Techini / vulnado

Purposely vulnerable Java application to help lead secure coding workshops
Apache License 2.0
0 stars 0 forks source link

Bump spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.3 #99

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps spring-boot-starter-parent from 2.1.2.RELEASE to 2.4.3.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.4.3

:beetle: Bug Fixes

  • DataSourceBuilder no longer invokes setUser on org.postgresql.ds.PGSimpleDataSource #25363
  • DatabaseDriver does not detect Amazon Redshift correctly #25312
  • Migrations performed by Flyway or Liquibase may not have completed before the database is accessed via jOOQ #25310
  • No error message when using spring.profiles.include in a profile-specific config file if it's written as a YAML list #25309
  • Dependency management for Hibernate's new hibernate-micrometer module is missing #25305
  • DataSourceBuilder no longer invokes setUser on org.h2.jdbcx.JdbcDataSource #25263
  • Missing RabbitMQ metrics if bean is defined as a ConnectionFactory #25185
  • A ContextRefreshedEvent from a child context may result in deadlock when using JPA deferred repositories #25174
  • Gradle plugin does not include transitive project dependencies into application layer #25163
  • initQueryTimeout and ildeTimeout defaults are not aligned with Cassandra defaults #25150
  • Remote application from devtools does not work with security filter in WebSecurityConfigurerAdapter #25147
  • TestRestTemplate exchange triggers UnsupportedOperationException when using a UriTemplateRequestEntity #25097
  • WebMvcTest and WebFluxTest ignore user-provided Thymeleaf IDialect beans #25072
  • Managed versions of oauth2-oidc-sdk and nimbus-jose-jwt are incompatible #25070
  • BeanCreationException thrown creating 'neo4jMappingContext' with Spring Boot 2.4.2 when combined with MongoDB #25069
  • Collection conversion doesn't work for configtree properties #25057
  • ConfigData with Option.IGNORE_IMPORTS can cause NPE #25029
  • spring.config.activate.on-profile cannot be used in profile specific file #24990
  • ConfigDataLoaders cannot have a DeferredLogFactory injected preventing their subcomponents from logging accurately #24988
  • Spring Data Solr support is not flagged as deprecated #24943
  • Since 2.4.2, the Logback charset defaults to UTF-8 rather than the OS's default #24894
  • InvalidConfigDataPropertyException thrown when server processed ConfigData contains profiles #24890
  • When spring.mvc.pathmatch.matching-strategy is set to path-pattern-parser, the error handling of a management server listening on a separate port is broken #24877
  • mappings endpoint fails due to an NPE when spring.mvc.pathmatch.matching-strategy is set to path-pattern-parser #24874
  • Failures when recording metrics in MetricsClientHttpRequestInterceptor may interfere with RestTemplate's main behaviour #24872
  • Auto-configured DataSourceTransactionManager uses spring.dao.exceptiontranslation.enable rather than spring.dao.exceptiontranslation.enabled to control exception translation #24867
  • Illegal reflective access by org.springframework.cglib.core.ReflectUtils #24857
  • Configuration metadata for logging.charset.* has invalid reference for java.nio.charset.Charset #24851
  • Asynchronous deserialization performed by Hazelcast may fail due to the wrong ClassLoader being used #24836

:notebook_with_decorative_cover: Documentation

  • Update the Gradle plugin documentation to recommend the maven-publish plugin over the maven plugin #25307
  • Document Kafka Streams metrics support #25297
  • Default values of integer properties in the application properties appendix are rendered as decimals #25176
  • Clarify usage of BufferingApplicationStartup #25075
  • Since 2.3.8 and 2.4.2, the documented index format does not match the implementation #25066
  • Clarify when retaining . characters in property keys requires bracket notation to be used #25064
  • Highlight that Duration and Period conversion is provided by the ApplicationConversionService and, by default, is not available for web conversion #25061
  • Document logging.register-shutdown-hook and why you may want to enable it #25044
  • bootRun project property command line example is incomplete #25042
  • Document the need to use the launcher to be able to use application.* properties in a custom banner #25040
  • Add some guidance to the reference documentation about diagnosing unexpected property values #25038
  • WebMvcProperties.MatchingStrategy should be documented as being since 2.4.0 #24875
  • CONTRIBUTING.adoc contains broken link to spring-javaformat-intellij-idea-plugin #24869
  • Add version to reference docs index #24854
  • Remove YAML shortcomings section as it no longer applies #24620

... (truncated)

Commits
  • 49ea417 Release v2.4.3
  • 526474f Add username alias for Postgres's PGSimpleDataSource
  • bb56de7 Upgrade to Spring Security 5.4.5
  • 08f73e0 Upgrade to Spring Kafka 2.6.6
  • 50a258a Upgrade to Spring Integration 5.4.4
  • 332ab5e Upgrade to Spring AMQP 2.3.5
  • a2695f2 Upgrade to Spring Data 2020.0.5
  • 0a72f4d Merge branch '2.3.x' into 2.4.x
  • 90fb65d Upgrade to 0.0.6 of the changelog generator
  • 83a18a3 Start using 0.0.6 snapshots of the changelog generator
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot-preview[bot] commented 3 years ago

Superseded by #101.