Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Mend: high confidence minor and patch dependency updates #422

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Mend: high confidence minor and patch dependency updates #422

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Feb 28, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
maven 3.3.9 -> 3.9.9 age adoption passing confidence
org.apache.maven.plugins:maven-gpg-plugin 1.5 -> 1.6 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.1 -> 3.13.0 age adoption passing confidence
commons-cli:commons-cli (source) 1.3 -> 1.9.0 age adoption passing confidence
org.apache.maven.plugins:maven-javadoc-plugin 2.9.1 -> 2.10.4 age adoption passing confidence
org.springframework.boot:spring-boot-maven-plugin (source) 1.5.4.RELEASE -> 1.5.22.RELEASE age adoption passing confidence
org.apache.maven.plugins:maven-source-plugin 2.3 -> 2.4 age adoption passing confidence
org.apache.maven.plugins:maven-war-plugin 3.2.0 -> 3.4.0 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.5.1 -> 3.13.0 age adoption passing confidence
com.fasterxml.jackson.core:jackson-annotations (source) 2.8.8 -> 2.18.1 age adoption passing confidence
org.sonatype.plugins:nexus-staging-maven-plugin (source) 1.6.3 -> 1.7.0 age adoption passing confidence
org.apache.commons:commons-collections4 (source) 4.1 -> 4.4 age adoption passing confidence
org.apache.commons:commons-lang3 (source) 3.4 -> 3.17.0 age adoption passing confidence
commons-logging:commons-logging (source) 1.2 -> 1.3.4 age adoption passing confidence
junit:junit (source) 4.10 -> 4.13.2 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 3.6.0 -> 3.13.0 age adoption passing confidence
org.apache.maven.plugins:maven-compiler-plugin 2.3.2 -> 2.5.1 age adoption passing confidence
org.slf4j:slf4j-jdk14 (source) 1.7.25 -> 1.7.36 age adoption passing confidence
org.springframework.boot:spring-boot-dependencies (source) 1.5.7.RELEASE -> 1.5.22.RELEASE age adoption passing confidence
org.slf4j:slf4j-api (source, changelog) 1.7.25 -> 1.7.36 age adoption passing confidence
org.springframework:spring-context 5.0.9.RELEASE -> 5.3.39 age adoption passing confidence
org.xmlunit:xmlunit-core (source) 2.2.1 -> 2.10.0 age adoption passing confidence
org.apache.tika:tika-core (source) 1.18 -> 1.28.4 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

By merging this PR, the issue #471 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 8.8 CVE-2019-10088
High High 8.1 CVE-2018-1335
High High 7.8 CVE-2019-10094
High High 7.5 CVE-2018-11761
High High 7.5 CVE-2018-11796
Medium Medium 5.5 CVE-2022-30126
Medium Medium 5.5 CVE-2022-30973
Low Low 3.3 CVE-2022-33879

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-maven-plugin)

v1.5.22.RELEASE

Compare Source

🪲 Bug Fixes
  • Embedded MongoDB uses HTTP rather than HTTPS by default to download Mongo binaries #​17191
  • spring-boot-dependencies manages jetty-infinispan which no longer exists #​16925
📔 Documentation
  • Link to Apache Licence from Maven Plugin docs rather than embedding it #​17317
  • Improve javadoc of management server port #​17068
  • Fix persistent session property name #​16894
  • Correct expansion of jOOQ in the reference docs #​16879
🔨 Dependency Upgrades
  • Upgrade to Mysql 5.1.48 #​17783
  • Upgrade to Spring Security Oauth 2.0.18.RELEASE #​17671
  • Upgrade to Spring Security 4.2.13.RELEASE #​17670
  • Upgrade to Spring Cloud Connectors 1.2.9.RELEASE #​17669
  • Upgrade to Jetty 9.4.19.v20190610 #​17668
  • Upgrade to Tomcat 8.5.43 #​17667
  • Upgrade to Httpclient 4.5.9 #​17666
  • Upgrade to Appengine Sdk 1.9.76 #​17665
  • Upgrade to Spring Integration 4.3.21 #​17642
  • Upgrade to Spring AMQP 1.7.14 #​17640
  • Upgrade to spring-javaformat 0.0.15 #​17359
  • Upgrade to Spring Data Ingalls-SR23 #​17352
  • Upgrade to Spring Framework 4.3.25 #​17221
  • Upgrade to Dependency Management Plugin 1.0.8.RELEASE #​17149
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.21.RELEASE

Compare Source

🪲 Bug Fixes
  • Some syntax in the reference documentation is not highlighted or is missing altogether #​16548
📔 Documentation
🔨 Dependency Upgrades
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.20.RELEASE

Compare Source

🪲 Bug Fixes
  • Permit use of @JsonTest without Jackson #​16070
  • When unzipping, spring init may write zip entries outside the specified output location #​16028
  • Tomcat does not create temporary directory used to store file uploads when it does not exist #​9616
🔨 Dependency Upgrades
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.19.RELEASE

Compare Source

🔨 Dependency Upgrades

v1.5.18.RELEASE

Compare Source

⭐ New Features
  • Update the homepage in the homebrew formula to avoid a redirect #​14851
🪲 Bug Fixes
  • AnnotationsPropertySource can throw a NPE when javax meta-annotations are present #​15175
  • Allow early ServletRequest Autowiring with embedded containers #​14990
📔 Documentation
  • Document launcher's use of temp directory for libraries that require unpacking #​15180
  • Fixed typo in Maven Site doc #​15176
🔨 Dependency Upgrades
  • Upgrade to Spring Data Ingalls-SR17 #​15305
  • Upgrade to Jackson 2.8.11.20181123 #​15289
  • Upgrade to Spring Security 4.2.10 #​15255
  • Upgrade to Spring Session 1.3.4.RELEASE #​15242
  • Upgrade to Spring Integration 4.3.18.RELEASE #​15241
  • Upgrade to Spring Cloud Connectors 1.2.7.RELEASE #​15240
  • Upgrade to Tomcat 8.5.35 #​15238
  • Upgrade to Appengine Sdk 1.9.68 #​15236
  • Upgrade to Spring Framework 4.3.21 #​15188
  • Upgrade to Appengine Sdk 1.9.67 #​14955
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.17.RELEASE

Compare Source

🪲 Bug fixes
  • server.ssl.key-store-provider and server.ssl.trust-store-provider are ignored when configuring Undertow #​14713
  • @​AutoConfigureMockMvc does not honor FilterRegistrationBean.enabled=false #​14636
  • WebRequestTraceFilter calls methods on the request and response to retrieve information that then isn't included in the trace #​14550
  • Support escaped characters in BasicJsonParser #​14521
📔 Documentation
  • Fix broken Asciidoctor syntax in section on sanitizing values #​14708
  • Documentation on using Spock contains references to removed classes #​14612
  • Cassandra auto-configuration requires load balancing policy, reconnection policy and retry policy classes to have a default constructor #​14461
  • Improve documentation of RestTemplateBuilder's additionalMessageConverters #​13714
🔨 Dependency upgrades
  • Upgrade to Spring Security 4.2.9.RELEASE #​14848
  • Upgrade to Spring Amqp 1.7.11.RELEASE #​14837
  • Upgrade to Spring Security OAuth 2.0.16 #​14832
  • Upgrade to Rabbit Amqp Client 4.8.3 #​14750
  • Upgrade to Appengine Sdk 1.9.66 #​14749
  • Upgrade to GemFire 8.2.12 #​14739
  • Upgrade to Spring Data Ingalls SR16 #​14727
  • Upgrade to Spring Framework 4.3.20.RELEASE #​14721
  • Upgrade to Spring Web Services 2.4.3.RELEASE #​14527
  • Upgrade to Undertow 1.4.26.Final #​13880
❤️ Contributors

We’d like to thank all the contributors who worked on our current release!

v1.5.16.RELEASE: v.1.5.16.RELEASE

Compare Source

⭐New Features
  • Surface additional rabbit SSL factory properties #​14259
  • Perform failure analysis of NoSuchMethodErrors #​14040
🪲Bug fixes
  • MockReset is extremely slow for large project in 1.5.x branch #​14260
  • Different actuator port changes HTTP status codes on errors #​14084
  • Boot's API documentation does not successfully link to external API documentation #​14031
  • Query and ref are lost from jar: URLs that are processed by fat jar loader's handler #​14011
  • Documented defaults for some server properties do not match runtime defaults #​13821
  • Default value for server.tomcat.internal-proxies is not aligned with Tomcat's default #​13798
📔Documentation
🔨Dependency upgrades

❤️ We’d like to thank all the contributors who worked on our current release!

v1.5.15.RELEASE

Compare Source

⭐New Features
  • Remove carriage returns in TypeUtils.getJavaDoc() #​13779
🪲Bug fixes
  • Fix Flyway filesystem prefix location check #​13863
  • Application does not fail to start when Jetty's WebAppContext fails to start #​13803
  • Bean definitions in DataSourceConfiguration's inner classes override each other when multiple pools are on the classpath #​13737
  • Repackaging may fail with "ZipException: invalid entry compressed size" when input jar has been built with non-default compression settings #​13720
  • spring-boot-starter-parent inadvertently overrides spring-boot-dependencies' managed version for maven-resources-plugin #​13607
  • Clean line breaks in configuration metadata descriptions #​13601
  • Overridden bean definitions may cause incorrect bean condition evaluation due to stale information being held by BeanTypeRegistry #​13588
  • LiquibaseEndpoint may leave a connection's auto commit property set to false #​13559
  • Property placeholders are not replaced when used in name attribute of #​13450
  • Custom error.jsp page is not used when app is run as anything other than a packaged war #​12859
  • When Undertow has access logging enabled, threads are leaked when the container is stopped #​12742
  • Log4j2 shutdown before it prints the last messages during graceful shutdown of spring boot application. #​11360
  • Auto-configured MultipartConfigElement prevents CommonsMultipartResolver from resolving request parts #​7735
  • MetricsFilter may create an unbounded number of metrics for requests with a templated URI that are not handled by Spring MVC #​5875
🔨Dependency upgrades
  • Upgrade to Spring Data Ingalls SR14 #​13917
  • Upgrade to Spring Amqp 1.7.9.RELEASE #​13883
  • Upgrade to Narayana 5.5.32.Final #​13839
  • Upgrade to Httpclient 4.5.6 #​13838
  • Upgrade to Dependency Management Plugin 1.0.6.RELEASE #​13807
  • Upgrade to Git Commit Id Plugin 2.2.4 #​13640
  • Upgrade to Maven Enforcer Plugin 1.4.1 #​13639
  • Upgrade to Tomcat 8.5.32 #​13638
  • Upgrade to Httpcore 4.4.10 #​13637
📔Documentation
  • Update Spring Initializr documentation link in docs #​13906
  • Ensure reference manual doesn't generate horizontal scrollbar #​13709
  • Anchor for "Supported cache providers" section in the reference docs is wrong #​13551
  • Add Log4J2 configuration instructions for Gradle-based projects #​12729

❤️ We’d like to thank all the contributors who worked on our current release!

v1.5.14.RELEASE

Compare Source

v1.5.13.RELEASE

Compare Source

v1.5.12.RELEASE

Compare Source

v1.5.11.RELEASE

Compare Source

v1.5.10.RELEASE

Compare Source

v1.5.9.RELEASE

Compare Source

v1.5.8.RELEASE

Compare Source

v1.5.7.RELEASE

Compare Source

v1.5.6.RELEASE

Compare Source

v1.5.5.RELEASE

Compare Source

sonatype/nexus-maven-plugins (org.sonatype.plugins:nexus-staging-maven-plugin)

v1.7.0

Compare Source

v1.6.14

Compare Source

v1.6.13

Compare Source

v1.6.12

Compare Source

v1.6.11

Compare Source

v1.6.10

Compare Source

spring-projects/spring-framework (org.springframework:spring-context)

v5.3.39

Compare Source

⭐ New Features

  • SimpleEvaluationContext should disable array allocation #​33386

v5.3.38

Compare Source

⭐ New Features

  • Efficient handling of conditional HTTP requests #​33378

🐞 Bug Fixes

  • Fix incorrect weak ETag validation #​33377
  • SimpleEvaluationContext does not enforce read-only semantics #​33320
  • ConversionService cannot convert primitive array to Object[] #​33314
  • SpEL Indexer silently ignores failure to set property as index #​33312
  • Mockito mock falsely initialized as CGLIB proxy with AspectJ aspect #​33142
  • "file:." cannot be resolved to java.nio.file.Path (and plain "." value resolves to classpath root) #​33140

📔 Documentation

  • Typo in Annotation-driven Listener Endpoints section of Spring Framework documentation #​33052
  • Container Extension Points section of Spring Framework documentation refers to the wrong property name #​33039
  • Incorrect constructor details in the javadoc for ApplicationContextEvent #​33034

🔨 Dependency Upgrades

v5.3.37

Compare Source

⭐ New Features

  • AnnotationUtils performance degrades with deep stacks #​32923

🐞 Bug Fixes

  • AspectJ CTW aspects executed twice #​32974
  • SpEL compilation fails when indexing into a Map with a primitive #​32911
  • SpEL compilation fails when indexing into an array or list with an Integer #​32909
  • Application not starting with @EnableTransactionManagement(mode = AdviceMode.ASPECTJ) #​32885

🔨 Dependency Upgrades

v5.3.36

Compare Source

🐞 Bug Fixes

  • Overridden aspect method runs twice #​32868
  • @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
  • Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

Compare Source

⭐ New Features

  • Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

  • DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
  • MergedAnnotations search does not find container for repeatable annotation #​32751
  • AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
  • Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
  • "multiple subscribers not supported" when using WebClient exchange #​32728
  • Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

  • Correct documentation on streaming with MockMvcWebTestClient #​32723
  • Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

v5.3.34

Compare Source

⭐ New Features

  • Log column type for limited support message in JdbcUtils.getResultSetValue #​32603
  • Avoid additi

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 28, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 8c4684f to 6e43fd1 Compare March 4, 2024 02:44
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from e7b4212 to b94b2de Compare March 12, 2024 02:47
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from 40bc4a4 to 26d7647 Compare March 23, 2024 02:49
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 86c7cdd to 15e7325 Compare April 1, 2024 02:46
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from ef76254 to e4154c3 Compare April 8, 2024 02:46
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 3 times, most recently from 18e782a to 1fe3db6 Compare April 13, 2024 02:48
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 8 times, most recently from 20761e8 to fce12b2 Compare October 9, 2024 19:40
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 8 times, most recently from ebc3fbb to f6bcb67 Compare October 17, 2024 07:16
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from 3d91be7 to e12de02 Compare October 26, 2024 02:54
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 03e0003 to aa9a309 Compare November 8, 2024 01:23
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from aa9a309 to 9de8f4e Compare November 9, 2024 03:38
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from 9de8f4e to e9f5d9e Compare November 10, 2024 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants