thumb-tack / tt

Apache License 2.0
0 stars 1 forks source link

Bump hibernate-validator from 6.0.10.Final to 6.0.20.Final in /bom #28

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps hibernate-validator from 6.0.10.Final to 6.0.20.Final.

Changelog

Sourced from hibernate-validator's changelog.

6.0.20.Final (06-05-2020)

** Bug * HV-1774 - engine - Invalid parsing of EL expression can lead to invalid EL expressions considered valid * HV-1772 - engine - Building multiple ValidatorFactory instances from a single Configuration violates specification for MessageInterpolator

** Improvement * HV-1773 - documentation - Be more explicit about issues with EL injection and how to avoid them

6.0.19.Final (27-03-2020)

** Bug * HV-1758 - translations - Extra dollar sign in validation messages for ModCheck * HV-1756 - translations - Incorrect variables in the newly added translations

** New Feature * HV-1755 - engine - Introduce the notion of BeanMetaDataClassNormalizer in the standard ValidatorFactory

** Task * HV-1753 - tests - Force Pax-Exam and Karaf to use Maven Central repository with SSL enabled

6.0.18.Final (25-10-2019)

** Bug * HV-1722 - engine - Remove settings-example.xml reference from .travis.yml * HV-1720 - engine - Support bounded wildcard types in container value unwrapping * HV-1715 - engine - Validation can sometimes proceed to the next group in sequence even after one of the constraints generated a violation

** Improvement * HV-1729 - performance - Skip allocation of an action for each need to access the context classloader

** Task * HV-1740 - engine - Deprecate @​SafeHtml * HV-1739 - engine - CVE-2019-10219 Security issue with @​SafeHtml * HV-1731 - tck-runner - Move TCK signature check to tck-runner module * HV-1728 - build - Upgrade to WildFly 17.0.1.Final * HV-1724 - build - Update to OpenJFX 11.0.2

6.0.17.Final (13-06-2019)

** Bug * HV-1713 - engine - Missing violation when a bean is validated with different groups * HV-1709 - validators - Polish Identification numbers are not considering length of the value * HV-1706 - validators - ISBN-13 algorithm does not handle checksum 10

** Task

... (truncated)

Commits
  • 4dc4cd3 [Jenkins release job] Preparing release 6.0.20.Final
  • bd0c7d4 [Jenkins release job] changelog.txt updated by release build 6.0.20.Final
  • 3205799 [Jenkins release job] README.md updated by release build 6.0.20.Final
  • 4b9f2a1 HV-1774 Fix an invalid error message for unbalanced '{'/'}'
  • 16b77f0 HV-1774 Add a few tests to demonstrate the behavior of TokenCollector
  • 29bd0f4 HV-1774 Do not interpret '$\A{1+1}' in message templates
  • df2fe2c HV-1774 Test arbitrary code injection through buildConstraintViolationWithTem...
  • 5903f44 HV-1773 Be more explicit about issues with EL injection and how to avoid them
  • 6702a5e HV-1772 Allow overriding MessageInterpolator when config is reused
  • f99e866 [Jenkins release job] Preparing next development iteration
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/thumb-tack/tt/network/alerts).