search

SamuelGuillemet / SEAK

SEAK, emulates a financial broker which allows you to buy and sell stocks at market price, place limit orders inside an order book and get the market data in real time.
5 stars 0 forks source link

⬆ Bump the gradle group with 12 updates #54

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps the gradle group with 12 updates:

Package From To
org.apache.logging.log4j:log4j-api 2.22.1 2.23.1
org.apache.logging.log4j:log4j-core 2.22.1 2.23.1
org.apache.logging.log4j:log4j-slf4j2-impl 2.22.1 2.23.1
org.apache.logging.log4j:log4j-core 2.22.1 2.23.1
org.apache.logging.log4j:log4j-slf4j2-impl 2.22.1 2.23.1
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml 2.16.1 2.17.0
com.fasterxml.jackson.core:jackson-databind 2.16.1 2.17.0
com.fasterxml.jackson.core:jackson-databind 2.16.1 2.17.0
org.postgresql:postgresql 42.7.1 42.7.3
org.springframework.security:spring-security-crypto 6.2.1 6.2.3
org.awaitility:awaitility 4.2.0 4.2.1
org.testcontainers:junit-jupiter 1.19.4 1.19.7
org.testcontainers:postgresql 1.19.4 1.19.7
org.testcontainers:kafka 1.19.4 1.19.7
org.testcontainers:testcontainers 1.19.4 1.19.7
org.testcontainers:postgresql 1.19.4 1.19.7
org.testcontainers:kafka 1.19.4 1.19.7
org.testcontainers:testcontainers 1.19.4 1.19.7

Updates org.apache.logging.log4j:log4j-api from 2.22.1 to 2.23.1

Updates org.apache.logging.log4j:log4j-core from 2.22.1 to 2.23.1

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.22.1 to 2.23.1

Updates org.apache.logging.log4j:log4j-core from 2.22.1 to 2.23.1

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.22.1 to 2.23.1

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.16.1 to 2.17.0

Commits
  • 5947a45 [maven-release-plugin] prepare release jackson-dataformats-text-2.17.0
  • 66e39ff Prepare for 2.17.0 release
  • 00d45d2 Merge branch '2.16' into 2.17
  • 17b06ec Back to snapshot dep
  • 6924d24 [maven-release-plugin] prepare for next development iteration
  • d4977eb [maven-release-plugin] prepare release jackson-dataformats-text-2.16.2
  • cd23e6c Prepare for 2.16.2 release
  • 5f89d60 Add explicit overrides for JsonParser.getNumberTypeFP()
  • 1b8ca46 Test renaming
  • 0550039 Minor test refactoring
  • Additional commits viewable in compare view


Updates com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.17.0

Commits


Updates com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.17.0

Commits


Updates org.postgresql:postgresql from 42.7.1 to 42.7.3

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.3

Changes

v42.7.2

Security

CVE-2024-1597 and Security Advisory addressed. The vulnerability occurs only in non-default preferQueryMode=simple mode and only if a negative place holder -? is used. See the security advisory for details

What's Changed

Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.7.1...REL42.7.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.3] (2024-04-14 14:51:00 -0400)

Changed

Fixed

  • fix: boolean types not handled in SimpleQuery mode [PR #3146](pgjdbc/pgjdbc#3146)
    • make sure we handle boolean types in simple query mode
    • support uuid as well
    • handle all well known types in text mode and change else if to switch
  • fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

Commits
  • 818953a fix Issue # 3145 boolean types not handled in SimpleQuery mode (#3146)
  • 0e8ab63 The Gradle config enforces 17+ (#3147)
  • b591b9f Fix 2 changelog entry titles (#3142)
  • 81844e6 chore: ensure CI jobs include tests for all the values of preferQueryMode
  • 2fada9e update security page (#3135)
  • 388f027 fix: typo password_encrypton -> password_encryption in the error message
  • 9cde4f5 Update site for release of 42.7.2 (#3133)
  • df14e53 update version and last year modified
  • 06abfb7 Merge pull request from GHSA-24rp-q3w6-vc56
  • 93b0fcb Merge pull request from GHSA-24rp-q3w6-vc56
  • Additional commits viewable in compare view


Updates org.springframework.security:spring-security-crypto from 6.2.1 to 6.2.3

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

6.2.3

:star: New Features

  • Structure101 Plugin Should Ignore Deprecated Files #14640

:beetle: Bug Fixes

  • Check for null Authentication #14666
  • Fix Package Tangle in CAS #14641
  • LogoutConfigurer#createLogoutFilter sets the SecurityContextHolderStrategy twice #14648
  • ObservationTextHandler class is not defined in a reactive context #14653
  • PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #14723
  • Spring security's ServerLogoutHandler order problem. #14682

:hammer: Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.12.3 to 1.12.4 #14719
  • Bump io.mockk:mockk from 1.13.9 to 1.13.10 #14661
  • Bump io.projectreactor:reactor-bom from 2023.0.3 to 2023.0.4 #14726
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.1 to 4.0.2 #14705
  • Bump org-aspectj from 1.9.21.1 to 1.9.21.2 #14734
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.22 to 1.9.23 #14706
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.22 to 1.9.23 #14704
  • Bump org.springframework.data:spring-data-bom from 2023.1.3 to 2023.1.4 #14770
  • Bump org.springframework:spring-framework-bom from 6.1.4 to 6.1.5 #14757

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

6.2.2

:star: New Features

  • Configuration examples in docs are out of date #14392

:beetle: Bug Fixes

  • "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #14568
  • HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #14367
  • OAuth2AuthorizationExchange is not serializable #14405
  • WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar #14468
  • Application context fails to load: Couldn't find FilterChainProxy #14380
  • Back-Channel Logout should use localhost for internal logout request #14553
  • Cannot configure SecurityContextRepository in CasAuthenticationFilter #14536
  • Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #14348
  • fix typo in anonymous.adoc #14424
  • fix: typo in Authentication Architecture ProviderManager #14448
  • Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #14377

... (truncated)

Commits
  • 2455feb Release 6.2.3
  • a972338 Merge branch '6.1.x' into 6.2.x
  • f84c4ea Merge branch '5.8.x' into 6.1.x
  • 2c9dc08 Merge branch '5.7.x' into 5.8.x
  • 5a7f12f Check for null Authentication
  • c0fe212 Bump org.springframework.data:spring-data-bom from 2023.1.3 to 2023.1.4
  • a7105d8 Merge branch '6.1.x' into 6.2.x
  • 8d6ede2 Bump org.springframework:spring-framework-bom from 6.0.17 to 6.0.18
  • 2e53745 Merge branch '6.1.x' into 6.2.x
  • 747b806 Merge branch '5.8.x' into 6.1.x
  • Additional commits viewable in compare view


Updates org.awaitility:awaitility from 4.2.0 to 4.2.1

Changelog

Sourced from org.awaitility:awaitility's changelog.

Changelog 4.2.1 (2024-03-15)

  • Upgraded Kotlin to 1.9.22

  • Added extension properties forever, then, and, given to the Kotlin extension. This allows you to do e.g.:

    await.forever until { .. }

  • Added shortcut for enabling logging. Before you had to do e.g.

    await() .with() .conditionEvaluationListener(new ConditionEvaluationLogger(log::info)) .pollInterval(ONE_HUNDRED_MILLISECONDS) .until(logs::size, is(4));

    You can now instead use the "logging" shortcut:

    await() .with() .logging(log::info) .pollInterval(ONE_HUNDRED_MILLISECONDS) .until(logs::size, is(4));

    or simply ".logging()" for "System.out".

    This shortcut has also been added globally:

    Awaitility.setLogging(log::info);

    or

    Awaitility.setDefaultLogging();

  • Improved lambda detection for Java 17 and Java 21

  • Upgraded Groovy to 4.0.19

Commits
  • ff13b72 [maven-release-plugin] prepare release awaitility-4.2.1
  • f80c299 [ci skip] Preparing changelog for release
  • 4be5236 [ci skip] Fixed typo in changelog
  • e15b975 Fixed failing tests
  • 7f7656e Adding 17 and 21 to tests
  • 32eafb6 Improved lambda detection and upgraded groovy/scala
  • 8012936 Trying to fix failing test
  • b01855d Revert "Added java 21 tests"
  • 0e7dff0 Revert "Revert "Use Duration factories in Durations.java (#268)""
  • 97076a9 Added java 21 tests
  • Additional commits viewable in compare view


Updates org.testcontainers:junit-jupiter from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:junit-jupiter's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits


Updates org.testcontainers:postgresql from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:postgresql's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits


Updates org.testcontainers:kafka from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:kafka's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits


Updates org.testcontainers:testcontainers from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:testcontainers's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits


Updates org.testcontainers:postgresql from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:postgresql's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits


Updates org.testcontainers:kafka from 1.19.4 to 1.19.7

Release notes

Sourced from org.testcontainers:kafka's releases.

1.19.7

Testcontainers for Java 1.19.7

Modules

Elasticserach

HiveMQ

MongoDB

  • Support mongodb/mongodb-community-server and mongodb/mongodb-enterprise-server (#8386) @​eddumelendez

PostgreSQL

📖 Documentation

📦 Dependency updates

1.19.6

Testcontainers for Java 1.19.6

Modules

New modules

📖 Documentation

... (truncated)

Commits
dependabot[bot] commented 8 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.