://redirect.github.com/gradle/actions/issues/748">#748</a>)</li> <li><a href="https://github.com/gradle/actions/commit/4b530e369bfef1ac8fc2160ec97b9fda1ccd9901"><code>4b530e3</code></a> Bump the github-actions group across 1 directory with 2 updates</li> <li><a href="https://github.com/gradle/actions/commit/e60655a8a03bf3b9a7ff400dc5ef49bed725bec8"><code>e60655a</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/gradle/actions/issues/721">#721</a>)</li> <li>See full diff in <a href="https://github.com/gradle/actions/compare/748248ddd2a24f49513d8f472f81c3a07d4d50e1...4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7bd31a954e |
build(deps): bump org.springframework.boot from 3.5.5 to 3.5.6 (#4545)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.5 to 3.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.6</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Quoted -D arguments break system property resolution on Linux with Spring AOT <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47166">#47166</a></li> <li>Groovy Templates fails with an NPE when rendering an auto new line <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47139">#47139</a></li> <li>available() does not behave correctly when reading stored entries from a NestedJarFile <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47057">#47057</a></li> <li>spring-boot-docker-compose doesn't create service connections when image has registry host but not project <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47019">#47019</a></li> <li>Flyway Ignore Migration Patterns setting can't be set to an empty string <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47013">#47013</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Default value of server.tomcat.resource.cache-ttl is not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47253">#47253</a></li> <li>Document Java 25 support <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47245">#47245</a></li> <li>Fix links to Flyway reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46988">#46988</a></li> <li>Clarify Javadoc of Customizer interfaces about overriding behavior <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46942">#46942</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Ehcache3 3.10.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47106">#47106</a></li> <li>Upgrade to Elasticsearch Client 8.18.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47094">#47094</a></li> <li>Upgrade to Gson 2.13.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47158">#47158</a></li> <li>Upgrade to Hibernate 6.6.29.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47216">#47216</a></li> <li>Upgrade to HikariCP 6.3.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47187">#47187</a></li> <li>Upgrade to HttpCore5 5.3.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47108">#47108</a></li> <li>Upgrade to Infinispan 15.2.6.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47109">#47109</a></li> <li>Upgrade to Jakarta Activation 2.1.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47188">#47188</a></li> <li>Upgrade to Jakarta Mail 2.1.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47110">#47110</a></li> <li>Upgrade to Jaybird 6.0.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47111">#47111</a></li> <li>Upgrade to Jetty 12.0.27 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47159">#47159</a></li> <li>Upgrade to jOOQ 3.19.26 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47160">#47160</a></li> <li>Upgrade to Lombok 1.18.40 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47113">#47113</a></li> <li>Upgrade to MariaDB 3.5.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47189">#47189</a></li> <li>Upgrade to Maven Failsafe Plugin 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47190">#47190</a></li> <li>Upgrade to Maven Shade Plugin 3.6.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47191">#47191</a></li> <li>Upgrade to Maven Surefire Plugin 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47192">#47192</a></li> <li>Upgrade to Micrometer 1.15.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47083">#47083</a></li> <li>Upgrade to Micrometer Tracing 1.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47084">#47084</a></li> <li>Upgrade to Netty 4.1.127.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47127">#47127</a></li> <li>Upgrade to R2DBC MSSQL 1.0.3.RELEASE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47193">#47193</a></li> <li>Upgrade to Reactor Bom 2024.0.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47085">#47085</a></li> <li>Upgrade to Spring AMQP 3.2.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47086">#47086</a></li> <li>Upgrade to Spring Batch 5.2.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47087">#47087</a></li> <li>Upgrade to Spring Data Bom 2025.0.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47088">#47088</a></li> <li>Upgrade to Spring Framework 6.2.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47089">#47089</a></li> <li>Upgrade to Spring GraphQL 1.4.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47090">#47090</a></li> <li>Upgrade to Spring Integration 6.5.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47091">#47091</a></li> <li>Upgrade to Spring Kafka 3.3.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47092">#47092</a></li> <li>Upgrade to Spring Pulsar 1.2.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47093">#47093</a></li> <li>Upgrade to Spring Security 6.5.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47257">#47257</a></li> <li>Upgrade to Tomcat 10.1.46 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47194">#47194</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/23bcd7b4d8969cdef27771f1594b044bb98724a6"><code>23bcd7b</code></a> Release v3.5.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d96267f12b58fecd696a9f9c5a972f2076c0c9d4"><code>d96267f</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9363f03d8dffb72fac89060d6c2880145759cc50"><code>9363f03</code></a> Next development version (v3.4.11-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a465cdbf6697b3a266ac8c36a3ff96b31c7591a6"><code>a465cdb</code></a> Revert "Upgrade to Jakarta XML Bind 4.0.4"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/391e745840027cf7e9c8b208147a29111fb26e57"><code>391e745</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ad9a7eecb2ab0c9b797b3223dff16c43608cfaf2"><code>ad9a7ee</code></a> Revert "Upgrade to Jakarta XML Bind 4.0.4"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/66ba91876ab00a001943a2fa5426c9846aed2e43"><code>66ba918</code></a> Document support for Java 25</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/943f0ae257479446ad1fe966605c1a0e7797d0e7"><code>943f0ae</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/43fee1678a1b2f6118802603dc97adc6a700516a"><code>43fee16</code></a> Upgrade to Spring Batch 5.2.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/11de7d1ca6ba54a3639f1311cf501091e337f301"><code>11de7d1</code></a> Upgrade to Spring Batch 5.2.3</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.5...v3.5.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f337c8485e |
build(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 (#4547)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.2 to 3.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.10.0</h2> <h2>What's Changed</h2> <ul> <li>Bump default Cosign to v2.6.0 in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/200">sigstore/cosign-installer#200</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0">https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/d7543c93d881b35a8faa02e8e3605f69b7a1ce62"><code>d7543c9</code></a> Bump default Cosign to v2.6.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/200">#200</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/920f20f8c1514a0b54f0557e19ff74bfeb5f413d"><code>920f20f</code></a> Bump actions/setup-go from 5.5.0 to 6.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/199">#199</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/bb9dfc10d272e67bed086b504aaf14f8fe455b05"><code>bb9dfc1</code></a> Bump actions/github-script from 7.0.1 to 8.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/198">#198</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/074636bf86584fb361059563d092a9cfb6560f80"><code>074636b</code></a> Bump actions/checkout from 4.2.2 to 5.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/197">#197</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/d58896d6a1865668819e1d91763c7751a165e159...d7543c93d881b35a8faa02e8e3605f69b7a1ce62">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bdb721a482 |
build(deps): bump gradle/actions from 4.4.2 to 4.4.4 (#4548)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.2 to 4.4.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.4</h2> <h2>What's Changed</h2> <ul> <li>Bump the github-actions group across 2 directories with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/726">gradle/actions#726</a></li> <li>Regenerating package lock by <a href="https://github.com/cdsap"><code>@cdsap</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/729">gradle/actions#729</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/730">gradle/actions#730</a></li> <li>Bump the github-actions group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/735">gradle/actions#735</a></li> <li>Bump the gradle group across 3 directories with 1 update by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/734">gradle/actions#734</a></li> <li>Bump the npm-dependencies group in /sources with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/733">gradle/actions#733</a></li> <li>Bump references to Develocity Gradle plugin from 4.1.1 to 4.2 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/736">gradle/actions#736</a></li> <li>Handle gracefully parse errors in checksum file by <a href="https://github.com/jprinet"><code>@jprinet</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/737">gradle/actions#737</a></li> <li>Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/kotlin-dsl by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/742">gradle/actions#742</a></li> <li>Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/java-toolchain by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/741">gradle/actions#741</a></li> <li>Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/groovy-dsl by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/740">gradle/actions#740</a></li> <li>Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/gradle-plugin by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/739">gradle/actions#739</a></li> <li>Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /sources/test/init-scripts by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/738">gradle/actions#738</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/743">gradle/actions#743</a></li> <li>Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/746">gradle/actions#746</a></li> <li>Bump the npm-dependencies group in /sources with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/745">gradle/actions#745</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4...v4.4.4">https://github.com/gradle/actions/compare/v4...v4.4.4</a></p> <h2>v4.4.3</h2> <h2>What's Changed</h2> <ul> <li>Adapt tests to future new Build Scan publication message by <a href="https://github.com/alextu"><code>@alextu</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/708">gradle/actions#708</a></li> <li>Add missing Gradle version input to setup-gradle by <a href="https://github.com/jprinet"><code>@jprinet</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/713">gradle/actions#713</a></li> <li>Bump the github-actions group across 2 directories with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/710">gradle/actions#710</a></li> <li>Bump references to Develocity Gradle plugin from 4.1 to 4.1.1 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/712">gradle/actions#712</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/709">gradle/actions#709</a></li> <li>Bump the npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/711">gradle/actions#711</a></li> <li>Do not run setup-gradle post action if workflow is cancelled by <a href="https://github.com/jprinet"><code>@jprinet</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/716">gradle/actions#716</a></li> <li>Bump the github-actions group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/715">gradle/actions#715</a></li> <li>Bump the npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/720">gradle/actions#720</a></li> <li>Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/719">gradle/actions#719</a></li> <li>Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to 2.20.0 in /sources/test/init-scripts in the gradle group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/718">gradle/actions#718</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/723">gradle/actions#723</a></li> <li>Bump the npm-dependencies group in /sources with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/725">gradle/actions#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.2...v4.4.3">https://github.com/gradle/actions/compare/v4.4.2...v4.4.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/748248ddd2a24f49513d8f472f81c3a07d4d50e1"><code>748248d</code></a> Bump the npm-dependencies group in /sources with 5 updates (<a href="https://redirect.github.com/gradle/actions/issues/745">#745</a>)</li> <li><a href="https://github.com/gradle/actions/commit/81b68c9429570ef0a0bbd7f1898f1ddb06002c33"><code>81b68c9</code></a> Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflo...</li> <li><a href="https://github.com/gradle/actions/commit/13617309e3fe4d0361ccb3c9528a8d0d57ea2b2b"><code>1361730</code></a> Bump com.google.guava:guava</li> <li><a href="https://github.com/gradle/actions/commit/a86ac1167d7d23eea103a711871cddc6a0d88e70"><code>a86ac11</code></a> Bump the npm-dependencies group in /sources with 5 updates</li> <li><a href="https://github.com/gradle/actions/commit/182e4d39a69c621df8047e4504c7be47bacfd8d6"><code>182e4d3</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/a48a0fa47fcef8e9b77628e176ac1e207c2e07c5"><code>a48a0fa</code></a> Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/issues/743">#743</a>)</li> <li><a href="https://github.com/gradle/actions/commit/6d7d019840e00d27b4af224d3e11fff785a4cbe1"><code>6d7d019</code></a> Update known wrapper checksums</li> <li><a href="https://github.com/gradle/actions/commit/0e052761e2b444a9db1681a00dc8730b80af3fc0"><code>0e05276</code></a> Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /sources/test/init-scripts (<a href="https://redirect.github.com/gradle/actions/issues/738">#738</a>)</li> <li><a href="https://github.com/gradle/actions/commit/2e40f51ba36cdf7e19f8744141b58b714cfb10ad"><code>2e40f51</code></a> Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/gradle-p...</li> <li><a href="https://github.com/gradle/actions/commit/ed3ef92603f04047856e47e53ebf0001f7bcbd80"><code>ed3ef92</code></a> Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/groovy-d...</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/017a9effdb900e5b5b2fddfb590a105619dca3c3...748248ddd2a24f49513d8f472f81c3a07d4d50e1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
927bf3d004 |
build(deps): bump org.eclipse.angus:angus-mail from 2.0.4 to 2.0.5 (#4549)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.eclipse.angus:angus-mail](https://github.com/eclipse-ee4j/angus-mail) from 2.0.4 to 2.0.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a7a4a37844717d3967418b1640456e49153a7e7c"><code>a7a4a37</code></a> Prepare release org.eclipse.angus:all:2.0.5</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a7d6745aaaa831c9c2140eac2ee5b8a7d275895e"><code>a7d6745</code></a> activation api 2.1.4, mail api 2.1.5, angus activation 2.0.3</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/c93dde0d24ff8ad2d4cac38e9bd3da46a7f06e30"><code>c93dde0</code></a> Merge pull request <a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/182">#182</a> from eclipse-ee4j/2.0.4-RELEASE</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/ddcc8e35198bc1f51511f84956b1d7610aad9175"><code>ddcc8e3</code></a> From-Address not parsed correctly <a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/161">#161</a> (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/174">#174</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/c4e72d2a91c14f2b4d8bbaf5e6b747f1cc0de913"><code>c4e72d2</code></a> Update github action versions</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/f1606338a49bb2588c0f6ecef4a2e6e18a1208bf"><code>f160633</code></a> OAuth2.md: POP3 works with O365 with towlines</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/acbb015dfbadb1ae6fd3e682490ab442786a6dd2"><code>acbb015</code></a> Update changes files, it was wrong (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/177">#177</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/b96c2c32a44e73933f877d4cd085b66027d44c2d"><code>b96c2c3</code></a> Rename resource files so JakartaMail and JavaMail can co-exist (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/171">#171</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/8d4a8ce3d5cf0f7ac21fb042e8495b76b6b4462a"><code>8d4a8ce</code></a> Update CHANGES.txt</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/dbd22ec2c2bb7272e9b56ca367bee82a9015ea31"><code>dbd22ec</code></a> Remove this-escape compiler warnings <a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/141">#141</a> (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/142">#142</a>)</li> <li>Additional commits viewable in <a href="https://github.com/eclipse-ee4j/angus-mail/compare/2.0.4...2.0.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8f413819c5 |
