Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the boot group across 1 directory with 6 updates #13

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the boot group across 1 directory with 6 updates #13

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 1, 2024

Bumps the boot group with 6 updates in the /springboot directory:

Package From To
org.springdoc:springdoc-openapi-starter-webmvc-ui 2.3.0 2.5.0
org.postgresql:postgresql 42.7.1 42.7.3
org.springframework.boot 3.2.2 3.3.0
io.spring.dependency-management 1.1.4 1.1.5
org.hibernate.orm 6.4.2.Final 6.5.2.Final
org.graalvm.buildtools.native 0.9.28 0.10.2

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.3.0 to 2.5.0

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v2.5.0 released!

What's Changed

Added

  • #2318 - Add Info to GroupedOpenAPI properties
  • #2554 - Remove duplicate words from comments
  • #2418 - Improve support for externalizing strings in generated openapi
  • #2535 - Add 'springdoc.trim-kotlin-indent' property to handle Kotlin multiline string indentation

Fixed

  • #2525 - Inherited Methods Not Included in Swagger Documentation with @​RouterOperation in Spring Boot WebFlux Application
  • #2526 - SpringDoc bean naming conflict error with GraphQL Spring boot starter
  • #2540 - Fix typo in SpringRepositoryRestResourceProvider.java
  • #2549 - Fix README.md

New Contributors

Full Changelog: springdoc/springdoc-openapi@v2.4.0...v2.5.0

springdoc-openapi v2.4.0 released!

What's Changed

Changed

  • Upgrade spring-boot to 3.2.3
  • Upgrade swagger-core to 2.2.20

... (truncated)

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[2.5.0] - 2024-04-01

Added

  • #2318 - Add Info to GroupedOpenAPI properties
  • #2554 - Remove duplicate words from comments
  • #2418 - Improve support for externalizing strings in generated openapi
  • #2535 - Add 'springdoc.trim-kotlin-indent' property to handle Kotlin multiline string indentation

Changed

  • Upgrade spring-boot to 3.2.4
  • Upgrade swagger-core to 2.2.21
  • Upgrade swagger-ui to 5.13.0

Fixed

  • #2525 - Inherited Methods Not Included in Swagger Documentation with @​RouterOperation in Spring Boot WebFlux Application
  • #2526 - SpringDoc bean naming conflict error with GraphQL Spring boot starter
  • #2540 - Fix typo in SpringRepositoryRestResourceProvider.java
  • #2549 - Fix README.md

[2.4.0] - 2024-03-12

Added

  • #2443 - Respect schema annotations when using spring mvc with kotlin
  • #2492, #2488 - Support dynamic evaluation of description field in the RequestBody
  • #2510 - Option to disable root api-docs path when using groups

Changed

  • Upgrade spring-boot to 3.2.3
  • Upgrade swagger-core to 2.2.20
  • Upgrade swagger-ui to 5.11.8

Fixed

  • #2453 - Fix CODE_OF_CONDUCT.md links
  • #2454 - Fix typo in SwaggerWelcomeWebMvc
  • #2507 - Fix typo in Constants
  • #2472 - Update JavadocPropertyCustomizer.java
  • #2495 - Fix broken links in README and CONTRIBUTING
  • #2501 - bug fix when "exported" is set to false in RestResource annotation
  • #2447 - Serialization to openapi of org.springframework.data.domain.Sort is not done correctly
  • #2449 - Extensions in subobjects of OpenAPI no longer work
  • #2461 - Springdoc OpenApi Annotations @​ExtensionProperty Not Evaluating Properties from application.yml
  • #2469 - Pom contains invalid organizationUrl
  • #2518 - Duplicate GroupConfigs in SpringDocConfigProperties
  • #2506 - Springdoc breaks (Unexpected value: TRACE) when a spring-cloud-starter-gateway-mvc universal gateway is configured.
  • #2519 - Request parameter parsing error after using @​NotBlank from type interface field
  • #2516 - Spring Data REST fails when setting version to openapi_3_1

... (truncated)

Commits

Updates org.postgresql:postgresql from 42.7.1 to 42.7.3

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.3

Changes

v42.7.2

Security

CVE-2024-1597 and Security Advisory addressed. The vulnerability occurs only in non-default preferQueryMode=simple mode and only if a negative place holder -? is used. See the security advisory for details

What's Changed

Full Changelog: pgjdbc/pgjdbc@REL42.7.1...REL42.7.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.3] (2024-04-14 14:51:00 -0400)

