OWASP / SecurityShepherd

Web and mobile application security training platform
https://owasp.org/www-project-security-shepherd/
GNU General Public License v3.0
1.34k stars 459 forks source link

Bump spring-web from 5.3.23 to 6.0.2 #728

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps spring-web from 5.3.23 to 6.0.2.

Release notes

Sourced from spring-web's releases.

v6.0.2

:star: New Features

  • Rely on standard parameter name resolution in Bean Validation 3.0 #29566

:lady_beetle: Bug Fixes

  • ResponseStatusException does not use the reason to set the "detail" field #29567
  • LocalVariableTableParameterNameDiscoverer logs many warnings with Hibernate validation #29563

:notebook_with_decorative_cover: Documentation

  • org.springframework.web.multipart.commons not found #29562

v6.0.1

:star: New Features

  • Make SourceHttpMessageConverter optional #29535
  • Deprecate LocalVariableTableParameterNameDiscoverer completely (avoiding its exposure in native images) #29531
  • Make GeneratorStrategy.generate unreachable on native #29521
  • Update LogAdapter to allow build-time code removal #29506

:lady_beetle: Bug Fixes

  • Unhandled exceptions should mark Servlet observation outcome as error #29512

:notebook_with_decorative_cover: Documentation

  • Broken link in documentation section 6.10 #29554
  • Fix Javadoc link text in BindingResult #29551
  • Fix some typos in Kotlin WebClient example code #29538
  • Fix link to Bean Utils Light Library in BeanUtils Javadoc #29534
  • Fix link to WebFlux section in reference manual #29525
  • Document RuntimeHints testing strategies #29523
  • Reorganize and modularize the Testing chapter in the reference manual #29522
  • Document switch to SQLExceptionSubclassTranslator in the upgrade guide #29518
  • Update documentation to mention Java 17+ baseline #29514
  • Link to Spring WebFlux section is broken #29513
  • Update javadoc of Jackson-based decoders to reflect 2.14 baseline #29508
  • Code example has callout from a different code example #29505
  • Code listing callouts are displayed incorrectly in core-beans.adoc #29457
  • Fix a syntax error in an XML listing in core-validation.adoc #29456

:hammer: Dependency Upgrades

  • Upgrade to Jackson 2.14.1 #29539
  • Upgrade to Kotlin 1.7.21 #29543

:heart: Contributors

... (truncated)

Commits
  • 3a04435 Release v6.0.2
  • b7e99fb Additional documentation notes on Java/Kotlin parameter name retention
  • a27f2e9 ResponseStatusException sets detail from reason again
  • 284cf3e Rely on standard parameter name resolution in Bean Validation 3.0
  • cbf25b7 Reduce deprecation warn logging to one entry per introspected class
  • 8391897 Document removal of CommonsMultipartResolver in MVC setup documentation
  • a3c8909 Log connection info in StompBrokerRelayMessageHandler
  • e77c426 Next development version (v6.0.2-SNAPSHOT)
  • fe5bd67 Retain default LocalVariableTableParameterNameDiscoverer with warn log entries
  • ed5ab77 Fix javadoc link in AOP extensibility documentation
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

A newer version of org.springframework:spring-web exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.