socket-security[bot]
commented
2 weeks ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| maven/org.springframework/spring-beans@6.0.0 | environment, eval, filesystem, network, unsafe | 0 |
1.9 MB | |
| maven/org.springframework/spring-context@6.0.0 | eval, filesystem, network, unsafe | +2 |
3.96 MB | |
| maven/org.springframework/spring-core@6.0.0 | environment, eval, filesystem, network, unsafe | +1 |
3.89 MB | |
| maven/org.springframework/spring-jdbc@6.0.0 | eval, network, unsafe | 0 |
918 kB | |
| maven/org.springframework/spring-tx@6.0.0 | eval, unsafe | 0 |
570 kB | |
| maven/org.springframework/spring-web@6.0.0 | environment, eval, filesystem, network, unsafe Transitive: shell | +29 |
17.8 MB |
🚮 Removed packages: maven/org.springframework/spring-beans@5.3.39, maven/org.springframework/spring-context@5.3.39, maven/org.springframework/spring-core@5.3.39, maven/org.springframework/spring-jdbc@5.3.39, maven/org.springframework/spring-tx@5.3.39, maven/org.springframework/spring-web@5.3.39
renovate[bot]
This PR contains the following updates:
5.3.39->6.0.0GitHub Vulnerability Alerts
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Release Notes
spring-projects/spring-framework (org.springframework:spring-context)
### [`v6.0.0`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v6.0.0) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.39...v6.0.0) See [What's New in Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x) and [Upgrading to Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x) for upgrade instructions and details of new features. #### :star: New Features - Avoid direct URL construction and URL equality checks [#29486](https://redirect.github.com/spring-projects/spring-framework/issues/29486) - Simplify creating RFC 7807 responses from functional endpoints [#29462](https://redirect.github.com/spring-projects/spring-framework/issues/29462) - Allow test classes to provide runtime hints via declarative mechanisms [#29455](https://redirect.github.com/spring-projects/spring-framework/issues/29455) #### :notebook_with_decorative_cover: Documentation - Align javadoc of DefaultParameterNameDiscoverer with its behavior [#29494](https://redirect.github.com/spring-projects/spring-framework/pull/29494) - Document AOT support in the TestContext framework [#29482](https://redirect.github.com/spring-projects/spring-framework/issues/29482) - Document Ahead of Time processing in the reference guide [#29350](https://redirect.github.com/spring-projects/spring-framework/issues/29350) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2022.0.0 [#29465](https://redirect.github.com/spring-projects/spring-framework/issues/29465) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@ophiuhus](https://redirect.github.com/ophiuhus) and [@wilkinsona](https://redirect.github.com/wilkinsona)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.