Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spring.version from 5.3.23 to 6.0.8 #156

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 26, 2023

Bumps spring.version from 5.3.23 to 6.0.8.
Updates spring-web from 5.3.23 to 6.0.8

Release notes

Sourced from spring-web's releases.

v6.0.8

⭐ New Features

  • Disable variable assignment in SimpleEvaluationContext #30326
  • Limit SpEL expression length #30325
  • Limit string concatenation in SpEL expressions #30324
  • Introduce StringUtils.truncate() #30290
  • Introduce ObjectUtils.nullSafeConciseToString() #30286
  • Introduce assertions against Cookie attributes in CookieResultMatchers for MockMvc #30285
  • Polishing #30267
  • Support SameSite cookie attribute in MockMvcHttpConnector #30264
  • Update MockCookie to make use of Servlet 6.0 APIs and semantics for "attributes" #30263
  • Refine initRequestBuilder in DefaultWebClient #30254
  • HttpServerErrorException contains not-serializable field of type DefaultResponseErrorHandler #30224
  • Add class hints for Jackson annotations on fields and methods #30208
  • Add HttpMethod reflection hint to ObjectToObjectConverterRuntimeHints #30201
  • Improve performance of canRead() in HttpMessageReader's #30192
  • Optimize array creation in SpEL ConstructorReference #30189
  • ConstructorResolver error hints about mixing indexed and named args #30169
  • Replace Collections.unmodifiableList(new ArrayList(..)) with List.copyOf() #30166
  • Add assert null validations for DefaultServerResponseBuilder #30157
  • Use InputStream.readAllBytes() in FileCopyUtils.copyToByteArray() #30155
  • Cache ServerHttpRequest::getMethod in AbstractServerHttpRequest #30139
  • Use String.equals() in LiteralPathElement #30138
  • Optimize some iterations in BodyExtractor and BodyInserter #30136
  • Add a couple missing java.time types to StatementCreatorUtils #30123
  • WebClient observations should not record CANCEL signals as aborted if response was received #30070
  • Destroy method not found in native image if concrete bean type is not exposed #29545
  • Contribute init/destroy lifecycle introspection hints for registered beans #29246

🐞 Bug Fixes

  • NPE thrown for nonexistent default-destroy-method in XML config #30301
  • Fix comparison of title in equals() and hashCode() of ProblemDetail #30294
  • SSE breaks with indenting serializer in WebMvc.fn #30277
  • @HttpExchange interface does not resolve return type correctly while using with suspending methods #30266
  • Increase max regex length in SpEL expressions #30265
  • Missing response information from client observation context when filter functions fail #30247
  • NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #30245
  • Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #30220
  • Refine generic type management in AbstractMessageWriterResultHandler #30214
  • MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #30210
  • Encode IPV6 Zone IDs (%) in ReactorServerHttpRequest #30188
  • Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #30161
  • Fix IllegalArgumentException that prevents STOMP DISCONNECT from reaching the client #30120
  • TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #30115

📔 Documentation

  • Add since tags to sameSite() and attribute() in CookieResultMatchersDsl #30308

... (truncated)

Commits
  • 3bea468 Release v6.0.8
  • be17c8d Disable variable assignment in SimpleEvaluationContext
  • b73f5fc Limit SpEL expression length
  • bc1511d Limit string concatenation in SpEL expressions
  • db9b139 Change max regex length in SpEL expressions to 1000
  • bd029b9 Ensure RestClientResponseException is serializable
  • 5f22648 Polishing contribution
  • a8f31f5 Improve ProblemDetail equals and hashCode
  • 90627b4 Upgrade to Micrometer 1.10.6
  • 4acc71b Upgrade to Reactor 2022.0.6 and Netty 4.1.91
  • Additional commits viewable in compare view

Updates spring-test from 5.3.23 to 6.0.8

Release notes

Sourced from spring-test's releases.

v6.0.8

⭐ New Features

  • Disable variable assignment in SimpleEvaluationContext #30326
  • Limit SpEL expression length #30325
  • Limit string concatenation in SpEL expressions #30324
  • Introduce StringUtils.truncate() #30290
  • Introduce ObjectUtils.nullSafeConciseToString() #30286
  • Introduce assertions against Cookie attributes in CookieResultMatchers for MockMvc #30285
  • Polishing #30267
  • Support SameSite cookie attribute in MockMvcHttpConnector #30264
  • Update MockCookie to make use of Servlet 6.0 APIs and semantics for "attributes" #30263
  • Refine initRequestBuilder in DefaultWebClient #30254
  • HttpServerErrorException contains not-serializable field of type DefaultResponseErrorHandler #30224
  • Add class hints for Jackson annotations on fields and methods #30208
  • Add HttpMethod reflection hint to ObjectToObjectConverterRuntimeHints #30201
  • Improve performance of canRead() in HttpMessageReader's #30192
  • Optimize array creation in SpEL ConstructorReference #30189
  • ConstructorResolver error hints about mixing indexed and named args #30169
  • Replace Collections.unmodifiableList(new ArrayList(..)) with List.copyOf() #30166
  • Add assert null validations for DefaultServerResponseBuilder #30157
  • Use InputStream.readAllBytes() in FileCopyUtils.copyToByteArray() #30155
  • Cache ServerHttpRequest::getMethod in AbstractServerHttpRequest #30139
  • Use String.equals() in LiteralPathElement #30138
  • Optimize some iterations in BodyExtractor and BodyInserter #30136
  • Add a couple missing java.time types to StatementCreatorUtils #30123
  • WebClient observations should not record CANCEL signals as aborted if response was received #30070
  • Destroy method not found in native image if concrete bean type is not exposed #29545
  • Contribute init/destroy lifecycle introspection hints for registered beans #29246

🐞 Bug Fixes

  • NPE thrown for nonexistent default-destroy-method in XML config #30301
  • Fix comparison of title in equals() and hashCode() of ProblemDetail #30294
  • SSE breaks with indenting serializer in WebMvc.fn #30277
  • @HttpExchange interface does not resolve return type correctly while using with suspending methods #30266
  • Increase max regex length in SpEL expressions #30265
  • Missing response information from client observation context when filter functions fail #30247
  • NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #30245
  • Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #30220
  • Refine generic type management in AbstractMessageWriterResultHandler #30214
  • MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #30210
  • Encode IPV6 Zone IDs (%) in ReactorServerHttpRequest #30188
  • Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #30161
  • Fix IllegalArgumentException that prevents STOMP DISCONNECT from reaching the client #30120
  • TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #30115

📔 Documentation

  • Add since tags to sameSite() and attribute() in CookieResultMatchersDsl #30308

... (truncated)

Commits
  • 3bea468 Release v6.0.8
  • be17c8d Disable variable assignment in SimpleEvaluationContext
  • b73f5fc Limit SpEL expression length
  • bc1511d Limit string concatenation in SpEL expressions
  • db9b139 Change max regex length in SpEL expressions to 1000
  • bd029b9 Ensure RestClientResponseException is serializable
  • 5f22648 Polishing contribution
  • a8f31f5 Improve ProblemDetail equals and hashCode
  • 90627b4 Upgrade to Micrometer 1.10.6
  • 4acc71b Upgrade to Reactor 2022.0.6 and Netty 4.1.91
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `spring.version` from 5.3.23 to 6.0.8.

Updates `spring-web` from 5.3.23 to 6.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v5.3.23...v6.0.8)

Updates `spring-test` from 5.3.23 to 6.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v5.3.23...v6.0.8)

---
updated-dependencies:
- dependency-name: org.springframework:spring-web
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: org.springframework:spring-test
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 26, 2023
@vivekmittal07
Copy link
Collaborator

We cannot migrate to new spring version unless Hapi does the migration - hapifhir/hapi-fhir#2082
The vulnerability reported in Spring should not affect as explained in #155 (comment).

Check #155 for detailed analysis.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 27, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/maven/spring.version-6.0.8 branch April 27, 2023 05:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant