search

Techini / vulnado

Purposely vulnerable Java application to help lead secure coding workshops
Apache License 2.0
0 stars 0 forks source link

Bump spring-boot-starter-parent from 2.1.2.RELEASE to 2.5.2 #135

Closed dependabot-preview[bot] closed 2 years ago

dependabot-preview[bot] commented 3 years ago

Bumps spring-boot-starter-parent from 2.1.2.RELEASE to 2.5.2.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.5.2

:beetle: Bug Fixes

  • Instantiator is called without a classloader #27074
  • EnvironmentPostProcessors aren't instantiated with correct ClassLoader #27073
  • EnvironmentPostProcessors aren't instantiated with correct ClassLoader #27072
  • Instantiator is called without a classloader #27071
  • Failure when binding the name of a non-existent class to a Class property isn't very helpful #27061
  • Failure when binding the name of a non-existent class to a Class property isn't very helpful #27060
  • Unable to exclude dependencies on repackaging war #27057
  • Unable to exclude dependencies on repackaging war #27056
  • Deadlock when the application context is closed and System.exit(int) is then called during application context refresh #27049
  • Default value for NettyProperties.leakDetection is not aligned with Netty's default #27046
  • Profile-specific resolution should still happen when processing 'spring.config.import' properties #27006
  • Profile-specific resolution should still happen when processing 'spring.config.import' properties #27005
  • Gradle build fails with "invocation of 'Task.project' at execution time is unsupported" when using the configuration cache in a project that depends on org.springframework.boot:spring-boot-configuration-processor #26997
  • NoSuchMethodError with Jetty 10 when trying to use HTTP/2 over TLS (h2) #26988
  • SpringApplicationShutdownHook throws ClassCastException when use log4j2 #26953
  • Gradle 6.9.x is not listed as a supported version when the Gradle version is < 6.8 #26952
  • Kotlin plugin's version shouldn't be read if the kotlin.version extra property has been set #26947
  • Profile-specific files should still be considered when processing 'spring.config.import' properties #26939
  • Misleading type information reported by BeanNotOfRequiredTypeFailureAnalyzer #26935
  • SQL initialization in 2.5 does not handle connection errors gracefully anymore #26926
  • Script-based database initialization should not check the database's type unless it has scripts to apply #26925
  • Memory leak in MetricsClientHttpRequestInterceptor when auto-timing is disabled #26923
  • DevTools' LiveReload support's HTTP header handling is case sensitive #26920
  • DevTools' LiveReload support's HTTP header handling is case sensitive #26919
  • App fails to start when using Flyway or Liquibase with a spring.flyway.url or spring.liquibase.url without spring-jdbc on the classpath #26917
  • A bean factory post processor cannot be configured to run after DependsOnDatabaseInitializationPostProcessor #26899
  • WebSocket auto-configuration throws a CNFE with Jetty 10 #26847

:notebook_with_decorative_cover: Documentation

  • Description of spring.datasource.name property is inaccurate #27063
  • Description of spring.datasource.name property is inaccurate #27062
  • Update reference documentation to reflect @SpringBootApplication's use of @SpringBootConfiguration #27024
  • Document uuid support in RandomValuePropertySource #27010
  • Misleading doc about application startup exposure #26978
  • Add missing space for asciidoc ordered list #26955
  • Add Azure info to the cloud deployment docs #26910
  • Make the documentation versions more apparent #26891

:hammer: Dependency Upgrades

  • Upgrade to Cassandra Driver 4.11.2 #26990
  • Upgrade to Dropwizard Metrics 4.1.24 #27035
  • Upgrade to Hazelcast 4.1.4 #27069
  • Upgrade to Jedis 3.6.1 #26992
  • Upgrade to Jetty EL 9.0.48 #26993
  • Upgrade to Kotlin 1.5.20 #27088

... (truncated)

Commits
  • cbe4cff Release v2.5.2
  • dfbd82b Fix Kotlin 1.5.20 classpath issues
  • d442071 Suppress Kotlin 1.5.20 deprecation warning
  • 8f9652c Upgrade to Kotlin 1.5.20
  • b4346f0 Merge branch '2.4.x' into 2.5.x
  • fb008a4 Merge branch '2.3.x' into 2.4.x
  • 82963a3 Fix typo
  • c150a91 Merge branch '2.4.x' into 2.5.x
  • 2ea8367 Merge branch '2.3.x' into 2.4.x
  • 7617f0d Do not publish to Sonatype when already published
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot-preview[bot] commented 2 years ago

Superseded by #138.