build(deps): bump org.springframework.boot:spring-boot-dependencies from 3.5.5 to 3.5.6 (#4550)
Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.5.5 to 3.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v3.5.6</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Quoted -D arguments break system property resolution on Linux with Spring AOT <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47166">#47166</a></li> <li>Groovy Templates fails with an NPE when rendering an auto new line <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47139">#47139</a></li> <li>available() does not behave correctly when reading stored entries from a NestedJarFile <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47057">#47057</a></li> <li>spring-boot-docker-compose doesn't create service connections when image has registry host but not project <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47019">#47019</a></li> <li>Flyway Ignore Migration Patterns setting can't be set to an empty string <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47013">#47013</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Default value of server.tomcat.resource.cache-ttl is not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47253">#47253</a></li> <li>Document Java 25 support <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47245">#47245</a></li> <li>Fix links to Flyway reference documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46988">#46988</a></li> <li>Clarify Javadoc of Customizer interfaces about overriding behavior <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46942">#46942</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Ehcache3 3.10.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47106">#47106</a></li> <li>Upgrade to Elasticsearch Client 8.18.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47094">#47094</a></li> <li>Upgrade to Gson 2.13.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47158">#47158</a></li> <li>Upgrade to Hibernate 6.6.29.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47216">#47216</a></li> <li>Upgrade to HikariCP 6.3.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47187">#47187</a></li> <li>Upgrade to HttpCore5 5.3.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47108">#47108</a></li> <li>Upgrade to Infinispan 15.2.6.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47109">#47109</a></li> <li>Upgrade to Jakarta Activation 2.1.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47188">#47188</a></li> <li>Upgrade to Jakarta Mail 2.1.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47110">#47110</a></li> <li>Upgrade to Jaybird 6.0.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47111">#47111</a></li> <li>Upgrade to Jetty 12.0.27 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47159">#47159</a></li> <li>Upgrade to jOOQ 3.19.26 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47160">#47160</a></li> <li>Upgrade to Lombok 1.18.40 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47113">#47113</a></li> <li>Upgrade to MariaDB 3.5.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47189">#47189</a></li> <li>Upgrade to Maven Failsafe Plugin 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47190">#47190</a></li> <li>Upgrade to Maven Shade Plugin 3.6.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47191">#47191</a></li> <li>Upgrade to Maven Surefire Plugin 3.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47192">#47192</a></li> <li>Upgrade to Micrometer 1.15.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47083">#47083</a></li> <li>Upgrade to Micrometer Tracing 1.5.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47084">#47084</a></li> <li>Upgrade to Netty 4.1.127.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47127">#47127</a></li> <li>Upgrade to R2DBC MSSQL 1.0.3.RELEASE <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47193">#47193</a></li> <li>Upgrade to Reactor Bom 2024.0.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47085">#47085</a></li> <li>Upgrade to Spring AMQP 3.2.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47086">#47086</a></li> <li>Upgrade to Spring Batch 5.2.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47087">#47087</a></li> <li>Upgrade to Spring Data Bom 2025.0.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47088">#47088</a></li> <li>Upgrade to Spring Framework 6.2.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47089">#47089</a></li> <li>Upgrade to Spring GraphQL 1.4.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47090">#47090</a></li> <li>Upgrade to Spring Integration 6.5.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47091">#47091</a></li> <li>Upgrade to Spring Kafka 3.3.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47092">#47092</a></li> <li>Upgrade to Spring Pulsar 1.2.10 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47093">#47093</a></li> <li>Upgrade to Spring Security 6.5.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47257">#47257</a></li> <li>Upgrade to Tomcat 10.1.46 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/47194">#47194</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/23bcd7b4d8969cdef27771f1594b044bb98724a6"><code>23bcd7b</code></a> Release v3.5.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/d96267f12b58fecd696a9f9c5a972f2076c0c9d4"><code>d96267f</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9363f03d8dffb72fac89060d6c2880145759cc50"><code>9363f03</code></a> Next development version (v3.4.11-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a465cdbf6697b3a266ac8c36a3ff96b31c7591a6"><code>a465cdb</code></a> Revert "Upgrade to Jakarta XML Bind 4.0.4"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/391e745840027cf7e9c8b208147a29111fb26e57"><code>391e745</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ad9a7eecb2ab0c9b797b3223dff16c43608cfaf2"><code>ad9a7ee</code></a> Revert "Upgrade to Jakarta XML Bind 4.0.4"</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/66ba91876ab00a001943a2fa5426c9846aed2e43"><code>66ba918</code></a> Document support for Java 25</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/943f0ae257479446ad1fe966605c1a0e7797d0e7"><code>943f0ae</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/43fee1678a1b2f6118802603dc97adc6a700516a"><code>43fee16</code></a> Upgrade to Spring Batch 5.2.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/11de7d1ca6ba54a3639f1311cf501091e337f301"><code>11de7d1</code></a> Upgrade to Spring Batch 5.2.3</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.5...v3.5.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8884e65c29 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.36 to 2.2.38 (#4551)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.36 to 2.2.38. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2198ad840c |
build(deps): bump docker/login-action from 3.5.0 to 3.6.0 (#4552)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/5e57cd118135c172c3672efd75eb46360885c0ef"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/97e31439e8b415da4e1322633630e1563c42c0f2"><code>97e3143</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/3a0796b57f440ff1af59165907392527fa832e0c"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/5b7b28b1cc417bbd34cd8c225a957c9ce9adf7f2"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/abc9fb3154ad354cf35d6c78a862bee018dd4cb8"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/d46868881477a1d16bdcc80a5b2c05208b1befe4"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/a99b2f88fc4efabea32b8ba09581cf535c1577e9"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/0d7fae8057d840a981e4132ce97862f6c8f48b42"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9832253cb7b14f93bd4134396bd26e855e8e4bd2"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="https://github.com/docker/login-action/commit/09e05bbdf68bd9ce9eedefa6d2ebe03008c32b08"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/184bdaa0721073962dff0199f1fb9940f07167d1...5e57cd118135c172c3672efd75eb46360885c0ef">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
10263ffc7f |
build(deps): bump jakarta.mail:jakarta.mail-api from 2.1.4 to 2.1.5 (#4553)
Bumps [jakarta.mail:jakarta.mail-api](https://github.com/jakartaee/mail-api) from 2.1.4 to 2.1.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jakartaee/mail-api/commit/e1873219fe587d5c2b5bb4196e859ae71319a45c"><code>e187321</code></a> Prepare release jakarta.mail:jakarta.mail-api:2.1.5</li> <li><a href="https://github.com/jakartaee/mail-api/commit/ef7483e4b3850c97b0d69325c28bdf1024c5a9de"><code>ef7483e</code></a> Revert "Multipart performs blocking call in every instantiation <a href="https://redirect.github.com/jakartaee/mail-api/issues/699">#699</a> (<a href="https://redirect.github.com/jakartaee/mail-api/issues/716">#716</a>)"</li> <li><a href="https://github.com/jakartaee/mail-api/commit/abe990f2d45def0067db9469aae6e26e4ffb27f2"><code>abe990f</code></a> Reviews changes</li> <li><a href="https://github.com/jakartaee/mail-api/commit/a10a1733c9ed8aa6208d88731dcdc3393f372e5b"><code>a10a173</code></a> Improve MimeMessage UTF8 handling</li> <li><a href="https://github.com/jakartaee/mail-api/commit/7a53112b91b5ed7b2f3c1263c692c9604ff51db7"><code>7a53112</code></a> Improve MimeMessage UTF8 handling</li> <li><a href="https://github.com/jakartaee/mail-api/commit/17365200c01432b713937ec898fc2fa0cb26af0e"><code>1736520</code></a> Drop references to the Reference implementation</li> <li><a href="https://github.com/jakartaee/mail-api/commit/f2e6da34c38f02cceb2e8c4c64d016149e7a11c0"><code>f2e6da3</code></a> Bump nokogiri from 1.16.5 to 1.18.9 in /www</li> <li><a href="https://github.com/jakartaee/mail-api/commit/5488a7ce643e9266433f992c860c072e17a8566f"><code>5488a7c</code></a> <a href="https://redirect.github.com/jakartaee/mail-api/issues/708">#708</a> Add missing javadoc for supporting ServiceLoader mechanism (<a href="https://redirect.github.com/jakartaee/mail-api/issues/726">#726</a>)</li> <li><a href="https://github.com/jakartaee/mail-api/commit/ccbe84bdb57953e15f0f4a2f31af86345587aa63"><code>ccbe84b</code></a> Bump webrick from 1.8.1 to 1.8.2 in /www</li> <li><a href="https://github.com/jakartaee/mail-api/commit/34f8e9b1618f4d9acdbef908c4ddf7ca0fe3d115"><code>34f8e9b</code></a> ISSUE-721 - add full Markdown for URLs since Jekyll action doesn't autolink t...</li> <li>Additional commits viewable in <a href="https://github.com/jakartaee/mail-api/compare/2.1.4...2.1.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d9c0223703 |
build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.12 to 2.8.13 (#4421)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
37877582e7 |
build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#4538)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9c098103a1 |
build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#4378)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d5a3f768bc |
build(deps): bump github/codeql-action from 3.30.0 to 3.30.5 (#4539)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
cb583fb42f |
build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 (#4540)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
edb555f517 |
build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 (#4541)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
140e11865d |
build(deps): bump springSecuritySamlVersion from 6.5.3 to 6.5.5 (#4536)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b950484bfc |
build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#4534)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
634630ebbc |
build(deps): bump commonmarkVersion from 0.25.1 to 0.26.0 (#4447)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4ad039d034 |
build(deps): bump org.projectlombok:lombok from 1.18.38 to 1.18.42 (#4475)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
16576c1789 |
build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (#4479)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
591a70f9b0 |
build(deps): bump bouncycastleVersion from 1.81 to 1.82 (#4474)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8afa0c9b23 |
build(deps): bump actions/setup-python from 5.6.0 to 6.0.0 (#4379)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
37b581e0dd |
build(deps): bump actions/stale from 9.1.0 to 10.0.0 (#4380)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5b3b7575c2 |
build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4382)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
aa1fc43ad9 |
build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 (#4381)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
61b85a9273 |
build(deps): bump jakarta.mail:jakarta.mail-api from 2.1.3 to 2.1.4 (#4351)
Bumps [jakarta.mail:jakarta.mail-api](https://github.com/jakartaee/mail-api) from 2.1.3 to 2.1.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jakartaee/mail-api/commit/0d13f04450f9590afa37761e04591526f47312e5"><code>0d13f04</code></a> Prepare release jakarta.mail:jakarta.mail-api:2.1.4</li> <li><a href="https://github.com/jakartaee/mail-api/commit/958fb97ab1ebae1844629226fb06e27b05872c52"><code>958fb97</code></a> services/jakarta.mail.Provider override not working <a href="https://redirect.github.com/jakartaee/mail-api/issues/777">#777</a> (<a href="https://redirect.github.com/jakartaee/mail-api/issues/779">#779</a>)</li> <li><a href="https://github.com/jakartaee/mail-api/commit/3446c942412cb324ce448d65d6a805f3a6af599e"><code>3446c94</code></a> services/jakarta.mail.Provider override not working <a href="https://redirect.github.com/jakartaee/mail-api/issues/170">#170</a> (<a href="https://redirect.github.com/jakartaee/mail-api/issues/778">#778</a>)</li> <li><a href="https://github.com/jakartaee/mail-api/commit/892fae4ac7601976ee3270040a5b16d6349ce955"><code>892fae4</code></a> Multipart performs blocking call in every instantiation <a href="https://redirect.github.com/jakartaee/mail-api/issues/699">#699</a> (<a href="https://redirect.github.com/jakartaee/mail-api/issues/716">#716</a>)</li> <li><a href="https://github.com/jakartaee/mail-api/commit/666ec999d8931041d89eabf10d807e5262195f8f"><code>666ec99</code></a> Bump rexml from 3.2.8 to 3.3.6 in /www</li> <li><a href="https://github.com/jakartaee/mail-api/commit/8eddc342b11436c2ab8a68ff5ab464e343edee99"><code>8eddc34</code></a> Bump rexml from 3.2.5 to 3.2.8 in /www</li> <li><a href="https://github.com/jakartaee/mail-api/commit/1259b86a8c195db3337db9eff81214c357758c0e"><code>1259b86</code></a> Bump nokogiri from 1.16.2 to 1.16.5 in /www</li> <li><a href="https://github.com/jakartaee/mail-api/commit/bf2bfc18c0d2b9b3f57417203c2a462a3a94a7de"><code>bf2bfc1</code></a> Update README.md</li> <li><a href="https://github.com/jakartaee/mail-api/commit/038fa7038a26251bbf4a43ea577a5e7171d3a2e4"><code>038fa70</code></a> Prepare next development cycle for 2.1.4-SNAPSHOT</li> <li><a href="https://github.com/jakartaee/mail-api/commit/1e520275467de4b1cc658fd83e1783c43d451b2e"><code>1e52027</code></a> Prepare release jakarta.mail:jakarta.mail-api:2.1.3</li> <li>See full diff in <a href="https://github.com/jakartaee/mail-api/compare/2.1.3...2.1.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4987932f60 |
build(deps): bump org.panteleyev.jpackageplugin from 1.7.3 to 1.7.5 (#4347)
Bumps org.panteleyev.jpackageplugin from 1.7.3 to 1.7.5. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1036befaf1 |