Changed

Fixed

  • fix: boolean types not handled in SimpleQuery mode [PR #3146](pgjdbc/pgjdbc#3146)
    • make sure we handle boolean types in simple query mode
    • support uuid as well
    • handle all well known types in text mode and change else if to switch
  • fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

Commits

Updates org.springframework.boot from 3.2.2 to 3.3.0

Release notes

Sourced from org.springframework.boot's releases.

v3.3.0

⭐ New Features

  • Add support for descriptions of record components in configuration metadata generation #29403

🐞 Bug Fixes

  • gradlew bootBuildImage fails with Podman on macOS Sonoma #40871
  • Pulsar auth parameters don't properly encode JSON values #40869
  • When using JPA and ImportTestcontainers, test context may fail to refresh due to "Mapped port can only be obtained after the container is started" #40863
  • Default MIME mappings are not loaded unless additional mappings are configured #40860
  • Starting from 3.2.x, @SpyBean is not able to initialise MongoRepository bean of the generic type #40855
  • Auto-configuration ordering change breaks DocumentReference (in non-reactive MongoTemplate) when depending on mongodb-driver-reactivestreams #40851
  • Neo4jReactiveDataAutoConfiguration creates incorrectly named bean #40836
  • Image building fails during cleanup when bind mount has read-only content #40799
  • Failure Analysis for InvalidConfigurationPropertyValueException is skipped when the property is not set #40691
  • IllegalArgumentException can be thrown when running an uber jar on a shared drive #40643
  • setReadTimeout can't be set via Reflective factory on JettyClientHttpRequestFactory #40638
  • URISyntaxException is raised if the spring boot application is started in a location that contains invalid URI characters #40616
  • resolveMainClassName fails when building with Gradle using Java 22 #40613
  • AnsiOutput.detectIfAnsiCapable broken on JDK22 #40609
  • Help information for spring init's build option has the wrong default #40606
  • JarUrlConnection.getPermission() can throw NullPointerException if jarFileConnection is null #40599
  • Whitespace is not correctly trimmed when generating configuration properties metadata from records #40593
  • In some situations, the failure when the AOT-generated initializer cannot be loaded is less helpful than before #40584
  • Properties binding eagerly creates superfluous maps #40561
  • Configuring SSL bundle reload for non-file resource types causes errors that are difficult to diagnose #40560
  • spring-boot-dependencies cannot be used with repositories that ban com.oracle.database.jdbc:ojdbc-bom #40535
  • Buildpacks do not support Docker with containerd image store #40526
  • SpringBootMockMvcBuilderCustomizer can crash cryptically while collecting data that it would have discarded anyway #40517
  • Containers not shut down between tests when using .withReuse(true) but env. does not support reuse (e.g. CI builds) #40509
  • CookieSameSiteSupplier influences session cookie #40501
  • <springProperty> and <springProfile> do not work in <include> after Logback upgrade #40491
  • Runtime hint registration for property binding should not fail when parameter information is unavailable #40486
  • ServiceLevelObjectiveBoundary properties cannot be bound in a native image application #40483
  • server.error.include-binding-errors does not recognize MethodValidationResult exceptions #40474
  • spring.data.redis.cluster.nodes and spring.data.redis.sentinel.nodes do not handle IPv6 addresses correctly #40467
  • Using relative paths to describe the classpath in the error message from ResolveMainClassName hinders problem diagnosis #40465
  • Jartools extract command doesn't extract all files from META-INF #40456
  • Native image doesn't start and doesn't log anything if an environment post processor throws an exception #40451
  • Unlike DataSourceAutoConfiguration, DevToolsDataSourceAutoConfiguration assumes that javax.sql.DataSource will always be available #40441

📔 Documentation

  • Improve graceful shutdown documentation to remove ambiguity #40846
  • Document ways to opt out from immutable @ConfigurationProperties binding with single constructor #40844
  • Document that a custom HttpMessageConverters bean can be used to reorder json message converters when needed #40839
  • Address ambiguity now that Testcontainers has two classes named KafkaContainer #40756
  • Publish API documentation for Spring Boot's Kotlin APIs #40692
  • Fix typo in features doc #40631

... (truncated)

Commits
  • a25e1eb Release v3.3.0
  • ed0a3fd Update publish-to-sdkman job to make new candidates the default
  • 42d6f2c Merge branch '3.2.x'
  • 234e0fd Stop mark 3.2.x as the default SDKman release
  • 226b900 Merge branch '3.2.x'
  • c857eb6 Fix SDKman "make default" step
  • 13e13f9 Merge branch '3.2.x'
  • a5ee37c Next development version (v3.2.7-SNAPSHOT)
  • dffdd6d Explicitly set SDKman's make-default to false
  • 86c206a Merge branch '3.2.x'
  • Additional commits viewable in compare view

