From 66b234f1df76c21fb81c537a1731b639a6097b63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:41:08 +0100 Subject: [PATCH 1/5] Bump com.fathzer:javaluator from 3.0.5 to 3.0.6 (#3386) Bumps [com.fathzer:javaluator](https://github.com/fathzer/javaluator) from 3.0.5 to 3.0.6.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fathzer:javaluator&package-manager=gradle&previous-version=3.0.5&new-version=3.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3f3219af4..0f9392b5f 100644 --- a/build.gradle +++ b/build.gradle @@ -523,7 +523,7 @@ dependencies { implementation "org.commonmark:commonmark-ext-gfm-tables:0.24.0" // https://mvnrepository.com/artifact/com.bucket4j/bucket4j_jdk17 implementation "com.bucket4j:bucket4j_jdk17-core:8.14.0" - implementation "com.fathzer:javaluator:3.0.5" + implementation "com.fathzer:javaluator:3.0.6" implementation 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8' From c959b35639a488b0b4a2b749f427ac3dc188cf43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:41:57 +0100 Subject: [PATCH 2/5] Bump org.springframework:spring-webmvc from 6.2.5 to 6.2.6 (#3385) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework) from 6.2.5 to 6.2.6.
Release notes

Sourced from org.springframework:spring-webmvc's releases.

v6.2.6

:star: New Features

  • An option for SimpleAsyncTaskExecutor to throw an exception when limit is reached #34727
  • Provide first-class support for Bean Overrides with @ContextHierarchy #34723
  • Micro performance optimizations #34717
  • Suppress "Unable to rollback against JDBC Connection" in case of timeout (connection closed) #34714
  • Avoid early FactoryBean instantiation for type-based retrieval with includeNonSingletons=false and allowEagerInit=true #34710
  • ReactiveCachingHandler still not using error handler on sync cache. #34708
  • Add an exchangeForRequiredValue variant to RestClient #34692
  • Recursively boxing Kotlin nested value classes in CoroutinesUtils #34682
  • ServletServerHttpRequest does not use charset parameter of application/x-www-form-urlencoded #34675
  • LifecycleGroup concurrent start and start timeout #34634
  • HibernateJpaDialect exception translation misses concrete exceptions wrapped in Hibernate's ExecutionException #34633

:lady_beetle: Bug Fixes

  • Inconsistency in SseEmitter.onCompletion() behavior between Spring 6.2.3 and 6.2.5 #34762
  • Deadlock while creating Spring beans with parallel bootstrap threads on IBM Liberty #34729
  • PropertyBatchUpdateException: causes of nested PropertyAccessExceptions not shown in output #34691
  • IllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere #34684
  • Change in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed #34678
  • Startup performance regression due to CGLIB class load attempts in Spring 6.1.x #34677
  • An infinite wait on a parallel context.getBean() #34672
  • InvalidObservationException: Invalid start: Observation 'http.client.requests' has already been started #34671
  • @Configuration classes can no longer be abstract without @Bean methods #34663
  • Generated-code for LinkedHashMap is missing static keyword #34659
  • Detect late-set primary markers for autowiring shortcut algorithm #34658
  • @MockitoBean with custom @Qualifier is not injected into @Configuration class #34646
  • Qualifier Resolution Issue in Parent-Child Context Hierarchies #34644
  • Enforced container-level acknowledge call for custom acknowledgement mode #34635
  • UriComponentsBuilder does not treat a URN as opaque if it contains a slash #34588
  • Migrating from Spring 6.1.x to 6.2.x leads to exceptions in a Pekko setup #34303

:notebook_with_decorative_cover: Documentation

  • Update Javadoc for ignoreDependencyInterface() in AbstractAutowireCapableBeanFactory #34747
  • Update Javadoc to stop mentioning 5.3.x as the status quo #34740
  • Fix broken link for Server-Sent Events #34705
  • Fix typo in Bean Validation section of reference manual #34686
  • Remove unnecessary closing curly brackets in Javadoc #34679
  • Add javadoc notes on potential exception suppression in ListableBeanFactory#getBeansOfType #34629
  • Remove remaining references to Forwarded headers in MvcUriComponentsBuilder #34625

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​acktsap, @​dmitrysulman, @​iggzq, @​izeye, @​ngocnhan-tran1996, @​obourgain, and @​tobias-haenel

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-webmvc&package-manager=gradle&previous-version=6.2.5&new-version=6.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 0f9392b5f..1973c03d2 100644 --- a/build.gradle +++ b/build.gradle @@ -423,7 +423,7 @@ dependencies { } //security updates - implementation "org.springframework:spring-webmvc:6.2.5" + implementation "org.springframework:spring-webmvc:6.2.6" implementation("io.github.pixee:java-security-toolkit:1.2.1") From a52c81b340719c55cabae411800f1be9d07e56d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:42:28 +0100 Subject: [PATCH 3/5] Bump org.springframework:spring-jdbc from 6.2.5 to 6.2.6 (#3384) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework) from 6.2.5 to 6.2.6.
Release notes

Sourced from org.springframework:spring-jdbc's releases.

v6.2.6

:star: New Features

  • An option for SimpleAsyncTaskExecutor to throw an exception when limit is reached #34727
  • Provide first-class support for Bean Overrides with @ContextHierarchy #34723
  • Micro performance optimizations #34717
  • Suppress "Unable to rollback against JDBC Connection" in case of timeout (connection closed) #34714
  • Avoid early FactoryBean instantiation for type-based retrieval with includeNonSingletons=false and allowEagerInit=true #34710
  • ReactiveCachingHandler still not using error handler on sync cache. #34708
  • Add an exchangeForRequiredValue variant to RestClient #34692
  • Recursively boxing Kotlin nested value classes in CoroutinesUtils #34682
  • ServletServerHttpRequest does not use charset parameter of application/x-www-form-urlencoded #34675
  • LifecycleGroup concurrent start and start timeout #34634
  • HibernateJpaDialect exception translation misses concrete exceptions wrapped in Hibernate's ExecutionException #34633

:lady_beetle: Bug Fixes

  • Inconsistency in SseEmitter.onCompletion() behavior between Spring 6.2.3 and 6.2.5 #34762
  • Deadlock while creating Spring beans with parallel bootstrap threads on IBM Liberty #34729
  • PropertyBatchUpdateException: causes of nested PropertyAccessExceptions not shown in output #34691
  • IllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere #34684
  • Change in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed #34678
  • Startup performance regression due to CGLIB class load attempts in Spring 6.1.x #34677
  • An infinite wait on a parallel context.getBean() #34672
  • InvalidObservationException: Invalid start: Observation 'http.client.requests' has already been started #34671
  • @Configuration classes can no longer be abstract without @Bean methods #34663
  • Generated-code for LinkedHashMap is missing static keyword #34659
  • Detect late-set primary markers for autowiring shortcut algorithm #34658
  • @MockitoBean with custom @Qualifier is not injected into @Configuration class #34646
  • Qualifier Resolution Issue in Parent-Child Context Hierarchies #34644
  • Enforced container-level acknowledge call for custom acknowledgement mode #34635
  • UriComponentsBuilder does not treat a URN as opaque if it contains a slash #34588
  • Migrating from Spring 6.1.x to 6.2.x leads to exceptions in a Pekko setup #34303

:notebook_with_decorative_cover: Documentation

  • Update Javadoc for ignoreDependencyInterface() in AbstractAutowireCapableBeanFactory #34747
  • Update Javadoc to stop mentioning 5.3.x as the status quo #34740
  • Fix broken link for Server-Sent Events #34705
  • Fix typo in Bean Validation section of reference manual #34686
  • Remove unnecessary closing curly brackets in Javadoc #34679
  • Add javadoc notes on potential exception suppression in ListableBeanFactory#getBeansOfType #34629
  • Remove remaining references to Forwarded headers in MvcUriComponentsBuilder #34625

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​acktsap, @​dmitrysulman, @​iggzq, @​izeye, @​ngocnhan-tran1996, @​obourgain, and @​tobias-haenel

Commits
  • 90f9c09 Release v6.2.6
  • f40d986 Revise configuration for javadoc Gradle tasks
  • 9c13c6b Revert "Use optimistic locking where possible in ResponseBodyEmitter"
  • b49924b Revert "Fix handling of timeout in SseEmitter"
  • 7b8c104 Upgrade to github-changelog-generator 0.0.12
  • 8f62a8f Suppress recently introduced warning
  • d0966df Revise contribution
  • bb45a3a Update AbstractAutowireCapableBeanFactory.ignoreDependencyInterface() Javadoc
  • 7095f4c Use proper casing for parameter and variable names
  • a22d204 Remove duplicate words in Java source code
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework:spring-jdbc&package-manager=gradle&previous-version=6.2.5&new-version=6.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1973c03d2..1422d77d3 100644 --- a/build.gradle +++ b/build.gradle @@ -447,7 +447,7 @@ dependencies { implementation "org.springframework.boot:spring-boot-starter-oauth2-client:$springBootVersion" implementation "org.springframework.session:spring-session-core:3.4.2" - implementation "org.springframework:spring-jdbc:6.2.5" + implementation "org.springframework:spring-jdbc:6.2.6" implementation 'com.unboundid.product.scim2:scim2-sdk-client:2.3.5' // Don't upgrade h2database From f56403d091e126912a389d60581005d6b30a9f85 Mon Sep 17 00:00:00 2001 From: "stirlingbot[bot]" <195170888+stirlingbot[bot]@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:43:24 +0100 Subject: [PATCH 4/5] =?UTF-8?q?=F0=9F=A4=96=20format=20everything=20with?= =?UTF-8?q?=20pre-commit=20by=20=20(#3374)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Auto-generated by [create-pull-request][1] with **stirlingbot** [1]: https://github.com/peter-evans/create-pull-request Signed-off-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> --- .../software/SPDF/EE/KeygenLicenseVerifier.java | 12 ++++++------ .../SPDF/controller/web/UploadLimitService.java | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java b/src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java index ce3c94435..e4bd06312 100644 --- a/src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java +++ b/src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java @@ -390,7 +390,7 @@ public class KeygenLicenseVerifier { // Extract max users and isEnterprise from policy or metadata int users = policyObj.optInt("users", 0); isEnterpriseLicense = policyObj.optBoolean("isEnterprise", false); - + if (users > 0) { applicationProperties.getPremium().setMaxUsers(users); log.info("License allows for {} users", users); @@ -402,7 +402,7 @@ public class KeygenLicenseVerifier { users = metadata.optInt("users", 1); applicationProperties.getPremium().setMaxUsers(users); log.info("License allows for {} users (from metadata)", users); - + // Check for isEnterprise flag in metadata isEnterpriseLicense = metadata.optBoolean("isEnterprise", false); } else { @@ -411,7 +411,7 @@ public class KeygenLicenseVerifier { log.info("Using default of 1 user for license"); } } - + } return true; @@ -507,16 +507,16 @@ public class KeygenLicenseVerifier { .path("users") .asInt(0); applicationProperties.getPremium().setMaxUsers(users); - + // Extract isEnterprise flag - isEnterpriseLicense = + isEnterpriseLicense = jsonResponse .path("data") .path("attributes") .path("metadata") .path("isEnterprise") .asBoolean(false); - + log.info(applicationProperties.toString()); } else { diff --git a/src/main/java/stirling/software/SPDF/controller/web/UploadLimitService.java b/src/main/java/stirling/software/SPDF/controller/web/UploadLimitService.java index c1c9aebcf..f760f986a 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/UploadLimitService.java +++ b/src/main/java/stirling/software/SPDF/controller/web/UploadLimitService.java @@ -16,7 +16,7 @@ public class UploadLimitService { private ApplicationProperties applicationProperties; public long getUploadLimit() { - String maxUploadSize = + String maxUploadSize = applicationProperties.getSystem().getFileUploadLimit() != null ? applicationProperties.getSystem().getFileUploadLimit() : ""; @@ -52,4 +52,4 @@ public class UploadLimitService { String pre = "KMGTPE".charAt(exp - 1) + "B"; return String.format("%.1f %s", bytes / Math.pow(1024, exp), pre); } -} \ No newline at end of file +} From 34fd9924b51b6f3a128d3e930b691e758f07ac9a Mon Sep 17 00:00:00 2001 From: "stirlingbot[bot]" <195170888+stirlingbot[bot]@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:46:26 +0100 Subject: [PATCH 5/5] Update 3rd Party Licenses (#3389) Auto-generated by StirlingBot Signed-off-by: stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> --- src/main/resources/static/3rdPartyLicenses.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/static/3rdPartyLicenses.json b/src/main/resources/static/3rdPartyLicenses.json index 8d07e6104..79c2f7f1f 100644 --- a/src/main/resources/static/3rdPartyLicenses.json +++ b/src/main/resources/static/3rdPartyLicenses.json @@ -128,7 +128,7 @@ }, { "moduleName": "com.fathzer:javaluator", - "moduleVersion": "3.0.5", + "moduleVersion": "3.0.6", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -1673,7 +1673,7 @@ { "moduleName": "org.springframework:spring-jdbc", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.5", + "moduleVersion": "6.2.6", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, @@ -1701,7 +1701,7 @@ { "moduleName": "org.springframework:spring-webmvc", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.5", + "moduleVersion": "6.2.6", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" },