Ensure you have no changes in your local repository.
Change to a new branch.
For example:
[source,bash]
$ git checkout -b 5.5.0-RC1-dependencies
Review the rules in build.gradle to ensure the rules make sense.
For example, we should not allow major version updates in a patch release.
Also ensure that all of the exclusions still make sense.
The following Gradle command will update your dependencies creating a commit for each dependency update.
The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.
[source,bash]
$ ./gradlew updateDependencies
Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.
[source,bash]
$ git log
If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.
Run all the checks:
[source,bash]
$ ./gradlew check
If they don’t work, you can run a git bisect to discover what broke the build.
Fix any commits that broke the build.
Check out the original brach:
[source,bash]
$ git checkout -
The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jeequan/jeepay/network/alerts).
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
dependabot[bot]
commented
8 months ago
Bumps spring-security-core from 5.4.7 to 5.5.7.
Release notes
Sourced from spring-security-core's releases.
... (truncated)
Changelog
Sourced from spring-security-core's changelog.
... (truncated)
Commits
ada3337Release 5.5.70bd7dafImprove Upgradingc6461d6AntRegexRequestMatcher Optimization4405cf1Extract rejectNonPrintableAsciiCharactersInFieldName7eb8a58Update org.springframework.data to 2021.0.11415ee4dUpdate org.springframework to 5.3.204d47d51Update io.projectreactor to 2020.0.197983c69Fix mvcMatchers overriding previous paths15b3744Fix setServletContext not being called for AuthorizationManagerWebInvocationP...20b94c4Next development versionYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jeequan/jeepay/network/alerts).