Updates io.spring.dependency-management from 1.1.4 to 1.1.5

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.5

🐞 Bug Fixes

  • When a dependency has been substituted by changing its target, its version is managed based on its original group and artifact IDs #383
  • Plugin triggers a deprecation warning for LenientConfiguration#getArtifacts(Spec) with Gradle 8.8 #381
  • Exclusions are calculated unnecessarily for non-transitive configurations #372

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fp7

Commits
  • b3f62a0 Release v1.1.5
  • 70f3e08 Release from GitHub Actions
  • b5ed22b Correct the value of build-name when deploying to Artifactory
  • 029d266 Specify the shell for build and publish step
  • 2ddde6f Prepare snapshot workflow for addition of release workflow
  • 6cc618e Enable linting and treat warnings as errors
  • 7a56eaa Broaden Gradle version compatibility testing
  • 63c2738 Upgrade to Gradle 7.6.4
  • 2ed89ef Upgrade to Gradle Enterprise Conventions 0.0.17
  • 0676dc0 Merge pull request #372 from fp7
  • Additional commits viewable in compare view

Updates org.hibernate.orm from 6.4.2.Final to 6.5.2.Final

Updates org.graalvm.buildtools.native from 0.9.28 to 0.10.2

Release notes

Sourced from org.graalvm.buildtools.native's releases.

0.10.2

What's Changed

New Contributors

Full Changelog: graalvm/native-build-tools@0.10.1...0.10.2

0.10.1

What's Changed

New Contributors

Full Changelog: graalvm/native-build-tools@0.10.0...0.10.1

0.10.0

What's Changed

New Contributors

Full Changelog: graalvm/native-build-tools@0.9.28...0.10.0

Commits
  • de7f1df Bump repo version to 0.10.2
  • c47f2dc Merge pull request #594 from graalvm/dnestoro/UpdateMetadataVersion
  • 892da4f Update Reachability Metadata repository version
  • 9f8dbd0 Add a parameter to be able to skip build native for pom type modules, leave i...
  • d4b5ce3 fix class path directroy analyzer (#590)
  • 08d4a02 Merge pull request #589 from n0tl3ss/stale-files
  • ca05132 code review fixes
  • ca35e20 trigger build
  • 5ffff01 write-args-file task should delete old stale args file before generating a ne...
  • 6db59ba Merge pull request #580 from dnestoro/dnestoro/SetProperDefaultMetadataCopyDir
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the boot group across 1 directory with 6 updates
ddd5e88 
Bumps the boot group with 6 updates in the /springboot directory:

| Package | From | To |
| --- | --- | --- |
| [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) | `2.3.0` | `2.5.0` |
| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.1` | `42.7.3` |
| [org.springframework.boot](https://github.com/spring-projects/spring-boot) | `3.2.2` | `3.3.0` |
| [io.spring.dependency-management](https://github.com/spring-gradle-plugins/dependency-management-plugin) | `1.1.4` | `1.1.5` |
| org.hibernate.orm | `6.4.2.Final` | `6.5.2.Final` |
| [org.graalvm.buildtools.native](https://github.com/graalvm/native-build-tools) | `0.9.28` | `0.10.2` |



Updates `org.springdoc:springdoc-openapi-starter-webmvc-ui` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/springdoc/springdoc-openapi/releases)
- [Changelog](https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md)
- [Commits](springdoc/springdoc-openapi@v2.3.0...v2.5.0)

Updates `org.postgresql:postgresql` from 42.7.1 to 42.7.3
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.1...REL42.7.3)

Updates `org.springframework.boot` from 3.2.2 to 3.3.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.2.2...v3.3.0)

Updates `io.spring.dependency-management` from 1.1.4 to 1.1.5
- [Release notes](https://github.com/spring-gradle-plugins/dependency-management-plugin/releases)
- [Commits](spring-gradle-plugins/dependency-management-plugin@v1.1.4...v1.1.5)

Updates `org.hibernate.orm` from 6.4.2.Final to 6.5.2.Final

Updates `org.graalvm.buildtools.native` from 0.9.28 to 0.10.2
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@0.9.28...0.10.2)

---
updated-dependencies:
- dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: boot
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: boot
- dependency-name: org.springframework.boot
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: boot
- dependency-name: io.spring.dependency-management
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: boot
- dependency-name: org.hibernate.orm
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: boot
- dependency-name: org.graalvm.buildtools.native
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: boot
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants