Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Mend: high confidence minor and patch dependency updates #422

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Mend: high confidence minor and patch dependency updates #422

wants to merge 1 commit into from
+60 −60

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Feb 28, 2024
edited

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
maven 3.3.9 -> 3.9.7 age adoption passing confidence
org.apache.maven.plugins:maven-gpg-plugin 1.5 -> 1.6 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.1 -> 3.13.0 age adoption passing confidence
commons-cli:commons-cli (source) 1.3 -> 1.8.0 age adoption passing confidence
org.apache.maven.plugins:maven-javadoc-plugin 2.9.1 -> 2.10.4 age adoption passing confidence
org.springframework.boot:spring-boot-maven-plugin (source) 1.5.4.RELEASE -> 1.5.22.RELEASE age adoption passing confidence
org.apache.maven.plugins:maven-source-plugin 2.3 -> 2.4 age adoption passing confidence
org.apache.maven.plugins:maven-war-plugin 3.2.0 -> 3.4.0 age adoption passing confidence
commons-io:commons-io (source) 2.6 -> 2.7 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.5.1 -> 3.13.0 age adoption passing confidence
com.fasterxml.jackson.core:jackson-core 2.8.8 -> 2.17.1 age adoption passing confidence
org.sonatype.plugins:nexus-staging-maven-plugin (source) 1.6.3 -> 1.7.0 age adoption passing confidence
org.apache.commons:commons-collections4 (source) 4.1 -> 4.4 age adoption passing confidence
org.apache.commons:commons-lang3 (source) 3.4 -> 3.14.0 age adoption passing confidence
junit:junit (source) 4.10 -> 4.13.2 age adoption passing confidence
org.apache.logging.log4j:log4j-core (source) 2.6 -> 2.23.1 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.6.0 -> 3.13.0 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 2.3.2 -> 2.5.1 age adoption passing confidence
org.slf4j:slf4j-jdk14 (source) 1.7.25 -> 1.7.36 age adoption passing confidence
org.springframework.boot:spring-boot-dependencies (source) 1.5.7.RELEASE -> 1.5.22.RELEASE age adoption passing confidence
org.slf4j:slf4j-api (source, changelog) 1.7.25 -> 1.7.36 age adoption passing confidence
org.springframework:spring-context 5.0.9.RELEASE -> 5.3.36 age adoption passing confidence
net.sf.saxon:Saxon-HE (source) 9.6.0-4 -> 9.9.1-8 age adoption passing confidence
org.xmlunit:xmlunit-core (source) 2.2.1 -> 2.10.0 age adoption passing confidence
org.apache.tika:tika-core (source) 1.18 -> 1.28.4 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

By merging this PR, the issue #532 will be automatically resolved and closed:

Severity CVSS Score CVE
Medium Medium 4.8 CVE-2021-29425

By merging this PR, the issue #471 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 8.8 CVE-2019-10088
High High 7.8 CVE-2019-10094
Medium Medium 5.5 CVE-2022-30126
Medium Medium 5.5 CVE-2022-30973
Low Low 3.3 CVE-2022-33879

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-maven-plugin)

v1.5.22.RELEASE

Compare Source

🪲 Bug Fixes
  • Embedded MongoDB uses HTTP rather than HTTPS by default to download Mongo binaries #​17191
  • spring-boot-dependencies manages jetty-infinispan which no longer exists #​16925
📔 Documentation
  • Link to Apache Licence from Maven Plugin docs rather than embedding it #​17317
  • Improve javadoc of management server port #​17068
  • Fix persistent session property name #​16894
  • Correct expansion of jOOQ in the reference docs #​16879
🔨 Dependency Upgrades
  • Upgrade to Mysql 5.1.48 #​17783
  • Upgrade to Spring Security Oauth 2.0.18.RELEASE #​17671
  • Upgrade to Spring Security 4.2.13.RELEASE #​17670
  • Upgrade to Spring Cloud Connectors 1.2.9.RELEASE #​17669
  • Upgrade to Jetty 9.4.19.v20190610 #​17668
  • Upgrade to Tomcat 8.5.43 #​17667
  • Upgrade to Httpclient 4.5.9 #​17666
  • Upgrade to Appengine Sdk 1.9.76 #​17665
  • Upgrade to Spring Integration 4.3.21 #​17642
  • Upgrade to Spring AMQP 1.7.14 #​17640
  • Upgrade to spring-javaformat 0.0.15 #​17359
  • Upgrade to Spring Data Ingalls-SR23 #​17352
  • Upgrade to Spring Framework 4.3.25 #​17221
  • Upgrade to Dependency Management Plugin 1.0.8.RELEASE #​17149
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.21.RELEASE

Compare Source

🪲 Bug Fixes
  • Some syntax in the reference documentation is not highlighted or is missing altogether #​16548
📔 Documentation
🔨 Dependency Upgrades
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.20.RELEASE

Compare Source

🪲 Bug Fixes
  • Permit use of @JsonTest without Jackson #​16070
  • When unzipping, spring init may write zip entries outside the specified output location #​16028
  • Tomcat does not create temporary directory used to store file uploads when it does not exist #​9616
🔨 Dependency Upgrades
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.19.RELEASE

