search

Techini / vulnado

Purposely vulnerable Java application to help lead secure coding workshops
Apache License 2.0
0 stars 0 forks source link

Bump spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.5 #102

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.5.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.4.5

:beetle: Bug Fixes

  • CloudPlatform.isActive can return true when spring.main.cloud-platform is set to NONE #26124
  • Elasticsearch auto-configuration does not configure default converters #26029
  • Gradle bootBuildImage does not preserve file permissions for resources #25937
  • Keystore.load calls do not close InputStream #25922
  • Configuration of ciphers is ignored for TCP with Reactory Netty #25913
  • java.util.concurrent.RejectedExecutionException when shutting down Spring Boot app with Cassandra #25869
  • When running with a context hierarchy, PrimaryDefaultValidatorPostProcessor causes a NoSuchBeanDefinitionException when a Validator is in an ancestor context #25863
  • Unlike Micrometer's PushMeterRegistry, PrometheusPushGatewayManager stops publishing when an UnknownHostException is caught #25844
  • @Persistent should not be considered when scanning for MongoDB entities #25797
  • spring-boot:build-image hangs when classifier is specified in configuration #25789
  • DefaultErrorWebExceptionHandler does not remove MetaType.ALL when a quality values is present #25786
  • AbstractWebMvcEndpointHandlerMapping does not chain InvalidEndpointRequestExceptions #25784
  • Unpacked jars are not deleted when the JVM exits #25774
  • TldPatterns are not aligned with Tomcat #25770
  • Actuator's rest template metrics customization prevents RootUriRequestExpectationManager.forRestTemplate from identifying that the template has had a root URI configured #25768
  • ConfigData imports cannot override profile specific imports #25766
  • URI tag of http.client.requests metric ignores REST template's root URI #25765
  • Checks 'javax.persistence.schema-generation.database.action' when determining DDL auto default #25754
  • Bootstrapper interface provides no clean upgrade path due to deprecated method #25735
  • spring-boot:build-image hangs if finalName is specified in Spring Boot plugin configuration #25700
  • During incremental compilation, configuration property metadata isn't generated for classes annotated with @ControllerEndpoint, @JmxEndpoint, @RestControllerEndpoint, @ServletEndpoint, or @WebEndpoint #25388

:notebook_with_decorative_cover: Documentation

  • Document limitations of using deferred JPA bootstrap and early access to JPA #26110
  • Mention special behavior of spring.config.additional-location in docs #26085
  • Provide package info for org.springframework.boot.test.autoconfigure.data.cassandra #26081
  • Document more prominently that DataJpaTest sets spring.jpa.show-sql=true by default #26024
  • Document how to provide runtime JVM arguments when building an image #25992
  • Javadoc link for non-public autoconfiguration classes does not exist #25987
  • Fix typos in docs #25947
  • Use main as the branch name in info endpoint example #25866
  • Document how to configure Maven's Failsafe plugin when not using spring-boot-starter-parent #25832
  • Update deprecation warnings with for removal targets #25825

:hammer: Dependency Upgrades

  • Upgrade to AppEngine SDK 1.9.88 #26006
  • Upgrade to Dropwizard Metrics 4.1.19 #26007
  • Upgrade to Glassfish JAXB 2.3.4 #26100
  • Upgrade to Hibernate 5.4.30.Final #26008
  • Upgrade to HSQLDB 2.5.2 #26101
  • Upgrade to Jakarta Mail 1.6.7 #26009
  • Upgrade to Jaybird 3.0.11 #26010
  • Upgrade to Jetty 9.4.39.v20210325 #26012
  • Upgrade to Jetty Reactive HTTPClient 1.1.7 #26011
  • Upgrade to Kotlin 1.4.32 #26013

... (truncated)

Commits
  • 7caf238 Release v2.4.5
  • c48a48f Merge branch '2.3.x' into 2.4.x
  • dea62c1 Next development version (v2.3.11.BUILD-SNAPSHOT)
  • 01fb599 Revert "Attempt to overcome Docker rate limiting on CI"
  • bfe8e5a Revert changes to make staging run Docker
  • 6073cf7 Marking staging tasks as privileged so they can start Docker
  • f741230 Start Docker before running a staging build
  • f814bea Upgrade to Spring Session Dragonfruit-SR3
  • 1de185c Merge branch '2.3.x' into 2.4.x
  • e8eb68a Upgrade to Spring Session Dragonfruit-SR3
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot-preview[bot] commented 3 years ago

Superseded by #105.