search

pivotal-cf / java-cfenv

Apache License 2.0
91 stars 56 forks source link

Bump spring-boot-dependencies from 2.5.2 to 2.5.4 #164

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps spring-boot-dependencies from 2.5.2 to 2.5.4.

Release notes

Sourced from spring-boot-dependencies's releases.

v2.5.4

:lady_beetle: Bug Fixes

  • spring-boot-configuration-metadata leaks enforced dependency constraints into consuming builds #27730
  • Potential NPE in TomcatMetricsBinder.findContext() #27616
  • Cyclic bean definition when a Spring Data repository is a dependency of a MeterBinder #27591
  • spring-boot:build-image hangs when exceptions are thrown during upload #27535
  • WebTestClientContextCustomizerFactory causes an IllegalStateException when WebClient is on the classpath without a supported HTTP client #27527
  • spring.security.dispatcher-types is not applied to Spring Security's filter when running in a separate management context #27505
  • A URI with non-alpha characters in its scheme is not sanitized #27488

:notebook_with_decorative_cover: Documentation

  • Mention productionRuntimeClasspath in Gradle plugin's documentation #27620
  • Fix typo in javadoc #27618

:hammer: Dependency Upgrades

  • Upgrade to ActiveMQ 5.16.3 #27742
  • Upgrade to AppEngine SDK 1.9.91 #27743
  • Upgrade to Cassandra Driver 4.11.3 #27674
  • Upgrade to Couchbase Client 3.1.7 #27675
  • Upgrade to Ehcache3 3.9.5 #27676
  • Upgrade to Glassfish JAXB 2.3.5 #27677
  • Upgrade to Hazelcast 4.1.5 #27744
  • Upgrade to Hazelcast Hibernate5 2.2.1 #27678
  • Upgrade to Janino 3.1.6 #27679
  • Upgrade to Logback 1.2.5 #27680
  • Upgrade to MariaDB 2.7.4 #27681
  • Upgrade to Maven Enforcer Plugin 3.0.0 #27682
  • Upgrade to Micrometer 1.7.3 #27601
  • Upgrade to MIMEPull 1.9.15 #27683
  • Upgrade to Netty 4.1.67.Final #27745
  • Upgrade to Nimbus JOSE JWT 9.10.1 #27701
  • Upgrade to OAuth2 OIDC SDK 9.9.1 #27700
  • Upgrade to Reactor 2020.0.10 #27600
  • Upgrade to SendGrid 4.7.4 #27684
  • Upgrade to Spring Data 2021.0.4 #27633
  • Upgrade to Spring Integration 5.5.3 #27604
  • Upgrade to Spring Kafka 2.7.6 #27602
  • Upgrade to Spring Security 5.5.2 #27603
  • Upgrade to Spring Session 2021.0.2 #27605
  • Upgrade to Tomcat 9.0.52 #27685
  • Upgrade to Undertow 2.2.10.Final #27686

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

... (truncated)

Commits
  • 4c81152 Release v2.5.4
  • a5bd4e9 Merge branch '2.4.x' into 2.5.x
  • 6be27e2 Download artifacts for the publish_gradle_plugin task
  • 29ccbdd Merge branch '2.4.x' into 2.5.x
  • f2b7092 Use token for GitHub authentication consistently
  • e28115e Next development version (v2.4.11-SNAPSHOT)
  • 2c18f26 Merge branch '2.4.x' into 2.5.x
  • ea95c99 Update email address used for release commit
  • 6d8ba3e Merge branch '2.4.x' into 2.5.x
  • ea9f851 Merge pull request #27736 from izeye
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)