mebigfatguy / fb-contrib

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
http://fb-contrib.sf.net
GNU Lesser General Public License v2.1
157 stars 45 forks source link

Bump spring-beans from 4.3.25.RELEASE to 5.2.20.RELEASE #436

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 1 year ago

Bumps spring-beans from 4.3.25.RELEASE to 5.2.20.RELEASE.

Release notes

Sourced from spring-beans's releases.

v5.2.20.RELEASE

:star: New Features

  • Restrict access to property paths on Class references #28262
  • Improve diagnostics in SpEL for large array creation #28257

v5.2.19.RELEASE

:star: New Features

  • Declare serialVersionUID on DefaultAopProxyFactory #27785
  • Use ByteArrayDecoder in DefaultClientResponse::createException #27667

:lady_beetle: Bug Fixes

  • ProxyFactoryBean getObject called before setInterceptorNames, silently creating an invalid proxy [SPR-7582] #27817
  • Possible NPE in Spring MVC LogFormatUtils #27783
  • UndertowHeadersAdapter's remove() method violates Map contract #27593
  • Fix assertion failure messages in DefaultDataBuffer.checkIndex() #27577

:notebook_with_decorative_cover: Documentation

  • Lazy annotation throws exception if non-required bean does not exist #27660
  • Incorrect Javadoc in [NamedParameter]JdbcOperations.queryForObject methods regarding exceptions #27581
  • DefaultResponseErrorHandler update javadoc comment #27571

:hammer: Dependency Upgrades

  • Upgrade to Reactor Dysprosium-SR25 #27635
  • Upgrade to Log4j2 2.16.0 #27825

v5.2.18.RELEASE

:star: New Features

  • Enhance DefaultResponseErrorHandler to allow logging complete error response body #27558
  • DefaultMessageListenerContainer does not log an error/warning when consumer tasks have been rejected #27457

:lady_beetle: Bug Fixes

  • Performance impact of con.getContentLengthLong() in AbstractFileResolvingResource.isReadable() downloading huge jars to check component length #27549
  • Performance impact of ResourceUrlEncodingFilter on HttpServletResponse#encodeURL #27548
  • Avoid duplicate JCacheOperationSource bean registration in #27547
  • Non-escaped closing curly brace in RegEx results in initialization error on Android #27502
  • Proxy generation with Java 17 fails with "Cannot invoke "Object.getClass()" because "cause" is null" #27498
  • ConcurrentReferenceHashMap's entrySet violates the Map contract #27455

:hammer: Dependency Upgrades

  • Upgrade to Reactor Dysprosium-SR24 #27526

v5.2.17.RELEASE

... (truncated)

Commits
  • cfa701b Release v5.2.20.RELEASE
  • 996f701 Refine PropertyDescriptor filtering
  • 90cfde9 Improve diagnostics in SpEL for large array creation
  • 94f52bc Upgrade to Artifactory Resource 0.0.17
  • d4478ba Upgrade Java versions in CI image
  • 136e6db Upgrade Ubuntu version in CI images
  • 8f1f683 Upgrade Java versions in CI image
  • ce2367a Upgrade to Log4j2 2.17.1
  • acf7823 Next development version (v5.2.20.BUILD-SNAPSHOT)
  • 1a03ffe Upgrade to Log4j2 2.16.0
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mebigfatguy/fb-contrib/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

hazendaz commented 11 months ago

close me.

dependabot[bot] commented 9 months ago

Superseded by #463.