search

Techini / vulnado

Purposely vulnerable Java application to help lead secure coding workshops
Apache License 2.0
0 stars 0 forks source link

Bump spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.2 #98

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.2.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.4.2

:star: New Features

  • Add API for PropertySource resource location retrieval #24504

:beetle: Bug Fixes

  • DataSourceUnwrapper calls Wrapper.isWrapperFor with a interface rather than an class causing HikariDataSourceMetricsRegistry failure #24841
  • Wrong logging pattern with multiple web applications #24835
  • Configuration metadata json does not include spring.config.use-legacy-processing #24816
  • Setting -Dspring.devtools.restart.enabled=true has no effect when the class loader class name does not contain AppClassLoader #24797
  • Auto-configured JdbcSessionDataSourceInitializer does not use the @SpringSessionDataSource if available #24790
  • Error Invalid entry size when build application with a dependency jar larger than 2,147,483,647 bytes with Gradle #24768
  • Default servlet location is not registered using a ServletContextResource #24748
  • bootRun task does not use the project's toolchain by default #24738
  • BootRun does not consider configured javaLauncher when determining JVM arguments for an optimized launch #24735
  • spring.profiles.include is silently ignored when used in a profile-specific document #24733
  • main application.yaml overrides test application.properties #24719
  • Actuator 'configprops' endpoint does not show inputs for @Name parameters #24713
  • Exploded archives launched using the launcher have an incorrectly ordered classpath that also contains non-existent jar files #24710
  • spring-boot:build-image has a layout parameter that cannot be always be honoured #24689
  • FailureAnalyzers' unmet dependency errors add noise to logs #24683
  • WebTestClient base path is not set to the application context path #24678
  • Support JSR-305 @Nullable annotations on endpoint methods #24672
  • JSR-305 @Nullable cannot be used to indicate that a parameter to an endpoint operation is optional #24670
  • ConfigDataEnvironment doesn't register updated Binder #24669
  • WebServer implementations should return -1 if not listening on a port #24657
  • Support JSR-305 @Nullable annotations on endpoint methods #24654
  • Handle missing manifest files in JarTypeFilter #24597
  • ConfigDataLocationNotFoundException thrown at application startup with configserver: config imports, that are not even meant for the current profile #24584
  • Maven resources plugin execution generates a warning with a vanilla project #24576
  • BootstrapContext Binder cannot be used if accessed early #24559
  • Opening a connection to a jar:war: URL created by Tomcat results in an illegal reflective access warning on Java 13+ #24554
  • Enforce that builder and run images are pulled from the same authenticated registry #24552
  • Actuator doesn't use the CORS Configuration with default security configuration and Spring MVC #24542
  • Avoid duplicate classes in MergedContextConfiguration #24536
  • Image is built from jar file when when using war packaging with Gradle #24535
  • configtree not working with Kubernetes projected volume #24530
  • Netty Web Server will not start if using Unix Domain Sockets #24529
  • Application Startup Fails For Existing, Non-Optional Config Location, Resulting In ConfigDataLocationNotFoundException #24499
  • Exceptions are still translated by JdbcTransactionManager when spring.dao.exceptiontranslation.enabled is false #24321
  • Persistent and RelationshipProperties-annotated types are not scanned with Spring Data Neo4j #24239
  • flashMapManager and themeResolver beans can no longer be configured without enabling bean overriding #24207

:notebook_with_decorative_cover: Documentation

  • Fix documentation on probes states during graceful shutdown #24843
  • Clarify behaviour of WebServerFactory in reference guide #24707
  • Migrate away from pivotal-legacy/homebrew-tap #24681
  • Fix javadoc typo in ConfigDataLocation #24660
Commits
  • c73f178 Release v2.4.2
  • 26f2cac Update copyright year of changed files
  • c0aef4c Apply SystemProperties to LoggerContext
  • 68fc232 Revert "Remove unnecessary code"
  • 716dce3 Merge branch '2.3.x' into 2.4.x
  • 8f692a1 Next development version (v2.3.9.BUILD-SNAPSHOT)
  • 6f51831 Fix docs on probe state during graceful shutdown
  • dda8b5d Revert "Upgrade to Kafka 2.6.1"
  • 2072e72 Merge branch '2.3.x' into 2.4.x
  • 283ed48 Unwrap Datasource against an actual interface
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot-preview[bot] commented 3 years ago

Superseded by #99.