Compare Source

🔨 Dependency Upgrades

v1.5.18.RELEASE

Compare Source

⭐ New Features
  • Update the homepage in the homebrew formula to avoid a redirect #​14851
🪲 Bug Fixes
  • AnnotationsPropertySource can throw a NPE when javax meta-annotations are present #​15175
  • Allow early ServletRequest Autowiring with embedded containers #​14990
📔 Documentation
  • Document launcher's use of temp directory for libraries that require unpacking #​15180
  • Fixed typo in Maven Site doc #​15176
🔨 Dependency Upgrades
  • Upgrade to Spring Data Ingalls-SR17 #​15305
  • Upgrade to Jackson 2.8.11.20181123 #​15289
  • Upgrade to Spring Security 4.2.10 #​15255
  • Upgrade to Spring Session 1.3.4.RELEASE #​15242
  • Upgrade to Spring Integration 4.3.18.RELEASE #​15241
  • Upgrade to Spring Cloud Connectors 1.2.7.RELEASE #​15240
  • Upgrade to Tomcat 8.5.35 #​15238
  • Upgrade to Appengine Sdk 1.9.68 #​15236
  • Upgrade to Spring Framework 4.3.21 #​15188
  • Upgrade to Appengine Sdk 1.9.67 #​14955
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.17.RELEASE

Compare Source

🪲 Bug fixes
  • server.ssl.key-store-provider and server.ssl.trust-store-provider are ignored when configuring Undertow #​14713
  • @​AutoConfigureMockMvc does not honor FilterRegistrationBean.enabled=false #​14636
  • WebRequestTraceFilter calls methods on the request and response to retrieve information that then isn't included in the trace #​14550
  • Support escaped characters in BasicJsonParser #​14521
📔 Documentation
  • Fix broken Asciidoctor syntax in section on sanitizing values #​14708
  • Documentation on using Spock contains references to removed classes #​14612
  • Cassandra auto-configuration requires load balancing policy, reconnection policy and retry policy classes to have a default constructor #​14461
  • Improve documentation of RestTemplateBuilder's additionalMessageConverters #​13714
🔨 Dependency upgrades
  • Upgrade to Spring Security 4.2.9.RELEASE #​14848
  • Upgrade to Spring Amqp 1.7.11.RELEASE #​14837
  • Upgrade to Spring Security OAuth 2.0.16 #​14832
  • Upgrade to Rabbit Amqp Client 4.8.3 #​14750
  • Upgrade to Appengine Sdk 1.9.66 #​14749
  • Upgrade to GemFire 8.2.12 #​14739
  • Upgrade to Spring Data Ingalls SR16 #​14727
  • Upgrade to Spring Framework 4.3.20.RELEASE #​14721
  • Upgrade to Spring Web Services 2.4.3.RELEASE #​14527
  • Upgrade to Undertow 1.4.26.Final #​13880
❤️ Contributors

We’d like to thank all the contributors who worked on our current release!

v1.5.16.RELEASE: v.1.5.16.RELEASE

Compare Source

⭐New Features
  • Surface additional rabbit SSL factory properties #​14259
  • Perform failure analysis of NoSuchMethodErrors #​14040
🪲Bug fixes
  • MockReset is extremely slow for large project in 1.5.x branch #​14260
  • Different actuator port changes HTTP status codes on errors #​14084
  • Boot's API documentation does not successfully link to external API documentation #​14031
  • Query and ref are lost from jar: URLs that are processed by fat jar loader's handler #​14011
  • Documented defaults for some server properties do not match runtime defaults #​13821
  • Default value for server.tomcat.internal-proxies is not aligned with Tomcat's default #​13798
📔Documentation
🔨Dependency upgrades

❤️ We’d like to thank all the contributors who worked on our current release!

v1.5.15.RELEASE

Compare Source

⭐New Features
  • Remove carriage returns in TypeUtils.getJavaDoc() #​13779
🪲Bug fixes
  • Fix Flyway filesystem prefix location check #​13863
  • Application does not fail to start when Jetty's WebAppContext fails to start #​13803
  • Bean definitions in DataSourceConfiguration's inner classes override each other when multiple pools are on the classpath #​13737
  • Repackaging may fail with "ZipException: invalid entry compressed size" when input jar has been built with non-default compression settings #​13720
  • spring-boot-starter-parent inadvertently overrides spring-boot-dependencies' managed version for maven-resources-plugin #​13607
  • Clean line breaks in configuration metadata descriptions #​13601
  • Overridden bean definitions may cause incorrect bean condition evaluation due to stale information being held by BeanTypeRegistry #​13588
  • LiquibaseEndpoint may leave a connection's auto commit property set to false #​13559
  • Property placeholders are not replaced when used in name attribute of #​13450
  • Custom error.jsp page is not used when app is run as anything other than a packaged war #​12859
  • When Undertow has access logging enabled, threads are leaked when the container is stopped #​12742
  • Log4j2 shutdown before it prints the last messages during graceful shutdown of spring boot application. #​11360
  • Auto-configured MultipartConfigElement prevents CommonsMultipartResolver from resolving request parts #​7735
  • MetricsFilter may create an unbounded number of metrics for requests with a templated URI that are not handled by Spring MVC #​5875
🔨Dependency upgrades
  • Upgrade to Spring Data Ingalls SR14 #​13917
  • Upgrade to Spring Amqp 1.7.9.RELEASE #​13883
  • Upgrade to Narayana 5.5.32.Final #​13839
  • Upgrade to Httpclient 4.5.6 #​13838
  • Upgrade to Dependency Management Plugin 1.0.6.RELEASE #​13807
  • Upgrade to Git Commit Id Plugin 2.2.4 #​13640
  • Upgrade to Maven Enforcer Plugin 1.4.1 #​13639
  • Upgrade to Tomcat 8.5.32 #​13638
  • Upgrade to Httpcore 4.4.10 #​13637
📔Documentation
  • Update Spring Initializr documentation link in docs #​13906
  • Ensure reference manual doesn't generate horizontal scrollbar #​13709
  • Anchor for "Supported cache providers" section in the reference docs is wrong #​13551
  • Add Log4J2 configuration instructions for Gradle-based projects #​12729