build(deps): bump com.bucket4j:bucket4j_jdk17-core from 8.14.0 to 8.15.0 (#4279)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [com.bucket4j:bucket4j_jdk17-core](https://github.com/bucket4j/bucket4j) from 8.14.0 to 8.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bucket4j/bucket4j/releases">com.bucket4j:bucket4j_jdk17-core's releases</a>.</em></p> <blockquote> <h2>8.15.0</h2> <h2>What's Changed</h2> <ul> <li>Fix typo in previous-releases link by <a href="https://github.com/DominiQN"><code>@DominiQN</code></a> in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/533">bucket4j/bucket4j#533</a></li> <li>Fix typo in verbose-api docs by <a href="https://github.com/cmg1411"><code>@cmg1411</code></a> in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/540">bucket4j/bucket4j#540</a></li> <li>Fix comment in redisson.adoc by <a href="https://github.com/K-jun98"><code>@K-jun98</code></a> in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/541">bucket4j/bucket4j#541</a></li> <li>Add valid example using Redisson library by <a href="https://github.com/JoshWein"><code>@JoshWein</code></a> in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/542">bucket4j/bucket4j#542</a></li> <li>MongoDB backend by <a href="https://github.com/granikartem"><code>@granikartem</code></a> in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/549">bucket4j/bucket4j#549</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/DominiQN"><code>@DominiQN</code></a> made their first contribution in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/533">bucket4j/bucket4j#533</a></li> <li><a href="https://github.com/cmg1411"><code>@cmg1411</code></a> made their first contribution in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/540">bucket4j/bucket4j#540</a></li> <li><a href="https://github.com/K-jun98"><code>@K-jun98</code></a> made their first contribution in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/541">bucket4j/bucket4j#541</a></li> <li><a href="https://github.com/JoshWein"><code>@JoshWein</code></a> made their first contribution in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/542">bucket4j/bucket4j#542</a></li> <li><a href="https://github.com/granikartem"><code>@granikartem</code></a> made their first contribution in <a href="https://redirect.github.com/bucket4j/bucket4j/pull/549">bucket4j/bucket4j#549</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/bucket4j/bucket4j/compare/8.14.0...8.15.0">https://github.com/bucket4j/bucket4j/compare/8.14.0...8.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bucket4j/bucket4j/commit/1ecc3152b8c9383d12e37aae1e6a431dbac9baa1"><code>1ecc315</code></a> Documentation for release 8.15.0</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/0d257fd2f4f9ff871268feef50c7f40a7b8bb486"><code>0d257fd</code></a> Documentation for release 8.15.0</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/621f5d58043cad215fae598e432c45d6ebaa32e0"><code>621f5d5</code></a> Documentation for release 8.15.0</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/2930d8388b6168f8056ffa9e0ac6a72a8efa230d"><code>2930d83</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> documentations</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/9b7f66a80f69b48dd2b7cc79699d651eb5eaba20"><code>9b7f66a</code></a> Changes according to the OSSRH Sunset <a href="https://central.sonatype.org/pages/ossr">https://central.sonatype.org/pages/ossr</a>...</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/a9dae860eae3298cdd223cb06ede4669222463b5"><code>a9dae86</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> do not insist on specific the mongo-driver versions</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/4c4f1b9f7a0fd1987690ac728214bc06bc9332f1"><code>4c4f1b9</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> add project names</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/3e024b0fb0d5d7c0c9f7dbee948f64ac9bda69ed"><code>3e024b0</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> add license</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/70e9cf58f93d3641d91a4428bb5eb9c25c7a9d3b"><code>70e9cf5</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> fix modular-name</li> <li><a href="https://github.com/bucket4j/bucket4j/commit/1cbc7e1f3e70de94ec1ff4d6deea7d5b1bf15ea4"><code>1cbc7e1</code></a> <a href="https://redirect.github.com/bucket4j/bucket4j/issues/549">#549</a> fix maven configuration</li> <li>Additional commits viewable in <a href="https://github.com/bucket4j/bucket4j/compare/8.14.0...8.15.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8a4acd4c98 |
build(deps): bump org.sonarqube from 6.2.0.5505 to 6.3.1.5724 (#4352)
Bumps org.sonarqube from 6.2.0.5505 to 6.3.1.5724. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f93d8511e8 |
build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 (#4353)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.2 to 4.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>4.7.3</h2> <h2>What's Changed</h2> <ul> <li>Add explicit permissions to workflow files by <a href="https://github.com/AshelyTC"><code>@AshelyTC</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/966">actions/dependency-review-action#966</a></li> <li>Claire153/fix spamming mentioned issue by <a href="https://github.com/claire153"><code>@claire153</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/974">actions/dependency-review-action#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4...v4.7.3">https://github.com/actions/dependency-review-action/compare/v4...v4.7.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/595b5aeba73380359d98a5e087f648dbb0edce1b"><code>595b5ae</code></a> Update package version (<a href="https://redirect.github.com/actions/dependency-review-action/issues/975">#975</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fc5fd661aa443a25c657922b187812d85d3c6fa7"><code>fc5fd66</code></a> Claire153/fix spamming mentioned issue (<a href="https://redirect.github.com/actions/dependency-review-action/issues/974">#974</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d38d1a4f40f1e9fd802865455d695d0ae924edee"><code>d38d1a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/965">#965</a> from actions/dependabot/npm_and_yarn/multi-c22e25d29b</li> <li><a href="https://github.com/actions/dependency-review-action/commit/8d420b827cac87791e1303cb1b01d3447e0bb8df"><code>8d420b8</code></a> Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b</li> <li><a href="https://github.com/actions/dependency-review-action/commit/bde01290d367cf6ae7232580700fcca870e35a80"><code>bde0129</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/966">#966</a> from actions/ashelytc/add-permissions</li> <li><a href="https://github.com/actions/dependency-review-action/commit/ab524903e88a228b6df0ab1dc878a34aebc28b70"><code>ab52490</code></a> remove ruby</li> <li><a href="https://github.com/actions/dependency-review-action/commit/ef00a0afbb540db022eb79fc3aea57b5603d7a47"><code>ef00a0a</code></a> add permissions to workflows</li> <li><a href="https://github.com/actions/dependency-review-action/commit/74c8179d39388ccd6863b1a230d2cd3e1d0de71d"><code>74c8179</code></a> Bump brace-expansion</li> <li>See full diff in <a href="https://github.com/actions/dependency-review-action/compare/bc41886e18ea39df68b1b1245f4184881938e050...595b5aeba73380359d98a5e087f648dbb0edce1b">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
54c7b0e689 |
build(deps): bump actions/setup-java from 4.7.1 to 5.0.0 (#4269)
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.7.1 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-java/releases">actions/setup-java's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/888">actions/setup-java#888</a></li> </ul> <p>Make sure your runner is updated to this version or newer to use this release. v2.327.1 <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade Publish Immutable Action by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/798">actions/setup-java#798</a></li> <li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/730">actions/setup-java#730</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/833">actions/setup-java#833</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/887">actions/setup-java#887</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/896">actions/setup-java#896</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Prevent default installation of JetBrains pre-releases by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/859">actions/setup-java#859</a></li> <li>Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/848">actions/setup-java#848</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/848">actions/setup-java#848</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/888">actions/setup-java#888</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v4...v5.0.0">https://github.com/actions/setup-java/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-java/commit/dded0888837ed1f317902acf8a20df0ad188d165"><code>dded088</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-java/issues/896">#896</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/0913e9a06eb8b69c62db76aa61f580c2b3a5b4e0"><code>0913e9a</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/setup-java/issues/888">#888</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/e9343db97e09d87a3c50e544105d99fe912c204b"><code>e9343db</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-java/issues/887">#887</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/ae2b61dbc685e60e4427b2e8ed4f0135c6ea8597"><code>ae2b61d</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-java/issues/833">#833</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/c190c18febcf6c040d80b10ea201a05a2c320263"><code>c190c18</code></a> Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (<a href="https://redirect.github.com/actions/setup-java/issues/730">#730</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/67aec007b3fcabe15ca665bfccc1e255dd52e30d"><code>67aec00</code></a> Fix: prevent default installation of JetBrains pre-releases (<a href="https://redirect.github.com/actions/setup-java/issues/859">#859</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/ebb356cc4e59bcf94f518203228485f5d40e4b58"><code>ebb356c</code></a> Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failu...</li> <li><a href="https://github.com/actions/setup-java/commit/f4f1212c880fdec8162ea9a6493f4495191887b4"><code>f4f1212</code></a> Update publish-immutable-actions.yml (<a href="https://redirect.github.com/actions/setup-java/issues/798">#798</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-java/compare/c5195efecf7bdfc987ee8bae7a71cb8b11521c00...dded0888837ed1f317902acf8a20df0ad188d165">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
58ca41e5c5 |
build(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#4194)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/08eba0b27e820071cde6df949e0beb9ba4906955...08c6903cd8c0fde910a37f88322edcfb5dd907a8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7e276e8406 |
build(deps): bump github/codeql-action from 3.29.11 to 3.30.0 (#4355)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.11 to 3.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.0</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.0 - 01 Sep 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.0/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.30.0 - 01 Sep 2025</h2> <p>No user facing changes.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d"><code>2d92b76</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3067">#3067</a> from github/update-v3.30.0-92eada825</li> <li><a href="https://github.com/github/codeql-action/commit/390daafd7d971cca449e6aa45656ac85ca1d29fd"><code>390daaf</code></a> Update changelog for v3.30.0</li> <li><a href="https://github.com/github/codeql-action/commit/92eada825a77b70d62c71adc29a0a9fe75c21bf5"><code>92eada8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3033">#3033</a> from github/mbg/ci/rollback-release</li> <li><a href="https://github.com/github/codeql-action/commit/872a6a41e95ca66b6ce89dac89c1fbb97b171c89"><code>872a6a4</code></a> Add <code>pull-requests: write</code> permission</li> <li><a href="https://github.com/github/codeql-action/commit/9389ce0cc4cf11345ec3a2a7a61fc790feb44165"><code>9389ce0</code></a> Merge remote-tracking branch 'origin/main' into mbg/ci/rollback-release</li> <li><a href="https://github.com/github/codeql-action/commit/02ab253bd299d261d00cdf8a9bca38fea2697d50"><code>02ab253</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3054">#3054</a> from github/henrymercer/bundle</li> <li><a href="https://github.com/github/codeql-action/commit/b06d32585026d970f28d3f3604a67ddf4c314f9e"><code>b06d325</code></a> Add draft release URL to job summary</li> <li><a href="https://github.com/github/codeql-action/commit/43d629cdfd9a8e4ac201aeb0d9330b2eaf0f8699"><code>43d629c</code></a> Use <code>argparse</code> in <code>rollback_changelog.py</code></li> <li><a href="https://github.com/github/codeql-action/commit/8f01f5d4296c6c45c71748648c333daa34454bb2"><code>8f01f5d</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/github/codeql-action/commit/3e493e72f755ad15a0ff97b25da2e232b3cb4f3f"><code>3e493e7</code></a> Remove <code>removeNPMAbsolutePaths</code></li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
18e2078b8b |
build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.11 to 2.8.12 (#4356)
Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.11 to 2.8.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>springdoc-openapi v2.8.12 released!</h2> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.28.0</li> <li>Upgrade commons-lang3 to v3.18.0</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3073">#3073</a> - Duplicate key class Parameter when documenting two GET methods with same path and PathVariable.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3071">#3071</a> - <a href="https://github.com/io"><code>@io</code></a>.swagger.v3.oas.annotations.parameters.RequestBody does not work well with <a href="https://github.com/RequestPart"><code>@RequestPart</code></a></li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3066">#3066</a> - Parameter is now required after upgrading to springdoc-openapi 2.8.10</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.11...v2.8.12">https://github.com/springdoc/springdoc-openapi/compare/v2.8.11...v2.8.12</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.12] - 2025-09-01</h2> <h3>Changed</h3> <ul> <li>Upgrade swagger-ui to v5.28.0</li> <li>Upgrade commons-lang3 to v3.18.0</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3073">#3073</a> - Duplicate key class Parameter when documenting two GET methods with same path and PathVariable.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3071">#3071</a> - <a href="https://github.com/io"><code>@io</code></a>.swagger.v3.oas.annotations.parameters.RequestBody does not work well with <a href="https://github.com/RequestPart"><code>@RequestPart</code></a></li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3066">#3066</a> - Parameter is now required after upgrading to springdoc-openapi 2.8.10</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/493cc68492922bbbc3d123bace668d1402be93b5"><code>493cc68</code></a> [maven-release-plugin] prepare release v2.8.12</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/8ef9eb819961a2effaaaa4358e911b9317372033"><code>8ef9eb8</code></a> CHANGELOG.md update</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/bc4ba682eb106596580a5d994ecea95c0c605769"><code>bc4ba68</code></a> upgrade commons-lang3 to v3.18.0</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/8741823941a6ec61f65024c3acd7a03fb5d8cd0d"><code>8741823</code></a> upgrade swagger-ui to v5.28.0</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/8d85e0e445afc4109e32a697c025ae44ffded884"><code>8d85e0e</code></a> Duplicate key class Parameter when documenting two GET methods with same path...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/4d505d62ddb39496243db7c8fd94e513e1baa11e"><code>4d505d6</code></a> <a href="https://github.com/io"><code>@io</code></a>.swagger.v3.oas.annotations.parameters.RequestBody does not work well with...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/3190ae2c7fc8320ad9e708e655e53c0bd7cfc754"><code>3190ae2</code></a> Parameter is now required after upgrading to springdoc-openapi 2.8.10. Fixes ...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/74dcd4f8459e824c687ef450b8be7656c008cd20"><code>74dcd4f</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.11...v2.8.12">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d527db305 |
build(deps): bump jwtVersion from 0.12.7 to 0.13.0 (#4270)
Bumps `jwtVersion` from 0.12.7 to 0.13.0. Updates `io.jsonwebtoken:jjwt-api` from 0.12.7 to 0.13.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-api's releases</a>.</em></p> <blockquote> <h2>0.13.0</h2> <p><strong>This is the last minor JJWT release branch that will support Java 7</strong>.</p> <p>Any necessary emergency bug fixes will be fixed in subsequent <code>0.13.x</code> patch releases, but all new development, including <a href="https://github.com/jwtk/jjwt/issues?q=is%3Aissue%20label%3Ajdk8">Java 8 compatible changes</a>, will be in the next minor (<code>0.14.0</code>) release.</p> <p><strong>All future JJWT major and minor versions ( <code>0.14.0</code> and later) will require Java 8 or later.</strong></p> <h2>What's Changed</h2> <p>This release contains a single change:</p> <ul> <li>The previously private <code>JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap)</code> constructor is now <code>public</code> for those that want register a claims type converter on their own specified <code>ObjectMapper</code> instance. Thank you to <a href="https://github.com/kesrishubham2510"><code>@kesrishubham2510</code></a> for PR <a href="https://redirect.github.com/jwtk/jjwt/issues/972">#972</a>. See <a href="https://redirect.github.com/jwtk/jjwt/issues/914">Issue 914</a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0">https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-api's changelog</a>.</em></p> <blockquote> <h3>0.13.0</h3> <p>This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent <code>0.13.x</code> patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (<code>0.14.0</code>) release.</p> <p><strong>All future JJWT major and minor versions ( <code>0.14.0</code> and later) will require Java 8 or later.</strong></p> <p>This <code>0.13.0</code> minor release has only one change:</p> <ul> <li>The previously private <code>JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap)</code> constructor is now <code>public</code> for those that want register a claims type converter on their own specified <code>ObjectMapper</code> instance. See <a href="https://redirect.github.com/jwtk/jjwt/issues/914">Issue 914</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/a757addce04f6b6d8086beeee8dafcf670550a5b"><code>a757add</code></a> [maven-release-plugin] prepare release 0.13.0</li> <li><a href="https://github.com/jwtk/jjwt/commit/e357463c59cf62c1f70503ac0102d10efcdfc37d"><code>e357463</code></a> Preparing for the 0.13.0 release.</li> <li><a href="https://github.com/jwtk/jjwt/commit/b6f8cb82a9c2e9817d842bfe72d2c8fb03124342"><code>b6f8cb8</code></a> Made constructor public to allow users their own objectMapper instance (<a href="https://redirect.github.com/jwtk/jjwt/issues/972">#972</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/03f088a4eb774bae2403c428aa885a12d3afde14"><code>03f088a</code></a> Bumping development version to 0.13.0-SNAPSHOT (<a href="https://redirect.github.com/jwtk/jjwt/issues/1014">#1014</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/3f2697f854bedebe63e9eddb8c596f76086d11ca"><code>3f2697f</code></a> Release 0.12.7 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1012">#1012</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/a0a123e848fc25a7920bcbd84615f639c4cc098a"><code>a0a123e</code></a> PR <a href="https://redirect.github.com/jwtk/jjwt/issues/917">#917</a></li> <li>See full diff in <a href="https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-impl` from 0.12.7 to 0.13.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-impl's releases</a>.</em></p> <blockquote> <h2>0.13.0</h2> <p><strong>This is the last minor JJWT release branch that will support Java 7</strong>.</p> <p>Any necessary emergency bug fixes will be fixed in subsequent <code>0.13.x</code> patch releases, but all new development, including <a href="https://github.com/jwtk/jjwt/issues?q=is%3Aissue%20label%3Ajdk8">Java 8 compatible changes</a>, will be in the next minor (<code>0.14.0</code>) release.</p> <p><strong>All future JJWT major and minor versions ( <code>0.14.0</code> and later) will require Java 8 or later.</strong></p> <h2>What's Changed</h2> <p>This release contains a single change:</p> <ul> <li>The previously private <code>JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap)</code> constructor is now <code>public</code> for those that want register a claims type converter on their own specified <code>ObjectMapper</code> instance. Thank you to <a href="https://github.com/kesrishubham2510"><code>@kesrishubham2510</code></a> for PR <a href="https://redirect.github.com/jwtk/jjwt/issues/972">#972</a>. See <a href="https://redirect.github.com/jwtk/jjwt/issues/914">Issue 914</a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0">https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-impl's changelog</a>.</em></p> <blockquote> <h3>0.13.0</h3> <p>This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent <code>0.13.x</code> patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (<code>0.14.0</code>) release.</p> <p><strong>All future JJWT major and minor versions ( <code>0.14.0</code> and later) will require Java 8 or later.</strong></p> <p>This <code>0.13.0</code> minor release has only one change:</p> <ul> <li>The previously private <code>JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap)</code> constructor is now <code>public</code> for those that want register a claims type converter on their own specified <code>ObjectMapper</code> instance. See <a href="https://redirect.github.com/jwtk/jjwt/issues/914">Issue 914</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/a757addce04f6b6d8086beeee8dafcf670550a5b"><code>a757add</code></a> [maven-release-plugin] prepare release 0.13.0</li> <li><a href="https://github.com/jwtk/jjwt/commit/e357463c59cf62c1f70503ac0102d10efcdfc37d"><code>e357463</code></a> Preparing for the 0.13.0 release.</li> <li><a href="https://github.com/jwtk/jjwt/commit/b6f8cb82a9c2e9817d842bfe72d2c8fb03124342"><code>b6f8cb8</code></a> Made constructor public to allow users their own objectMapper instance (<a href="https://redirect.github.com/jwtk/jjwt/issues/972">#972</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/03f088a4eb774bae2403c428aa885a12d3afde14"><code>03f088a</code></a> Bumping development version to 0.13.0-SNAPSHOT (<a href="https://redirect.github.com/jwtk/jjwt/issues/1014">#1014</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/3f2697f854bedebe63e9eddb8c596f76086d11ca"><code>3f2697f</code></a> Release 0.12.7 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1012">#1012</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/a0a123e848fc25a7920bcbd84615f639c4cc098a"><code>a0a123e</code></a> PR <a href="https://redirect.github.com/jwtk/jjwt/issues/917">#917</a></li> <li>See full diff in <a href="https://github.com/jwtk/jjwt/compare/0.12.7...0.13.0">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-jackson` from 0.12.7 to 0.13.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dario Ghunney Ware <[email protected]> |
||
|
|
2baa258e11 |
build(deps): bump io.micrometer:micrometer-core from 1.15.2 to 1.15.3 (#4190)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.15.2 to 1.15.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.15.3</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Catch IllegalArgumentException in VirtualThreadMetrics <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6584">#6584</a></li> <li>Handle ArrayIndexOutOfBoundsException from DoubleHistogram in TimeWindowPercentileHistogram.accumulate() defensively <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6563">#6563</a></li> <li>Sync OutputCapture from Spring Boot <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6608">#6608</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump jersey3 from 3.1.10 to 3.1.11 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6607">#6607</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.8.16 to 1.8.17 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6600">#6600</a></li> <li>Bump io.netty:netty-bom from 4.1.122.Final to 4.1.123.Final <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6537">#6537</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/genuss"><code>@genuss</code></a> and <a href="https://github.com/izeye"><code>@izeye</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5b196107904eb875c0519e60dbba286439c2a343"><code>5b19610</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/942ac71ed57b27635cf045c605a181f75b1d04cd"><code>942ac71</code></a> Fix javadoc in StringEscapeUtils</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/240cdd34d1638b5ef677f92b679f74bef982940f"><code>240cdd3</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/7ef45eab42e8e6651330e50bb1cc5032936c7039"><code>7ef45ea</code></a> Resolve AlmostJavadoc from Error Prone (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6611">#6611</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/f08fd1c1c894ef518b28ee15fed5765ac8c8de30"><code>f08fd1c</code></a> Sync OutputCapture from Spring Boot (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6608">#6608</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8f9ec4ffb18801537d215f02b3c5930b4f46862b"><code>8f9ec4f</code></a> Bump jersey3 from 2.45 to 3.1.11 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6607">#6607</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/1c200619262652a1fd052148dd00cf1fd1fa9566"><code>1c20061</code></a> Bump jersey3 from 2.45 to 3.1.11 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6603">#6603</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/f88770cf1964fce12bebc2dc11815846bf78da1b"><code>f88770c</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/69251027097473444b969b16f13bdf16a41a01eb"><code>6925102</code></a> Polish (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6602">#6602</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8c5048973dabe8f734af067d48cc9998b887d9c2"><code>8c50489</code></a> Bump com.netflix.spectator:spectator-reg-atlas from 1.8.16 to 1.8.17 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6601">#6601</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.15.2...v1.15.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3f004dcad3 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.35 to 2.2.36 (#4226)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.35 to 2.2.36. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
73d419cb39 |
build(deps): bump springSecuritySamlVersion from 6.5.2 to 6.5.3 (#4227)
Bumps `springSecuritySamlVersion` from 6.5.2 to 6.5.3. Updates `org.springframework.security:spring-security-core` from 6.5.2 to 6.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-core's releases</a>.</em></p> <blockquote> <h2>6.5.3</h2> <h2>⭐ New Features</h2> <ul> <li>Add META-INF/LICENSE.txt to published jars <a href="https://redirect.github.com/spring-projects/spring-security/issues/17639">#17639</a></li> <li>Update Angular documentation links in csrf.adoc <a href="https://redirect.github.com/spring-projects/spring-security/issues/17653">#17653</a></li> <li>Update Shibboleth Repository URL <a href="https://redirect.github.com/spring-projects/spring-security/issues/17637">#17637</a></li> <li>Use 2004-present Copyright <a href="https://redirect.github.com/spring-projects/spring-security/issues/17634">#17634</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>Add Missing Navigation in Preparing for 7.0 Guide <a href="https://redirect.github.com/spring-projects/spring-security/issues/17731">#17731</a></li> <li>DPoP authentication throws JwtDecoderFactory ClassNotFoundException <a href="https://redirect.github.com/spring-projects/spring-security/issues/17249">#17249</a></li> <li>OpenSamlAssertingPartyDetails Should Be Serializable <a href="https://redirect.github.com/spring-projects/spring-security/issues/17727">#17727</a></li> <li>Use final values in equals and hashCode <a href="https://redirect.github.com/spring-projects/spring-security/pull/17621">#17621</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17739">#17739</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17690">#17690</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17684">#17684</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17661">#17661</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17615">#17615</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17599">#17599</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17737">#17737</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17701">#17701</a></li> <li>Bump io.mockk:mockk from 1.14.4 to 1.14.5 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17614">#17614</a></li> <li>Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17647">#17647</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17733">#17733</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17711">#17711</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17612">#17612</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17598">#17598</a></li> <li>Bump org-eclipse-jetty from 11.0.25 to 11.0.26 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17742">#17742</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17613">#17613</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17595">#17595</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17760">#17760</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17692">#17692</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17683">#17683</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17671">#17671</a></li> <li>Bump org.gretty:gretty from 4.1.6 to 4.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17616">#17616</a></li> <li>Bump org.gretty:gretty from 4.1.6 to 4.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17597">#17597</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17646">#17646</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17660">#17660</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17694">#17694</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17685">#17685</a></li> <li>Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17650">#17650</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17645">#17645</a></li> <li>Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17757">#17757</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17651">#17651</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17596">#17596</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17735">#17735</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/44037c0ea4103dc599a84c0772f65c3aa4b6225f"><code>44037c0</code></a> Release 6.5.3</li> <li><a href="https://github.com/spring-projects/spring-security/commit/9909dc615a59baead33ff050ff2825a73426268f"><code>9909dc6</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/525601ea6782a49ae3fa66b4af98a3006dfce519"><code>525601e</code></a> Fix version 6.4.9-SNAPSHOT</li> <li><a href="https://github.com/spring-projects/spring-security/commit/15a4d0d6279496c4f7f977cf1b1e616a1d6b31e2"><code>15a4d0d</code></a> Fix version=6.5.3-SNAPSHOT</li> <li><a href="https://github.com/spring-projects/spring-security/commit/80b1a308abb4e32213c3e8671d50cbfa153a0d0a"><code>80b1a30</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/644f7802d8bf21043286088a1c8cb28738fa3ebb"><code>644f780</code></a> Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14</li> <li><a href="https://github.com/spring-projects/spring-security/commit/a26d6fccb049576a2c438485aed535d60dcdcc0b"><code>a26d6fc</code></a> Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9</li> <li><a href="https://github.com/spring-projects/spring-security/commit/74735a1a80efb9b6e907e7fe4780d58ae72ee911"><code>74735a1</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/82a16d791776e7a8bb8e0efaaa3c5677aa6645c1"><code>82a16d7</code></a> Bump org.assertj:assertj-core from 3.27.3 to 3.27.4</li> <li><a href="https://github.com/spring-projects/spring-security/commit/c1869c1db9105b8feb82f2128077376a606ead01"><code>c1869c1</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/6.5.2...6.5.3">compare view</a></li> </ul> </details> <br /> Updates `org.springframework.security:spring-security-saml2-service-provider` from 6.5.2 to 6.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-saml2-service-provider's releases</a>.</em></p> <blockquote> <h2>6.5.3</h2> <h2>⭐ New Features</h2> <ul> <li>Add META-INF/LICENSE.txt to published jars <a href="https://redirect.github.com/spring-projects/spring-security/issues/17639">#17639</a></li> <li>Update Angular documentation links in csrf.adoc <a href="https://redirect.github.com/spring-projects/spring-security/issues/17653">#17653</a></li> <li>Update Shibboleth Repository URL <a href="https://redirect.github.com/spring-projects/spring-security/issues/17637">#17637</a></li> <li>Use 2004-present Copyright <a href="https://redirect.github.com/spring-projects/spring-security/issues/17634">#17634</a></li> </ul> <h2>🪲 Bug Fixes</h2> <ul> <li>Add Missing Navigation in Preparing for 7.0 Guide <a href="https://redirect.github.com/spring-projects/spring-security/issues/17731">#17731</a></li> <li>DPoP authentication throws JwtDecoderFactory ClassNotFoundException <a href="https://redirect.github.com/spring-projects/spring-security/issues/17249">#17249</a></li> <li>OpenSamlAssertingPartyDetails Should Be Serializable <a href="https://redirect.github.com/spring-projects/spring-security/issues/17727">#17727</a></li> <li>Use final values in equals and hashCode <a href="https://redirect.github.com/spring-projects/spring-security/pull/17621">#17621</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17739">#17739</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17690">#17690</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17684">#17684</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/17661">#17661</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17615">#17615</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17599">#17599</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17737">#17737</a></li> <li>Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17701">#17701</a></li> <li>Bump io.mockk:mockk from 1.14.4 to 1.14.5 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17614">#17614</a></li> <li>Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17647">#17647</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17733">#17733</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17711">#17711</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17612">#17612</a></li> <li>Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17598">#17598</a></li> <li>Bump org-eclipse-jetty from 11.0.25 to 11.0.26 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17742">#17742</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17613">#17613</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17595">#17595</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17760">#17760</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17692">#17692</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17683">#17683</a></li> <li>Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17671">#17671</a></li> <li>Bump org.gretty:gretty from 4.1.6 to 4.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17616">#17616</a></li> <li>Bump org.gretty:gretty from 4.1.6 to 4.1.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17597">#17597</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17646">#17646</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17660">#17660</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17694">#17694</a></li> <li>Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final <a href="https://redirect.github.com/spring-projects/spring-security/pull/17685">#17685</a></li> <li>Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17650">#17650</a></li> <li>Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17645">#17645</a></li> <li>Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17757">#17757</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17651">#17651</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17596">#17596</a></li> <li>Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 <a href="https://redirect.github.com/spring-projects/spring-security/pull/17735">#17735</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/44037c0ea4103dc599a84c0772f65c3aa4b6225f"><code>44037c0</code></a> Release 6.5.3</li> <li><a href="https://github.com/spring-projects/spring-security/commit/9909dc615a59baead33ff050ff2825a73426268f"><code>9909dc6</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/525601ea6782a49ae3fa66b4af98a3006dfce519"><code>525601e</code></a> Fix version 6.4.9-SNAPSHOT</li> <li><a href="https://github.com/spring-projects/spring-security/commit/15a4d0d6279496c4f7f977cf1b1e616a1d6b31e2"><code>15a4d0d</code></a> Fix version=6.5.3-SNAPSHOT</li> <li><a href="https://github.com/spring-projects/spring-security/commit/80b1a308abb4e32213c3e8671d50cbfa153a0d0a"><code>80b1a30</code></a> Merge branch '6.4.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/644f7802d8bf21043286088a1c8cb28738fa3ebb"><code>644f780</code></a> Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14</li> <li><a href="https://github.com/spring-projects/spring-security/commit/a26d6fccb049576a2c438485aed535d60dcdcc0b"><code>a26d6fc</code></a> Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9</li> <li><a href="https://github.com/spring-projects/spring-security/commit/74735a1a80efb9b6e907e7fe4780d58ae72ee911"><code>74735a1</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final</li> <li><a href="https://github.com/spring-projects/spring-security/commit/82a16d791776e7a8bb8e0efaaa3c5677aa6645c1"><code>82a16d7</code></a> Bump org.assertj:assertj-core from 3.27.3 to 3.27.4</li> <li><a href="https://github.com/spring-projects/spring-security/commit/c1869c1db9105b8feb82f2128077376a606ead01"><code>c1869c1</code></a> Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/6.5.2...6.5.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
44dbeebd40 |
build(deps): bump org.springframework.boot:spring-boot-dependencies from 3.5.4 to 3.5.5 (#4268)
Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.5.4 to 3.5.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v3.5.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46909">#46909</a></li> <li>Performance critical tracing code has high overhead due to the use of the Stream API <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46844">#46844</a></li> <li>SpringLiquibaseCustomizer is exposed outside its defined visibility scope <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46758">#46758</a></li> <li>Race condition in OutputCapture can result in stale data <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46721">#46721</a></li> <li>Auto-configured WebClient no longer uses context's ReactorResourceFactory <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46673">#46673</a></li> <li>Default value not detected for a field annoted with <code>@Name</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46666">#46666</a></li> <li>Missing metadata when using <code>@Name</code> with a constructor-bound property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46663">#46663</a></li> <li>Missing property for Spring Authorization Server's PAR endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46641">#46641</a></li> <li>Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46636">#46636</a></li> <li>Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46634">#46634</a></li> <li>Auto-configured MockMvc ignores <code>@FilterRegistration</code> annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46605">#46605</a></li> <li>Failure to discover default value for a primitive should not lead to document its default value <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46561">#46561</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Kotlin samples for configuration metadata are in the wrong package <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46857">#46857</a></li> <li>Observability examples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46798">#46798</a></li> <li>Align method descriptions for SslOptions getCiphers and getEnabledProtocols with <code>@returns</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46769">#46769</a></li> <li>Tracing samples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46767">#46767</a></li> <li>Improve Virtual Threads section to mention the changes in Java 24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46610">#46610</a></li> <li>spring.test.webtestclient.timeout is not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46588">#46588</a></li> <li>spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46585">#46585</a></li> <li>Adapt deprecation level for management.health.influxdb.enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46580">#46580</a></li> <li>spring.test.mockmvc properties are not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46578">#46578</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Angus Mail 2.0.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46725">#46725</a></li> <li>Upgrade to AssertJ 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46726">#46726</a></li> <li>Upgrade to Byte Buddy 1.17.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46883">#46883</a></li> <li>Upgrade to Couchbase Client 3.8.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46794">#46794</a></li> <li>Upgrade to Elasticsearch Client 8.18.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46830">#46830</a></li> <li>Upgrade to Hibernate 6.6.26.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46884">#46884</a></li> <li>Upgrade to Hibernate Validator 8.0.3.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46728">#46728</a></li> <li>Upgrade to HikariCP 6.3.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46729">#46729</a></li> <li>Upgrade to Jersey 3.1.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46730">#46730</a></li> <li>Upgrade to Jetty 12.0.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46831">#46831</a></li> <li>Upgrade to Jetty Reactive HTTPClient 4.0.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46885">#46885</a></li> <li>Upgrade to jOOQ 3.19.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46808">#46808</a></li> <li>Upgrade to MariaDB 3.5.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46779">#46779</a></li> <li>Upgrade to Maven Javadoc Plugin 3.11.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46886">#46886</a></li> <li>Upgrade to Micrometer 1.15.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46701">#46701</a></li> <li>Upgrade to Micrometer Tracing 1.5.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46702">#46702</a></li> <li>Upgrade to MySQL 9.4.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46732">#46732</a></li> <li>Upgrade to Netty 4.1.124.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46832">#46832</a></li> <li>Upgrade to Pulsar 4.0.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46733">#46733</a></li> <li>Upgrade to Reactor Bom 2024.0.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46703">#46703</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/3537d255b579018851951da08262cd0178e40c66"><code>3537d25</code></a> Release v3.5.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a22e28e9e00eca994b8e412a420110da5b58b64a"><code>a22e28e</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4cb8c8a1b9670497046655393ab2a0f535e8442d"><code>4cb8c8a</code></a> Next development version (v3.4.10-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9d205e21c4c007b317cc3c65bf8dcad543e61c81"><code>9d205e2</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/47b06322d3df72d886d838a090f506a6ba281892"><code>47b0632</code></a> Merge pull request <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46927">#46927</a> from izeye</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8b7145802503dc00720e24db67144e568648c96f"><code>8b71458</code></a> Adapt checkstyle rules for 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/fb99badf16072b3e49aca422abe8e5be184b1af8"><code>fb99bad</code></a> Remove redundant suppressions from Checkstyle configuration</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8af836a428e65b8032483d5d8159099684054cd0"><code>8af836a</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ae6c6a5ed4652134c8f35fb8ca9a3d0149a207c2"><code>ae6c6a5</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b6bae9f59b38a2dc8234d2766b062a5986410a37"><code>b6bae9f</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.4...v3.5.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0d63bc4a41 |
build(deps): bump github/codeql-action from 3.29.10 to 3.29.11 (#4271)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.10 to 3.29.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.11</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.11/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/3c3833e0f8c1c83d449a7478aa59c036a9165498"><code>3c3833e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3052">#3052</a> from github/update-v3.29.11-14148a433</li> <li><a href="https://github.com/github/codeql-action/commit/8c4bfbd99ba6ef652eca12461ad7618142e00679"><code>8c4bfbd</code></a> Update changelog for v3.29.11</li> <li><a href="https://github.com/github/codeql-action/commit/14148a433d789d9b6c7dadb56d8e3f8ad1e59605"><code>14148a4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3044">#3044</a> from github/update-bundle/codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/71b2cb38a1e682cb9b2453a5f1400eef870a37df"><code>71b2cb3</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/2bf78254cceec27aab20b1623ba68c63c6eb85c6"><code>2bf7825</code></a> Update default bundle to codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/db69a5182d331d562e511302ae3c9aafd5fada6c"><code>db69a51</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3049">#3049</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/a68d47bfa574c69f3de7d6484cf28a9c55ff7287"><code>a68d47b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3050">#3050</a> from github/henrymercer/init-not-called-config-error</li> <li><a href="https://github.com/github/codeql-action/commit/e496ff959372e828f30b1518fd22cb76170cf5db"><code>e496ff9</code></a> Make "init not called" a configuration error</li> <li><a href="https://github.com/github/codeql-action/commit/fd2ea72d34cdf8157d85d93decf87671705166a3"><code>fd2ea72</code></a> Update supported GitHub Enterprise Server versions</li> <li><a href="https://github.com/github/codeql-action/commit/6dee5bc9c165ca206a70f4e3d18271971cf6ff26"><code>6dee5bc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3045">#3045</a> from github/dependabot/npm_and_yarn/npm-5b4171dd16</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/96f518a34f7a870018057716cc4d7a5c014bd61c...3c3833e0f8c1c83d449a7478aa59c036a9165498">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ae53492751 |
build(deps): bump org.springframework.boot from 3.5.4 to 3.5.5 (#4272)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.4 to 3.5.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v3.5.5</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46909">#46909</a></li> <li>Performance critical tracing code has high overhead due to the use of the Stream API <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46844">#46844</a></li> <li>SpringLiquibaseCustomizer is exposed outside its defined visibility scope <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46758">#46758</a></li> <li>Race condition in OutputCapture can result in stale data <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46721">#46721</a></li> <li>Auto-configured WebClient no longer uses context's ReactorResourceFactory <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46673">#46673</a></li> <li>Default value not detected for a field annoted with <code>@Name</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46666">#46666</a></li> <li>Missing metadata when using <code>@Name</code> with a constructor-bound property <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46663">#46663</a></li> <li>Missing property for Spring Authorization Server's PAR endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46641">#46641</a></li> <li>Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46636">#46636</a></li> <li>Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46634">#46634</a></li> <li>Auto-configured MockMvc ignores <code>@FilterRegistration</code> annotation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/46605">#46605</a></li> <li>Failure to discover default value for a primitive should not lead to document its default value <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46561">#46561</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Kotlin samples for configuration metadata are in the wrong package <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46857">#46857</a></li> <li>Observability examples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46798">#46798</a></li> <li>Align method descriptions for SslOptions getCiphers and getEnabledProtocols with <code>@returns</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46769">#46769</a></li> <li>Tracing samples in the reference guide are missing the Kotlin version <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46767">#46767</a></li> <li>Improve Virtual Threads section to mention the changes in Java 24 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46610">#46610</a></li> <li>spring.test.webtestclient.timeout is not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46588">#46588</a></li> <li>spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46585">#46585</a></li> <li>Adapt deprecation level for management.health.influxdb.enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46580">#46580</a></li> <li>spring.test.mockmvc properties are not documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46578">#46578</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Angus Mail 2.0.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46725">#46725</a></li> <li>Upgrade to AssertJ 3.27.4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46726">#46726</a></li> <li>Upgrade to Byte Buddy 1.17.7 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46883">#46883</a></li> <li>Upgrade to Couchbase Client 3.8.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46794">#46794</a></li> <li>Upgrade to Elasticsearch Client 8.18.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46830">#46830</a></li> <li>Upgrade to Hibernate 6.6.26.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46884">#46884</a></li> <li>Upgrade to Hibernate Validator 8.0.3.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46728">#46728</a></li> <li>Upgrade to HikariCP 6.3.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46729">#46729</a></li> <li>Upgrade to Jersey 3.1.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46730">#46730</a></li> <li>Upgrade to Jetty 12.0.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46831">#46831</a></li> <li>Upgrade to Jetty Reactive HTTPClient 4.0.11 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46885">#46885</a></li> <li>Upgrade to jOOQ 3.19.25 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46808">#46808</a></li> <li>Upgrade to MariaDB 3.5.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46779">#46779</a></li> <li>Upgrade to Maven Javadoc Plugin 3.11.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46886">#46886</a></li> <li>Upgrade to Micrometer 1.15.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46701">#46701</a></li> <li>Upgrade to Micrometer Tracing 1.5.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46702">#46702</a></li> <li>Upgrade to MySQL 9.4.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46732">#46732</a></li> <li>Upgrade to Netty 4.1.124.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46832">#46832</a></li> <li>Upgrade to Pulsar 4.0.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46733">#46733</a></li> <li>Upgrade to Reactor Bom 2024.0.9 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46703">#46703</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/3537d255b579018851951da08262cd0178e40c66"><code>3537d25</code></a> Release v3.5.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a22e28e9e00eca994b8e412a420110da5b58b64a"><code>a22e28e</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4cb8c8a1b9670497046655393ab2a0f535e8442d"><code>4cb8c8a</code></a> Next development version (v3.4.10-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9d205e21c4c007b317cc3c65bf8dcad543e61c81"><code>9d205e2</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/47b06322d3df72d886d838a090f506a6ba281892"><code>47b0632</code></a> Merge pull request <a href="https://redirect.github.com/spring-projects/spring-boot/issues/46927">#46927</a> from izeye</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8b7145802503dc00720e24db67144e568648c96f"><code>8b71458</code></a> Adapt checkstyle rules for 3.4.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/fb99badf16072b3e49aca422abe8e5be184b1af8"><code>fb99bad</code></a> Remove redundant suppressions from Checkstyle configuration</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/8af836a428e65b8032483d5d8159099684054cd0"><code>8af836a</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ae6c6a5ed4652134c8f35fb8ca9a3d0149a207c2"><code>ae6c6a5</code></a> Merge branch '3.4.x' into 3.5.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/b6bae9f59b38a2dc8234d2766b062a5986410a37"><code>b6bae9f</code></a> Upgrade to Spring RESTDocs 3.0.5</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.4...v3.5.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d89917e88 |
build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.9 to 2.8.11 (#4273)
Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.8.9 to 2.8.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/releases">org.springdoc:springdoc-openapi-starter-webmvc-ui's releases</a>.</em></p> <blockquote> <h2>springdoc-openapi v2.8.11 released!</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3065">#3065</a> - javadoc and overall performance optimization</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.5</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3064">#3064</a> -ClassNotFoundException: kotlin.reflect.full.KClasses</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/rayuuuu"><code>@rayuuuu</code></a> made their first contribution in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3065">springdoc/springdoc-openapi#3065</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.10...v2.8.11">https://github.com/springdoc/springdoc-openapi/compare/v2.8.10...v2.8.11</a></p> <h2>springdoc-openapi v2.8.10 released!</h2> <h2>What's Changed</h2> <ul> <li>Fix unexpected merging of media types by <a href="https://github.com/Mattias-Sehlstedt"><code>@Mattias-Sehlstedt</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3026">springdoc/springdoc-openapi#3026</a></li> <li>Fixed "desciption" typo by <a href="https://github.com/lc-nyovchev"><code>@lc-nyovchev</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3036">springdoc/springdoc-openapi#3036</a></li> <li>Fix: Property resolution for extensions within <code>@OpenAPIDefinition</code> Info object by <a href="https://github.com/limehee"><code>@limehee</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3039">springdoc/springdoc-openapi#3039</a></li> <li>Support externalDocs configure on SpecPropertiesCustomizer by <a href="https://github.com/huisam"><code>@huisam</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3042">springdoc/springdoc-openapi#3042</a></li> <li>Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest by <a href="https://github.com/thijsnissen"><code>@thijsnissen</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3060">springdoc/springdoc-openapi#3060</a></li> <li>Fixes so that a RequestPart with a Map is added to the RequestBody by <a href="https://github.com/Mattias-Sehlstedt"><code>@Mattias-Sehlstedt</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3051">springdoc/springdoc-openapi#3051</a></li> <li>Refactor webhook discovery and scanning mechanism by <a href="https://github.com/zdary"><code>@zdary</code></a> in <a href="https://redirect.github.com/springdoc/springdoc-openapi/pull/3057">springdoc/springdoc-openapi#3057</a></li> </ul> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3046">#3046</a> - Feature Request: Support <a href="https://github.com/jakarta"><code>@jakarta</code></a>.annotation.Nonnull.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3042">#3042</a> - Support externalDocs configure on SpecPropertiesCustomizer</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3057">#3057</a> - Refactor webhook discovery and scanning mechanism</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.4</li> <li>Upgrade swagger-ui to v5.27.1</li> <li>Upgrade swagger-core to 2.2.36</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3050">#3050</a> - <a href="https://github.com/RequestPart"><code>@RequestPart</code></a> JSON parameters missing Content-Type in generated curl commands, causing 415 errors.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2978">#2978</a> - Parameter is no longer optional after upgrade to 2.8.8</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3022">#3022</a> - NullPointerException thrown in SchemaUtils.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3026">#3026</a> - Fix unexpected merging of media types</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3036">#3036</a> - Fixed "desciption"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3039">#3039</a> - Fix: Property resolution for extensions within <a href="https://github.com/OpenAPIDefinition"><code>@OpenAPIDefinition</code></a> Info object</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3051">#3051</a> - Fixes so that a RequestPart with a Map is added to the RequestBody</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3060">#3060</a> - Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md">org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog</a>.</em></p> <blockquote> <h2>[2.8.11] - 2025-08-23</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3065">#3065</a> - javadoc and overall performance optimization</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.5</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3064">#3064</a> -ClassNotFoundException: kotlin.reflect.full.KClasses</li> </ul> <h2>[2.8.10] - 2025-08-20</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3046">#3046</a> - Feature Request: Support <a href="https://github.com/jakarta"><code>@jakarta</code></a>.annotation.Nonnull.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3042">#3042</a> - Support externalDocs configure on SpecPropertiesCustomizer</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3057">#3057</a> - Refactor webhook discovery and scanning mechanism</li> </ul> <h3>Changed</h3> <ul> <li>Upgrade spring-boot to v3.5.4</li> <li>Upgrade swagger-ui to v5.27.1</li> <li>Upgrade swagger-core to 2.2.36</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3050">#3050</a> - <a href="https://github.com/RequestPart"><code>@RequestPart</code></a> JSON parameters missing Content-Type in generated curl commands, causing 415 errors.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/2978">#2978</a> - Parameter is no longer optional after upgrade to 2.8.8</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3022">#3022</a> - NullPointerException thrown in SchemaUtils.</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3026">#3026</a> - Fix unexpected merging of media types</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3036">#3036</a> - Fixed "desciption"</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3039">#3039</a> - Fix: Property resolution for extensions within <a href="https://github.com/OpenAPIDefinition"><code>@OpenAPIDefinition</code></a> Info object</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3051">#3051</a> - Fixes so that a RequestPart with a Map is added to the RequestBody</li> <li><a href="https://redirect.github.com/springdoc/springdoc-openapi/issues/3060">#3060</a> - Use adaptFromForwardedHeaders instead of deprecated fromHttpRequest</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/1cf8e58c4dd635520e377bea82be8821df8013ac"><code>1cf8e58</code></a> [maven-release-plugin] prepare release v2.8.11</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/9d811218ebce2c772a1964634485c579ab9f3622"><code>9d81121</code></a> CHANGELOG.md update</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/00d8525df43e5ecddcc81214aa013b42c62b8480"><code>00d8525</code></a> performance tunning</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/fba01145d3fdb6d0a9d5105d3bdaf743fdea146d"><code>fba0114</code></a> upgrade to spring-boot 3.5.5</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/957b4a91644f4148ed17a276780b3f5d3376d287"><code>957b4a9</code></a> Merge branch 'rayuuuu-main'</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/5823621fe367c7531d565401b609a2202dd2aeb4"><code>5823621</code></a> Merge branch 'main' of <a href="https://github.com/rayuuuu/springdoc-openapi">https://github.com/rayuuuu/springdoc-openapi</a> into rayu...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/133b4c335849473135d43fa9c922a5439e6bcd36"><code>133b4c3</code></a> java.lang.ClassNotFoundException: kotlin.reflect.full.KClasses when upgrade f...</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/7be993e5b8c2f3c988c4cdec621ad7123f60aaf1"><code>7be993e</code></a> feat: javadoc performance optimization</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/e1b9f7114a0660c7f9af6bd16bbe55efbe846194"><code>e1b9f71</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/springdoc/springdoc-openapi/commit/2a59f95ff06b90023424e1021f6c8f09c87b21f5"><code>2a59f95</code></a> [maven-release-plugin] prepare release v2.8.10</li> <li>Additional commits viewable in <a href="https://github.com/springdoc/springdoc-openapi/compare/v2.8.9...v2.8.11">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
246a59a794 |
build(deps): bump github/codeql-action from 3.29.8 to 3.29.10 (#4231)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.8 to 3.29.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/96f518a34f7a870018057716cc4d7a5c014bd61c"><code>96f518a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3042">#3042</a> from github/update-v3.29.10-6ec994ecb</li> <li><a href="https://github.com/github/codeql-action/commit/57a1c6b3e7be038f5eeeeb5323255e363f4b0100"><code>57a1c6b</code></a> Update changelog for v3.29.10</li> <li><a href="https://github.com/github/codeql-action/commit/6ec994ecba29cf3cf0724e281b919d68714895ce"><code>6ec994e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3039">#3039</a> from github/mbg/remove-cpp-bmn-check</li> <li><a href="https://github.com/github/codeql-action/commit/3f00c7c1e1cf5d62a6dcd81509929718baa53e5f"><code>3f00c7c</code></a> Remove unused C++ BMN FF</li> <li><a href="https://github.com/github/codeql-action/commit/141ee4abd8937999bf5108d222dd9f553490f3a8"><code>141ee4a</code></a> Remove C++ BMN FF check that is no longer used</li> <li><a href="https://github.com/github/codeql-action/commit/233052189b8c862bfaf875fb02c115f54d2b9286"><code>2330521</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3037">#3037</a> from github/henrymercer/failed-upload-logs</li> <li><a href="https://github.com/github/codeql-action/commit/3966569d06c954a63fdb79944f148b2f8b4ceed8"><code>3966569</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3035">#3035</a> from github/henrymercer/fix-cleanup-info</li> <li><a href="https://github.com/github/codeql-action/commit/f7bd70c7faab9b863a52c058f145ec121b391925"><code>f7bd70c</code></a> Merge branch 'main' into henrymercer/failed-upload-logs</li> <li><a href="https://github.com/github/codeql-action/commit/75151c27826716b79222a4d1ddac714dc37eff65"><code>75151c2</code></a> Merge branch 'main' into henrymercer/fix-cleanup-info</li> <li><a href="https://github.com/github/codeql-action/commit/4ff91f10807d53419e564e2484e7045e207584b9"><code>4ff91f1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3036">#3036</a> from github/mbg/ci/gradle9</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...96f518a34f7a870018057716cc4d7a5c014bd61c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
12d4e26aa3 |
build(deps): bump jwtVersion from 0.12.6 to 0.12.7 (#4229)
Bumps `jwtVersion` from 0.12.6 to 0.12.7. Updates `io.jsonwebtoken:jjwt-api` from 0.12.6 to 0.12.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-api's releases</a>.</em></p> <blockquote> <h2>0.12.7</h2> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM! This is useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sigpwned"><code>@sigpwned</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/968">jwtk/jjwt#968</a></li> <li><a href="https://github.com/TheMrMilchmann"><code>@TheMrMilchmann</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/979">jwtk/jjwt#979</a></li> <li><a href="https://github.com/atanasg"><code>@atanasg</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/974">jwtk/jjwt#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-api's changelog</a>.</em></p> <blockquote> <h3>0.12.7</h3> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM, useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/77aeda012c4e31b86fb66acf43a67775c6fa3142"><code>77aeda0</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/47d966f8e93734cf35fc19f5c1a9e5cc4abe624b"><code>47d966f</code></a> Testing latest sonatype central publishing guidelines</li> <li><a href="https://github.com/jwtk/jjwt/commit/22ca29fe8849b11d2793bfcf2825ef692f2c19b2"><code>22ca29f</code></a> [maven-release-plugin] rollback the release of 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0487f9b49f10f37b7ad5b4e664f3e9b9a25e4a1c"><code>0487f9b</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/jwtk/jjwt/commit/4329125bac91880cb852983b1475465c30a1d819"><code>4329125</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0ddc51421240a9832f38c9afd966429c6d1aeb19"><code>0ddc514</code></a> - Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/efed1cf56f9b9715e60eaac7fda6b2c4b62410b9"><code>efed1cf</code></a> Updated 0.12.7 change list</li> <li><a href="https://github.com/jwtk/jjwt/commit/ca27b122b7f44f3bdd4cd4f636d084f38cc3b3c8"><code>ca27b12</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/1010">#1010</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1011">#1011</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/55c7b9adef88328f59534f232060830c34f25478"><code>55c7b9a</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/771">#771</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1009">#1009</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6e9c6a5a825c5ec38f90006f48cc1f8640a6d82e"><code>6e9c6a5</code></a> Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1008">#1008</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-impl` from 0.12.6 to 0.12.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/releases">io.jsonwebtoken:jjwt-impl's releases</a>.</em></p> <blockquote> <h2>0.12.7</h2> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM! This is useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sigpwned"><code>@sigpwned</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/968">jwtk/jjwt#968</a></li> <li><a href="https://github.com/TheMrMilchmann"><code>@TheMrMilchmann</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/979">jwtk/jjwt#979</a></li> <li><a href="https://github.com/atanasg"><code>@atanasg</code></a> made their first contribution in <a href="https://redirect.github.com/jwtk/jjwt/pull/974">jwtk/jjwt#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md">io.jsonwebtoken:jjwt-impl's changelog</a>.</em></p> <blockquote> <h3>0.12.7</h3> <p>This patch release:</p> <ul> <li> <p>Adds a new Maven BOM, useful for multi-module projects. See <a href="https://redirect.github.com/jwtk/jjwt/issues/967">Issue 967</a>.</p> </li> <li> <p>Allows the <code>JwtParserBuilder</code> to have empty nested algorithm collections, effectively disabling the parser's associated feature:</p> <ul> <li>Emptying the <code>zip()</code> nested collection disables JWT decompression.</li> <li>Emptying the <code>sig()</code> nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).</li> <li>Emptying either the <code>enc()</code> or <code>key()</code> nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)</li> </ul> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/996">Issue 996</a>.</p> </li> <li> <p>Fixes <a href="https://redirect.github.com/jwtk/jjwt/issues/961">bug 961</a> where <code>JwtParserBuilder</code> nested collection builders were not correctly replacing algorithms with the same id.</p> </li> <li> <p>Ensures a <code>JwkSet</code>'s <code>keys</code> collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the <code>keys</code> collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See <a href="https://redirect.github.com/jwtk/jjwt/issues/976">Issue 976</a>.</p> </li> <li> <p>Improves performance slightly by ensuring all <code>jjwt-api</code> utility methods that create <code>*Builder</code> instances (<code>Jwts.builder()</code>, <code>Jwts.parserBuilder()</code>, <code>Jwks.builder()</code>, etc) no longer use reflection.</p> <p>Instead,<code>static</code> factories are created via reflection only once during initial <code>jjwt-api</code> classloading, and then <code>*Builder</code>s are created via standard instantiation using the <code>new</code> operator thereafter. This also benefits certain environments that may not have ideal <code>ClassLoader</code> implementations (e.g. Tomcat in some cases).</p> <p><strong>NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names</strong>.</p> <p>See <a href="https://redirect.github.com/jwtk/jjwt/issues/988">Issue 988</a>.</p> </li> <li> <p>Upgrades the Gson dependency to <code>2.11.0</code></p> </li> <li> <p>Upgrades the BouncyCastle dependency to <code>1.78.1</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwtk/jjwt/commit/77aeda012c4e31b86fb66acf43a67775c6fa3142"><code>77aeda0</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/47d966f8e93734cf35fc19f5c1a9e5cc4abe624b"><code>47d966f</code></a> Testing latest sonatype central publishing guidelines</li> <li><a href="https://github.com/jwtk/jjwt/commit/22ca29fe8849b11d2793bfcf2825ef692f2c19b2"><code>22ca29f</code></a> [maven-release-plugin] rollback the release of 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0487f9b49f10f37b7ad5b4e664f3e9b9a25e4a1c"><code>0487f9b</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/jwtk/jjwt/commit/4329125bac91880cb852983b1475465c30a1d819"><code>4329125</code></a> [maven-release-plugin] prepare release 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/0ddc51421240a9832f38c9afd966429c6d1aeb19"><code>0ddc514</code></a> - Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7</li> <li><a href="https://github.com/jwtk/jjwt/commit/efed1cf56f9b9715e60eaac7fda6b2c4b62410b9"><code>efed1cf</code></a> Updated 0.12.7 change list</li> <li><a href="https://github.com/jwtk/jjwt/commit/ca27b122b7f44f3bdd4cd4f636d084f38cc3b3c8"><code>ca27b12</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/1010">#1010</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1011">#1011</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/55c7b9adef88328f59534f232060830c34f25478"><code>55c7b9a</code></a> Resolves <a href="https://redirect.github.com/jwtk/jjwt/issues/771">#771</a> (<a href="https://redirect.github.com/jwtk/jjwt/issues/1009">#1009</a>)</li> <li><a href="https://github.com/jwtk/jjwt/commit/6e9c6a5a825c5ec38f90006f48cc1f8640a6d82e"><code>6e9c6a5</code></a> Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (<a href="https://redirect.github.com/jwtk/jjwt/issues/1008">#1008</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7">compare view</a></li> </ul> </details> <br /> Updates `io.jsonwebtoken:jjwt-jackson` from 0.12.6 to 0.12.7 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fbee4b99e4 |
build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 (#4230)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.1 to 4.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>4.7.2</h2> <h2>What's Changed</h2> <ul> <li>Add Missing Languages to CodeQL Advanced Configuration by <a href="https://github.com/KyFaSt"><code>@KyFaSt</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/945">actions/dependency-review-action#945</a></li> <li>Deprecate deny lists by <a href="https://github.com/claire153"><code>@claire153</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/958">actions/dependency-review-action#958</a></li> <li>Address discrepancy between docs and reality by <a href="https://github.com/ahpook"><code>@ahpook</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/960">actions/dependency-review-action#960</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/KyFaSt"><code>@KyFaSt</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/945">actions/dependency-review-action#945</a></li> <li><a href="https://github.com/claire153"><code>@claire153</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/958">actions/dependency-review-action#958</a></li> <li><a href="https://github.com/ahpook"><code>@ahpook</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/960">actions/dependency-review-action#960</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4...v4.7.2">https://github.com/actions/dependency-review-action/compare/v4...v4.7.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/bc41886e18ea39df68b1b1245f4184881938e050"><code>bc41886</code></a> Cut 4.7.2 version release (<a href="https://redirect.github.com/actions/dependency-review-action/issues/964">#964</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/1c73553e364351d71bdd9718e92c824e1d39aaf1"><code>1c73553</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/960">#960</a> from ahpook/ahpook/address-docs-dashes</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fac3d41a588e61d27618248093f9c9137e20527c"><code>fac3d41</code></a> Bump the minor-updates group across 1 directory with 5 updates (<a href="https://redirect.github.com/actions/dependency-review-action/issues/956">#956</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d8073c4b76cb44bb87b02d4facf11c298317533b"><code>d8073c4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/958">#958</a> from actions/claire153/deprecate-deny-lists</li> <li><a href="https://github.com/actions/dependency-review-action/commit/77184c6339b69987ba61f2fd650e0facc7bd2637"><code>77184c6</code></a> Fix tests</li> <li><a href="https://github.com/actions/dependency-review-action/commit/5558c35bb3e79ef0a0f2d9896a56060e24df9bea"><code>5558c35</code></a> Address discrepancy between docs and reality</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e85d57a50e73c596b97dac69d8b3ed1a110c8bbf"><code>e85d57a</code></a> Remove test code</li> <li><a href="https://github.com/actions/dependency-review-action/commit/3eb62794c5d48f3f51627b823b3efad8c224aafb"><code>3eb6279</code></a> Re-add test package. Only show warning in summary if option is used. Update c...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/7cf33ac2f2d46e957b8c2df562c806d68486ab80"><code>7cf33ac</code></a> Remove test deny list</li> <li><a href="https://github.com/actions/dependency-review-action/commit/493bee056051bfd97929ad42f88aa2422bd19196"><code>493bee0</code></a> Remove test package</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/da24556b548a50705dd671f47852072ea4c105d9...bc41886e18ea39df68b1b1245f4184881938e050">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0afbd148cd |
build(deps): bump edu.sc.seis.launch4j from 3.0.7 to 4.0.0 (#4182)
Bumps edu.sc.seis.launch4j from 3.0.7 to 4.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
91b2f5da53 |
build(deps): bump actions/ai-inference from 1.2.7 to 1.2.8 (#4181)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.7 to 1.2.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v1.2.8</h2> <h2>What's Changed</h2> <ul> <li>Ensure MCP loops output the right response format by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/89">actions/ai-inference#89</a></li> <li>Force exit once inference finishes by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/88">actions/ai-inference#88</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1...v1.2.8">https://github.com/actions/ai-inference/compare/v1...v1.2.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/b81b2afb8390ee6839b494a404766bef6493c7d9"><code>b81b2af</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/88">#88</a> from actions/sgoedecke/force-exit-once-inference-finishes</li> <li><a href="https://github.com/actions/ai-inference/commit/9133f813307a2b02458ed619b7c644316a378541"><code>9133f81</code></a> package</li> <li><a href="https://github.com/actions/ai-inference/commit/7923b92ef8460464ee4eb8f8975a727234fd5509"><code>7923b92</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/89">#89</a> from actions/sgoedecke/ensure-mcp-loops-output-desired...</li> <li><a href="https://github.com/actions/ai-inference/commit/e44da102bfb48b5f86362e4cc7a3550e4c4e2f20"><code>e44da10</code></a> fixup format parsing</li> <li><a href="https://github.com/actions/ai-inference/commit/866ae2b5d7332a2710e5fa066d267fbff1850d38"><code>866ae2b</code></a> Ensure MCP loops output the right response format</li> <li><a href="https://github.com/actions/ai-inference/commit/4685e0dcd41bc58f268df3c4bf86f5dfeca31fc7"><code>4685e0d</code></a> Force exit once inference finishes in case we are holding any connections open</li> <li>See full diff in <a href="https://github.com/actions/ai-inference/compare/0cbed4a10641c75090de5968e66d70eb4660f751...b81b2afb8390ee6839b494a404766bef6493c7d9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1dd5e9c649 |
build(deps): bump actions/checkout from 4.2.2 to 4.3.0 (#4180)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <ul> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955"><code>08eba0b</code></a> Prepare release v4.3.0 (<a href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li> <li><a href="https://github.com/actions/checkout/commit/631c7dc4f80f88219c5ee78fee08c6b62fac8da1"><code>631c7dc</code></a> Update package dependencies (<a href="https://redirect.github.com/actions/checkout/issues/2236">#2236</a>)</li> <li><a href="https://github.com/actions/checkout/commit/8edcb1bdb4e267140fa742c62e395cd74f332709"><code>8edcb1b</code></a> Update CODEOWNERS for actions (<a href="https://redirect.github.com/actions/checkout/issues/2224">#2224</a>)</li> <li><a href="https://github.com/actions/checkout/commit/09d2acae674a48949e3602304ab46fd20ae0c42f"><code>09d2aca</code></a> Update README.md (<a href="https://redirect.github.com/actions/checkout/issues/2194">#2194</a>)</li> <li><a href="https://github.com/actions/checkout/commit/85e6279cec87321a52edac9c87bce653a07cf6c2"><code>85e6279</code></a> Adjust positioning of user email note and permissions heading (<a href="https://redirect.github.com/actions/checkout/issues/2044">#2044</a>)</li> <li><a href="https://github.com/actions/checkout/commit/009b9ae9e446ad8d9b8c809870b0fbcc5e03573e"><code>009b9ae</code></a> Documentation update - add recommended permissions to Readme (<a href="https://redirect.github.com/actions/checkout/issues/2043">#2043</a>)</li> <li><a href="https://github.com/actions/checkout/commit/cbb722410c2e876e24abbe8de2cc27693e501dcb"><code>cbb7224</code></a> Update README.md (<a href="https://redirect.github.com/actions/checkout/issues/1977">#1977</a>)</li> <li><a href="https://github.com/actions/checkout/commit/3b9b8c884f6b4bb4d5be2779c26374abadae0871"><code>3b9b8c8</code></a> docs: update README.md (<a href="https://redirect.github.com/actions/checkout/issues/1971">#1971</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08eba0b27e820071cde6df949e0beb9ba4906955">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2c293d2231 |
build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 (#4179)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li> <li>BREAKING fix: inconsistent path behavior for single artifact downloads by ID by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li> </ul> <h2>v5.0.0</h2> <h3>🚨 Breaking Change</h3> <p>This release fixes an inconsistency in path behavior for single artifact downloads by ID. <strong>If you're downloading single artifacts by ID, the output path may change.</strong></p> <h4>What Changed</h4> <p>Previously, <strong>single artifact downloads</strong> behaved differently depending on how you specified the artifact:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (direct)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/my-artifact/</code> (nested)</li> </ul> <p>Now both methods are consistent:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (unchanged)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/</code> (fixed - now direct)</li> </ul> <h4>Migration Guide</h4> <h5>✅ No Action Needed If:</h5> <ul> <li>You download artifacts by <strong>name</strong></li> <li>You download <strong>multiple</strong> artifacts by ID</li> <li>You already use <code>merge-multiple: true</code> as a workaround</li> </ul> <h5>⚠️ Action Required If:</h5> <p>You download <strong>single artifacts by ID</strong> and your workflows expect the nested directory structure.</p> <p><strong>Before v5 (nested structure):</strong></p> <pre lang="yaml"><code>- uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist # Files were in: dist/my-artifact/ </code></pre> <blockquote> <p>Where <code>my-artifact</code> is the name of the artifact you previously uploaded</p> </blockquote> <p><strong>To maintain old behavior (if needed):</strong></p> <pre lang="yaml"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/634f93cb2916e3fdff6788551b99b062d0335ce0"><code>634f93c</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/416">#416</a> from actions/single-artifact-id-download-path</li> <li><a href="https://github.com/actions/download-artifact/commit/b19ff4302770b82aa4694b63703b547756dacce6"><code>b19ff43</code></a> refactor: resolve download path correctly in artifact download tests (mainly ...</li> <li><a href="https://github.com/actions/download-artifact/commit/e262cbee4ab8c473c61c59a81ad8e9dc760e90db"><code>e262cbe</code></a> bundle dist</li> <li><a href="https://github.com/actions/download-artifact/commit/bff23f9308ceb2f06d673043ea6311519be6a87b"><code>bff23f9</code></a> update docs</li> <li><a href="https://github.com/actions/download-artifact/commit/fff8c148a8fdd56aa81fcb019f0b5f6c65700c4d"><code>fff8c14</code></a> fix download path logic when downloading a single artifact by id</li> <li><a href="https://github.com/actions/download-artifact/commit/448e3f862ab3ef47aa50ff917776823c9946035b"><code>448e3f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/407">#407</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/download-artifact/commit/47225c44b359a5155efdbbbc352041b3e249fb1b"><code>47225c4</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...634f93cb2916e3fdff6788551b99b062d0335ce0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
84142bb42a |
build(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4178)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.7 to 3.29.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.21 - 28 July 2025</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/76621b61decf072c1cee8dd1ce2d2a82d33c17ed"><code>76621b6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3019">#3019</a> from github/update-v3.29.8-679a40d33</li> <li><a href="https://github.com/github/codeql-action/commit/29ac3cefbb645d41622f6f9baa1415e06d73cf06"><code>29ac3ce</code></a> Add release notes for 3.29.7</li> <li><a href="https://github.com/github/codeql-action/commit/737cfdebe687c6e720fb99761f23d89751c3b93a"><code>737cfde</code></a> Update changelog for v3.29.8</li> <li><a href="https://github.com/github/codeql-action/commit/679a40d337fedd9b7318253dd72bfe7dc6d1886c"><code>679a40d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3014">#3014</a> from github/henrymercer/rebuild-dispatch</li> <li><a href="https://github.com/github/codeql-action/commit/6fe50b283a3d2e5533299f72d99216cd8815500f"><code>6fe50b2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3015">#3015</a> from github/henrymercer/language-autodetection-worka...</li> <li><a href="https://github.com/github/codeql-action/commit/6bc91d64f66d435200c8ba85c64878c3cbfad33b"><code>6bc91d6</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/6b4fedca4f3428195d7ba1ca7c7404f9ea472911"><code>6b4fedc</code></a> Bump Action patch version</li> <li><a href="https://github.com/github/codeql-action/commit/5794ffcb4ab0e87e4b8a8446ef048488303db295"><code>5794ffc</code></a> Fix auto-detection of extractors that aren't languages</li> <li><a href="https://github.com/github/codeql-action/commit/bd62bf449cd8695f818546752cc8157693e1716c"><code>bd62bf4</code></a> Finish in-progress merges</li> <li><a href="https://github.com/github/codeql-action/commit/2afb4e6f3c84ec0534284f2b47ae8206dcb401bf"><code>2afb4e6</code></a> Avoid specifying branch unnecessarily</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bb07eced6e |
build(deps): bump gradle/actions from 4.4.1 to 4.4.2 (#4177)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.1 to 4.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.2</h2> <p>This patch release updates a bunch of dependency versions</p> <h2>What's Changed</h2> <ul> <li>Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/703">gradle/actions#703</a>)</li> <li>Bumps the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/pull/702">gradle/actions#702</a>)</li> <li>Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/pull/704">gradle/actions#704</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/701">gradle/actions#701</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/695">gradle/actions#695</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/696">gradle/actions#696</a>)</li> <li>Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/697">gradle/actions#697</a>)</li> <li>Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/693">gradle/actions#693</a>)</li> <li>Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (<a href="https://redirect.github.com/gradle/actions/pull/691">gradle/actions#691</a>)</li> <li>Bump the npm-dependencies group in /sources with 5 updates (<a href="https://redirect.github.com/gradle/actions/pull/692">gradle/actions#692</a>)</li> <li>Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (<a href="https://redirect.github.com/gradle/actions/pull/685">gradle/actions#685</a>)</li> <li>Bump the npm-dependencies group across 1 directory with 8 updates (<a href="https://redirect.github.com/gradle/actions/pull/684">gradle/actions#684</a>)</li> <li>Run Gradle release candidate tests with JDK 17 (<a href="https://redirect.github.com/gradle/actions/pull/690">gradle/actions#690</a>)</li> <li>Update Develocity npm agent to version 1.0.1 (<a href="https://redirect.github.com/gradle/actions/pull/687">gradle/actions#687</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/688">gradle/actions#688</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (<a href="https://redirect.github.com/gradle/actions/pull/683">gradle/actions#683</a></li> <li>Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/gradle/actions/pull/675">gradle/actions#675</a>)</li> <li>Bump the gradle group across 3 directories with 2 updates (<a href="https://redirect.github.com/gradle/actions/pull/674">gradle/actions#674</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (<a href="https://redirect.github.com/gradle/actions/pull/679">gradle/actions#679</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (<a href="https://redirect.github.com/gradle/actions/pull/682">gradle/actions#682</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (<a href="https://redirect.github.com/gradle/actions/pull/681">gradle/actions#681</a>)</li> <li>Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (<a href="https://redirect.github.com/gradle/actions/pull/680">gradle/actions#680</a>)</li> <li>Update known wrapper checksums (<a href="https://redirect.github.com/gradle/actions/pull/676">gradle/actions#676</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.4.1...v4.4.2">https://github.com/gradle/actions/compare/v4.4.1...v4.4.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/017a9effdb900e5b5b2fddfb590a105619dca3c3"><code>017a9ef</code></a> Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group a...</li> <li><a href="https://github.com/gradle/actions/commit/d5397cf4c822cff29ba7b79b2c9ed29917bbe84a"><code>d5397cf</code></a> Merge branch 'main' into dependabot/github_actions/github-actions-12d2e1d0cf</li> <li><a href="https://github.com/gradle/actions/commit/559dfbd266963f24dd17a76f3ce0f009a6c020ef"><code>559dfbd</code></a> Bump the npm-dependencies group in /sources with 4 updates (<a href="https://redirect.github.com/gradle/actions/issues/702">#702</a>)</li> <li><a href="https://github.com/gradle/actions/commit/075ee283cc5fba335ac5184eb48b40672919612a"><code>075ee28</code></a> Merge branch 'main' into dependabot/npm_and_yarn/sources/npm-dependencies-fda...</li> <li><a href="https://github.com/gradle/actions/commit/c3e68c5c72468b5662b0e325d727b1c1e6a14c16"><code>c3e68c5</code></a> Upgrade to gradle 9 in workflows and tests (<a href="https://redirect.github.com/gradle/actions/issues/704">#704</a>)</li> <li><a href="https://github.com/gradle/actions/commit/d7e674f97b03ec86a7d6f688bd66c45269b35bf1"><code>d7e674f</code></a> Fix init script tests dependencies</li> <li><a href="https://github.com/gradle/actions/commit/3e6512898620556ad8848c4073e8279051eaf7db"><code>3e65128</code></a> Upgrade init script tests to Gradle 9</li> <li><a href="https://github.com/gradle/actions/commit/896b9fa30994e16abfabdffea39f9bbffa8ade46"><code>896b9fa</code></a> Run tests on Gradle release candidate and current with JDK 17 as required sin...</li> <li><a href="https://github.com/gradle/actions/commit/431b3e39ba5839847f90c3917165b1f0b5b2d0fa"><code>431b3e3</code></a> Bump github/codeql-action in the github-actions group across 1 directory</li> <li><a href="https://github.com/gradle/actions/commit/44c3664945acba910b91b10f41602a5caceb57df"><code>44c3664</code></a> Bump the npm-dependencies group in /sources with 4 updates</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/ac638b010cf58a27ee6c972d7336334ccaf61c96...017a9effdb900e5b5b2fddfb590a105619dca3c3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bb8edffaab |
build(deps): bump actions/ai-inference from 1.2.3 to 1.2.4 (#4119)
Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.3 to 1.2.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v1.2.4</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@github/local-action</code> from 3.2.1 to 5.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/63">actions/ai-inference#63</a></li> <li>Bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.43.0 to 4.45.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/65">actions/ai-inference#65</a></li> <li>Bump jest and <code>@types/jest</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/66">actions/ai-inference#66</a></li> <li>Tidy up package.json by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/69">actions/ai-inference#69</a></li> <li>Moves project to using vitest by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/70">actions/ai-inference#70</a></li> <li>Move some linter files out of the root and use GitHub's shared prettier config by <a href="https://github.com/maraisr"><code>@maraisr</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/72">actions/ai-inference#72</a></li> <li>chore(deps): bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.45.1 to 4.46.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/76">actions/ai-inference#76</a></li> <li>chore(deps): bump actions/publish-action from 0.2.2 to 0.3.0 in the actions-minor group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/74">actions/ai-inference#74</a></li> <li>Separate out MCP token by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/83">actions/ai-inference#83</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v1...v1.2.4">https://github.com/actions/ai-inference/compare/v1...v1.2.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/4b591cc5298ae9428fff72279eced918e444c409"><code>4b591cc</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/83">#83</a> from actions/sgoedecke/separate-mcp</li> <li><a href="https://github.com/actions/ai-inference/commit/ea24ec2ed4aeb6d19b8936f886e8fb5741527467"><code>ea24ec2</code></a> Update README.md</li> <li><a href="https://github.com/actions/ai-inference/commit/b9f9444fb79985625c6981038caa00e6346408ed"><code>b9f9444</code></a> update docs</li> <li><a href="https://github.com/actions/ai-inference/commit/419f171f16e478d9f608f4fe3fabe29f5dcdccae"><code>419f171</code></a> Separate out MCP token</li> <li><a href="https://github.com/actions/ai-inference/commit/fc8527d1d95538cb45e8f49fbc95dc9e5681b849"><code>fc8527d</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/74">#74</a> from actions/dependabot/github_actions/actions-minor-e...</li> <li><a href="https://github.com/actions/ai-inference/commit/719349dfcccd7fbeee25901255dbf1a59c88d3fb"><code>719349d</code></a> Merge branch 'main' into dependabot/github_actions/actions-minor-e893b3f303</li> <li><a href="https://github.com/actions/ai-inference/commit/2762750922fa62f91dc6203df8b23c2684d5a52b"><code>2762750</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/76">#76</a> from actions/dependabot/npm_and_yarn/rollup/rollup-lin...</li> <li><a href="https://github.com/actions/ai-inference/commit/9386906af5e73f620356d314711097696823d770"><code>9386906</code></a> chore(deps): bump <code>@rollup/rollup-linux-x64-gnu</code> from 4.45.1 to 4.46.0</li> <li><a href="https://github.com/actions/ai-inference/commit/ca9eff70517ac00934ae11b2c2164fde6c48954e"><code>ca9eff7</code></a> chore(deps): bump actions/publish-action in the actions-minor group</li> <li><a href="https://github.com/actions/ai-inference/commit/6bef1d0031bbc403a1e49d373ab67e03c2eb60ae"><code>6bef1d0</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/72">#72</a> from actions/mr/linters</li> <li>Additional commits viewable in <a href="https://github.com/actions/ai-inference/compare/9693b137b6566bb66055a713613bf4f0493701eb...4b591cc5298ae9428fff72279eced918e444c409">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b91bfac416 |
build(deps): bump docker/login-action from 3.4.0 to 3.5.0 (#4118)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/184bdaa0721073962dff0199f1fb9940f07167d1"><code>184bdaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/878">#878</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/5c6bc94683baa064818f51e7417087c2ac58b32c"><code>5c6bc94</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/caf405864315c6006c5581b540e5047cf728b4e7"><code>caf4058</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/ef38ec311a7df3f01475313e7c5bb584b74b112a"><code>ef38ec3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/860">#860</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/d52e8ef81c0de894e9c95bed8de0ee5955ec7eb7"><code>d52e8ef</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9644ab7025be3206ff4b12f1531a1b6919022b00"><code>9644ab7</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/7abd1d512621d8896b31f4ea992d207f15915ad6"><code>7abd1d5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/875">#875</a> from docker/dependabot/npm_and_yarn/form-data-2.5.5</li> <li><a href="https://github.com/docker/login-action/commit/1a81202c4fda440f3b33eca3381d5d39c7efe85e"><code>1a81202</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/876">#876</a> from crazy-max/aws-public-dual-stack</li> <li><a href="https://github.com/docker/login-action/commit/d1ab30dc54161cbfd704562857677edf4dd7837a"><code>d1ab30d</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/f25ff28d1c8cd9a7c35896711238fed682755e1c"><code>f25ff28</code></a> support dual-stack for aws public ecr</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/74a5d142397b4f367a81961eba4e8cd7edddf772...184bdaa0721073962dff0199f1fb9940f07167d1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
63b64b5dc5 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.34 to 2.2.35 (#4117)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.34 to 2.2.35. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d47f5e26a |
build(deps): bump docker/metadata-action from 5.7.0 to 5.8.0 (#4116)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.7.0 to 5.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.8.0</h2> <ul> <li>New <code>is_not_default_branch</code> global expression by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/535">docker/metadata-action#535</a></li> <li>Allow to match part of the git tag or value for semver/pep440 types by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/536">docker/metadata-action#536</a> <a href="https://redirect.github.com/docker/metadata-action/pull/537">docker/metadata-action#537</a></li> <li>Bump <code>@actions/github</code> from 6.0.0 to 6.0.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/523">docker/metadata-action#523</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/526">docker/metadata-action#526</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/533">docker/metadata-action#533</a></li> <li>Bump moment-timezone from 0.5.47 to 0.6.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/525">docker/metadata-action#525</a></li> <li>Bump semver from 7.7.1 to 7.7.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/524">docker/metadata-action#524</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0">https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/metadata-action/commit/c1e51972afc2121e065aed6d45c65596fe445f3f"><code>c1e5197</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/537">#537</a> from crazy-max/pep440-match</li> <li><a href="https://github.com/docker/metadata-action/commit/89dd65a56942f24df76cdf7a4c23b89e9e0c64f9"><code>89dd65a</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/699ee45cf1d1e4c00bb9ca9bacb9f983fc58fbf6"><code>699ee45</code></a> allow to match part of the git tag or value for pep440 type</li> <li><a href="https://github.com/docker/metadata-action/commit/e0542a6360c9f152bbf3353bd9c94564a730f25f"><code>e0542a6</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/536">#536</a> from crazy-max/semver-match</li> <li><a href="https://github.com/docker/metadata-action/commit/b7facdfcef4956d2d16250632ca1d9fb16ed637c"><code>b7facdf</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/81c60dfb8b905e3a16457c3da8880fc62e9051b8"><code>81c60df</code></a> allow to match part of the git tag or value for semver type</li> <li><a href="https://github.com/docker/metadata-action/commit/de1119515dcfb4b110f21f67dc739b3ba1472a84"><code>de11195</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/535">#535</a> from crazy-max/not_def_branch</li> <li><a href="https://github.com/docker/metadata-action/commit/2f9c64b1b1b1f3dd8b9e5a74ae4db13087cb814e"><code>2f9c64b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/533">#533</a> from docker/dependabot/npm_and_yarn/form-data-2.5.5</li> <li><a href="https://github.com/docker/metadata-action/commit/510f74697528050f83e777f81df8cfccb153ccd3"><code>510f746</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/2bc3f4e0f13f667fe2ccb93725d524c114c6ce80"><code>2bc3f4e</code></a> is_not_default_branch global expression</li> <li>Additional commits viewable in <a href="https://github.com/docker/metadata-action/compare/902fa8ec7d6ecbf8d84d538b9b233a880e428804...c1e51972afc2121e065aed6d45c65596fe445f3f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2a20ffd09a |
build(deps): bump commonmarkVersion from 0.25.0 to 0.25.1 (#4115)
Bumps `commonmarkVersion` from 0.25.0 to 0.25.1. Updates `org.commonmark:commonmark` from 0.25.0 to 0.25.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.1</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark's changelog</a>.</em></p> <blockquote> <h2>[0.25.1] - 2025-08-01</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/b703d6a3561a6eb00f6de8dfab85cf0301cb7a2d"><code>b703d6a</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/eb93eca29e8ea0369186b6a22afd2b1f853df1f8"><code>eb93eca</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/390">#390</a> from commonmark/release-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bd50c7d587c435c80eeb1f59d2c41fed3efefb33"><code>bd50c7d</code></a> Prepare CHANGELOG for version 0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/226e8e970f4525466b28ff4a37b131776204e8b8"><code>226e8e9</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/389">#389</a> from commonmark/issue-388-footnotes-multiple-paragraphs</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/3111fed6c73dc6e961c590c58973b44e12fe5464"><code>3111fed</code></a> footnotes: Fix multiple paragraphs separated by blank lines</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/33737b7d5dd65153f2d022f7b5770f0fa0630296"><code>33737b7</code></a> CHANGELOG: Add issue links</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/c577edfe08e523ab806a111f629a518c4de660be"><code>c577edf</code></a> README: Bump version</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8d5918d4efd3ad1dca4626af8a516872f7aa6121"><code>8d5918d</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.25.0...commonmark-parent-0.25.1">compare view</a></li> </ul> </details> <br /> Updates `org.commonmark:commonmark-ext-gfm-tables` from 0.25.0 to 0.25.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/releases">org.commonmark:commonmark-ext-gfm-tables's releases</a>.</em></p> <blockquote> <h2>commonmark-java 0.25.1</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/commonmark/commonmark-java/blob/main/CHANGELOG.md">org.commonmark:commonmark-ext-gfm-tables's changelog</a>.</em></p> <blockquote> <h2>[0.25.1] - 2025-08-01</h2> <h3>Fixed</h3> <ul> <li>footnotes: Fix parsing of footnote definitions containing multiple paragraphs separated by blank lines. Before it only worked if paragraphs were separated by lines of 4 spaces. (<a href="https://redirect.github.com/commonmark/commonmark-java/issues/388">#388</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/commonmark/commonmark-java/commit/b703d6a3561a6eb00f6de8dfab85cf0301cb7a2d"><code>b703d6a</code></a> [maven-release-plugin] prepare release commonmark-parent-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/eb93eca29e8ea0369186b6a22afd2b1f853df1f8"><code>eb93eca</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/390">#390</a> from commonmark/release-0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/bd50c7d587c435c80eeb1f59d2c41fed3efefb33"><code>bd50c7d</code></a> Prepare CHANGELOG for version 0.25.1</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/226e8e970f4525466b28ff4a37b131776204e8b8"><code>226e8e9</code></a> Merge pull request <a href="https://redirect.github.com/commonmark/commonmark-java/issues/389">#389</a> from commonmark/issue-388-footnotes-multiple-paragraphs</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/3111fed6c73dc6e961c590c58973b44e12fe5464"><code>3111fed</code></a> footnotes: Fix multiple paragraphs separated by blank lines</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/33737b7d5dd65153f2d022f7b5770f0fa0630296"><code>33737b7</code></a> CHANGELOG: Add issue links</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/c577edfe08e523ab806a111f629a518c4de660be"><code>c577edf</code></a> README: Bump version</li> <li><a href="https://github.com/commonmark/commonmark-java/commit/8d5918d4efd3ad1dca4626af8a516872f7aa6121"><code>8d5918d</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>See full diff in <a href="https://github.com/commonmark/commonmark-java/compare/commonmark-parent-0.25.0...commonmark-parent-0.25.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
47a49c5353 |
build(deps): bump org.eclipse.angus:angus-mail from 2.0.3 to 2.0.4 (#4114)
Bumps [org.eclipse.angus:angus-mail](https://github.com/eclipse-ee4j/angus-mail) from 2.0.3 to 2.0.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/37c1c6ca1e7bdc1c7be6ed47eb6f1e388d3cbc79"><code>37c1c6c</code></a> Prepare release org.eclipse.angus:all:2.0.4</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a53d904ca190c7241ee923b14bae6e16d0726c35"><code>a53d904</code></a> Update changes log (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/169">#169</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/5d0e7b3f5155130c55e6375ae3f5dc5d0a3564ab"><code>5d0e7b3</code></a> Update changes log</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/84fe702f7a4837f325b878f17fee148a7e8ba951"><code>84fe702</code></a> Fix issue299 (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/166">#166</a>) (<a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/167">#167</a>)</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/a15041d503cefb380e3a5284eb7144eb92d82e93"><code>a15041d</code></a> Update README.md</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/005bec40252bc732d2822cb9ab79902a4adc6f17"><code>005bec4</code></a> Merge pull request <a href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/138">#138</a> from eclipse-ee4j/2.0.3-RELEASE</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/637b1913d26a0420a6b6bf1ed7ed0ebb868d8a57"><code>637b191</code></a> Update TCK-Results.md</li> <li><a href="https://github.com/eclipse-ee4j/angus-mail/commit/2a375178f614071e872cd518d18ffa337af19029"><code>2a37517</code></a> Prepare next development cycle for 2.0.4-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/eclipse-ee4j/angus-mail/compare/2.0.3...2.0.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |