From 2e21beacad86a808253160774eac9368990bb60a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 19:54:03 +0000 Subject: [PATCH] build(deps): bump com.unboundid.product.scim2:scim2-sdk-client from 4.0.0 to 4.1.0 (#4621) Bumps [com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2) from 4.0.0 to 4.1.0.
Changelog

Sourced from com.unboundid.product.scim2:scim2-sdk-client's changelog.

v4.1.0 - 2025-Oct-06

Added new methods to the Path class to simplify certain usages and make interaction, especially instantiation, less verbose. These include:

Updated the documentation of the Path class to elaborate on the definition of an attribute path, as well as provide examples for how to interface with the class.

Simplified integration with the scim2-sdk-client library by updating subclasses of RequestBuilder to always provide GenericScimResource objects for JSON payloads. In previous releases, applications needed to use the right JSON properties in the environment so that the client library would send proper JSON when issuing HTTP requests. This update to the client library places the responsibility for serialization on the SCIM SDK itself, and reduces the number of HTTP client configuration properties to set within your application. If you have added custom HTTP configuration to your project specifically for the SCIM SDK, you may be able to remove some properties.

Updated the following dependencies:

Added a new ForbiddenException.sensitive() method to simplify the creation of a 403 FORBIDDEN exception for a client that has entered potentially-sensitive information via URL query parameters. This exception encourages SCIM clients to re-issue these requests as a POST search request that is less susceptible to leaking this information from web browsers or log data.

Deprecated the BaseScimResource#addExtensionValue methods, since they allowed creating schema extension attributes whose values are arrays instead of objects. Since this is a form that is not used in practice, these methods will be removed in a future release.

Fixed an issue where deserialization of ListResponse objects could result in ClassCastException errors if an application tried to use fields stored in the Resources array. Now, the SCIM SDK supports these conversions (via Jackson TypeReference objects). See the class-level Javadoc of ListResponse for more information. As a result of this change, the map-based constructor, com.unboundid.scim2.common.messages.ListResponse.ListResponse(java.util.Map), is now deprecated and will be removed in a future release.

Updated documentation for GroupResource and Group to highlight the distinction between the classes, as well as provide examples of how they may be used. GroupResource represents a group object/entity, whereas a Group is a subfield on a user resource (like Email). The documentation for UserResource was also updated.

Added support for non-standard group membership patch remove requests that contain a value. An example JSON for this request type is shared below:

    {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
      "Operations": [{
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.unboundid.product.scim2:scim2-sdk-client&package-manager=gradle&previous-version=4.0.0&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- app/proprietary/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/proprietary/build.gradle b/app/proprietary/build.gradle index 0c6d8ee19..94623e9f5 100644 --- a/app/proprietary/build.gradle +++ b/app/proprietary/build.gradle @@ -57,7 +57,7 @@ dependencies { implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.3.RELEASE' api 'io.micrometer:micrometer-registry-prometheus' - implementation 'com.unboundid.product.scim2:scim2-sdk-client:4.0.0' + implementation 'com.unboundid.product.scim2:scim2-sdk-client:4.1.0' api "io.jsonwebtoken:jjwt-api:$jwtVersion" runtimeOnly "io.jsonwebtoken:jjwt-impl:$jwtVersion"