❤️ We’d like to thank all the contributors who worked on our current release!

v1.5.14.RELEASE

Compare Source

v1.5.13.RELEASE

Compare Source

v1.5.12.RELEASE

Compare Source

v1.5.11.RELEASE

Compare Source

v1.5.10.RELEASE

Compare Source

v1.5.9.RELEASE

Compare Source

v1.5.8.RELEASE

Compare Source

v1.5.7.RELEASE

Compare Source

v1.5.6.RELEASE

Compare Source

v1.5.5.RELEASE

Compare Source

sonatype/nexus-maven-plugins (org.sonatype.plugins:nexus-staging-maven-plugin)

v1.7.0

Compare Source

v1.6.14

Compare Source

v1.6.13

Compare Source

v1.6.12

Compare Source

v1.6.11

Compare Source

v1.6.10

Compare Source

spring-projects/spring-framework (org.springframework:spring-context)

v5.3.36

Compare Source

🐞 Bug Fixes

  • Overridden aspect method runs twice #​32868
  • @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
  • Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

Compare Source

⭐ New Features

  • Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

  • DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
  • MergedAnnotations search does not find container for repeatable annotation #​32751
  • AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
  • Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
  • "multiple subscribers not supported" when using WebClient exchange #​32728
  • Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

  • Correct documentation on streaming with MockMvcWebTestClient #​32723
  • Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

v5.3.34

Compare Source

⭐ New Features

  • Log column type for limited support message in JdbcUtils.getResultSetValue #​32603
  • Avoid additional unnecessary Annotation array cloning in TypeDescriptor #​32477
  • Avoid cloning empty Annotation array in TypeDescriptor #​32466

🐞 Bug Fixes

  • Refine scheme, userinfo, host and port parsing in UriComponentsBuilder #​32618
  • MethodIntrospector.selectMethods() fails to detect bridge methods across ApplicationContexts #​32588
  • JmsUtils.commitIfNecessary catches and ignores JMS IllegalStateException, losing message with ActiveMQ Artemis #​32480
  • Consistently apply TaskDecorator to ManagedExecutorService as well #​32457

🔨 Dependency Upgrades

v5.3.33

Compare Source

⭐ New Features

  • Extract reusable method for URI validations #​32442
  • Allow UriTemplate to be built with an empty template #​32438
  • Refine *HttpMessageConverter#getContentLength return value null safety #​32332

🐞 Bug Fixes

  • AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore #​32369
  • Better protect against concurrent error handling for async requests #​32342
  • Restore Jetty 10 compatibility in JettyClientHttpResponse #​32337
  • ContentCachingResponseWrapper no longer honors Content-Type and Content-Length #​32322

📔 Documentation

  • Build KDoc against 5.3.x Spring Framework Javadoc #​32414

🔨 Dependency Upgrades

v5.3.32

Compare Source

⭐ New Features

  • Add CORS support for Private Network Access #​31974
  • Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor #​31969

🐞 Bug Fixes

  • Consistent parsing of user information in UriComponentsBuilder #​32247
  • QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields #​32108
  • Guard against multiple body subscriptions in Jetty and JDK reactive responses #​32101
  • Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives [#​3205

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 28, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 8c4684f to 6e43fd1 Compare March 4, 2024 02:44
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from e7b4212 to b94b2de Compare March 12, 2024 02:47
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from 40bc4a4 to 26d7647 Compare March 23, 2024 02:49
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 86c7cdd to 15e7325 Compare April 1, 2024 02:46
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from ef76254 to e4154c3 Compare April 8, 2024 02:46
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 3 times, most recently from 18e782a to 1fe3db6 Compare April 13, 2024 02:48
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 21 times, most recently from 28d0ab2 to b345607 Compare May 30, 2024 02:40
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 1ea8bf6 to f6c4f3b Compare June 1, 2024 18:34
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from f6c4f3b to e3a226b Compare June 2, 2024 02:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants