Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spring-web from 5.3.20 to 5.3.22 #668

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 18, 2022

Bumps spring-web from 5.3.20 to 5.3.22.

Release notes

Sourced from spring-web's releases.

v5.3.22

⭐ New Features

  • Improve regex "." matching for URL paths #28815
  • Spring JDBC does not recognize LocalDate and LocalDateTime in javaType to sqlType Mapping #28778
  • ResolvableType.forInstance should return NONE for null instance #28776
  • Correctly identify MaxUploadSizeExceededException through keywords in message from Jetty 9.4.x #28759
  • Introduce StringUtils.trimAllWhitespace(CharSequence) #28757
  • Trim string input in Converters where whitespace is irrelevant #28756
  • Trim string input in PropertyEditors where whitespace is irrelevant #28755
  • Improve diagnostics for CGLIB ClassLoader issues on Java 9+ #28747
  • Create well-known non-interface types in CollectionFactory without using reflection #28718
  • Revise internals of LoggingCacheErrorHandler #28672
  • Simplify creation of LoggingCacheErrorHandler with logged stacktrace #28670
  • Fix DataSourceUtils inconsistent exception handling #28669
  • Introduce lenient parsing in DataSize regarding whitespace #28643
  • Support adding rather than replacing modules in Jackson2ObjectMapperBuilder #28633
  • Add MockMvcRequestBuilders.multipart(HttpMethod, String, Object...) #28631
  • Avoid parsing request body in DispatcherServlet for "parameters={masked}" log message #28587
  • Avoid synchronization in AbstractAspectJAdvice#calculateArgumentBindings #26377

🐞 Bug Fixes

  • WebFlux multipart temporary file not deleted when the client disconnects early #28740
  • Ensure channelExecutors and taskScheduler in STOMP WebSocket config are qualified #28736
  • MockHttpServletResponse addHeader does not allow Comment part with Set-Cookie header #28730
  • Meta-annotations are unnecessarily synthesized in MergedAnotations #28704
  • GenericApplicationContext does not honor ProtocolResolver when a resource loader is set via setResourceLoader() #28703
  • R2DBC: @Transactional(readOnly) is applied to the connection before the transaction has begun #28610

📔 Documentation

  • Fix Kotlin code snippets language #28810
  • Fix typos in reference docs and project documentation #28805
  • Fix and improve Javadoc in spring-beans and spring-aop #28803
  • Fix and improve Javadoc in spring-core and spring-context #28802
  • Fix and improve Javadoc in spring-messaging, spring-jms and spring-expression #28800
  • Fix and improve Javadoc in spring-r2dbc, spring-oxm, spring-orm and spring-jdbc #28796
  • Fix and improve Javadoc in spring-test #28795
  • Fix and improve Javadoc in spring-tx #28794
  • Fix and improve Javadoc in spring-web #28791
  • Fix and improve Javadoc in spring-webflux #28790
  • Fix and improve Javadoc in spring-webmvc #28789
  • Fix and improve Javadoc in spring-websocket #28788
  • Fix Kotlin example for defines a custom @Production #28680
  • Fix a typo in ResponseEntity documentation #28647
  • Document that Kotlin inline classes are not supported yet #28642
  • Refine @Required Kotlin documentation to use annotation use site targets #28630
  • Fix Kotlin example for @ComponentScan basePackages attribute #28628
  • Kotlin examples for setter injection incorrectly use field injection #28596

... (truncated)

Commits
  • 508cc34 Release v5.3.22
  • e50131d Add Consumer methods to configure Jackson modules
  • cdd4e8c Improve regex support for URL path matching
  • 02b7ddb Upgrade to Log4J 2.18, H2 2.1.214, OpenPDF 1.3.29, XStream 1.4.19, HtmlUnit 2...
  • 8e5c490 Avoid synchronization in AbstractAspectJAdvice#calculateArgumentBindings
  • bd34996 Fix typos in test code
  • 2e4d7e4 Polishing
  • c6be3b3 Fix and improve Javadoc in spring-aop
  • c112bb0 Fix and improve Javadoc in spring-beans
  • 165fba8 Fix typos in reference docs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.20 to 5.3.22.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v5.3.20...v5.3.22)

---
updated-dependencies:
- dependency-name: org.springframework:spring-web
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 18, 2022
@ismisepaul ismisepaul closed this Jul 18, 2022
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 18, 2022

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/maven/org.springframework-spring-web-5.3.22 branch July 18, 2022 10:47
ismisepaul added a commit to elastic/SecurityShepherd that referenced this pull request Aug 24, 2022
* ability to set mongo bind address and docker mapping

* hunting down null pointer caused by spring-data-mongodb https://jira.mongodb.org/browse/JAVA-2590. issue OWASP#649

* fixing lint issue

* Fixing issue where you cannot see the result key for XXE Challenge 1 by splitting out the levels. Adding a small check to not reveal key from both levels. fixes issue OWASP#652

* Bump docker-maven-plugin from 0.39.1 to 0.40.0

Bumps [docker-maven-plugin](https://github.com/fabric8io/docker-maven-plugin) from 0.39.1 to 0.40.0.
- [Release notes](https://github.com/fabric8io/docker-maven-plugin/releases)
- [Changelog](https://github.com/fabric8io/docker-maven-plugin/blob/master/doc/changelog.md)
- [Commits](fabric8io/docker-maven-plugin@v0.39.1...v0.40.0)

---
updated-dependencies:
- dependency-name: io.fabric8:docker-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump mockito-core from 4.5.1 to 4.6.0

Bumps [mockito-core](https://github.com/mockito/mockito) from 4.5.1 to 4.6.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v4.5.1...v4.6.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump mockito-core from 4.6.0 to 4.6.1

Bumps [mockito-core](https://github.com/mockito/mockito) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker-maven-plugin from 0.40.0 to 0.40.1

Bumps [docker-maven-plugin](https://github.com/fabric8io/docker-maven-plugin) from 0.40.0 to 0.40.1.
- [Release notes](https://github.com/fabric8io/docker-maven-plugin/releases)
- [Changelog](https://github.com/fabric8io/docker-maven-plugin/blob/master/doc/changelog.md)
- [Commits](fabric8io/docker-maven-plugin@v0.40.0...v0.40.1)

---
updated-dependencies:
- dependency-name: io.fabric8:docker-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* closes dependabot pull requests OWASP#664 OWASP#665 OWASP#666 😈 OWASP#667 OWASP#668 OWASP#669

* Fix minor spelling and grammar errors

- increases -> increasing
- presentended -> presented
- user's -> users'

* Bump exec-maven-plugin from 3.0.0 to 3.1.0

Bumps [exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](mojohaus/exec-maven-plugin@exec-maven-plugin-3.0.0...exec-maven-plugin-3.1.0)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Adding new images for the banner and removing old images closes OWASP#686

* Bump docker-maven-plugin from 0.40.1 to 0.40.2

Bumps [docker-maven-plugin](https://github.com/fabric8io/docker-maven-plugin) from 0.40.1 to 0.40.2.
- [Release notes](https://github.com/fabric8io/docker-maven-plugin/releases)
- [Changelog](https://github.com/fabric8io/docker-maven-plugin/blob/master/doc/changelog.md)
- [Commits](fabric8io/docker-maven-plugin@v0.40.1...v0.40.2)

---
updated-dependencies:
- dependency-name: io.fabric8:docker-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: arsenkhy <77200251+arsenkhy@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant