From 5b34c002370df419b75fc6d6a700ad2cf9b6ae87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:37:16 +0100 Subject: [PATCH 1/7] Bump actions/download-artifact from 4.2.1 to 4.3.0 (#3443) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.2.1 to 4.3.0.
Release notes

Sourced from actions/download-artifact's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.2.1&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/multiOSReleases.yml | 6 +++--- .github/workflows/releaseArtifacts.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index a2ffb5667..b078e4015 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -111,7 +111,7 @@ jobs: egress-policy: audit - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: stirling-${{ matrix.file_suffix }}binaries @@ -239,7 +239,7 @@ jobs: egress-policy: audit - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: ${{ matrix.platform }}binaries @@ -302,7 +302,7 @@ jobs: egress-policy: audit - name: Download signed artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - name: Display structure of downloaded files run: ls -R - name: Upload binaries, attestations and signatures to Release and create GitHub Release diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index f35d6f7c9..c0d23ce19 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -88,7 +88,7 @@ jobs: egress-policy: audit - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: binaries${{ matrix.file_suffix }} - name: Display structure of downloaded files @@ -166,7 +166,7 @@ jobs: egress-policy: audit - name: Download signed artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: signed${{ matrix.file_suffix }} From 4673dbb4e720bcbf44f4291d995f5ed91f11c585 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:38:29 +0100 Subject: [PATCH 2/7] Bump org.springframework.boot from 3.4.4 to 3.4.5 (#3441) Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.4.4 to 3.4.5.
Release notes

Sourced from org.springframework.boot's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.4.4&new-version=3.4.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index c0adcf012..2c20aa56b 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id "java" - id "org.springframework.boot" version "3.4.4" + id "org.springframework.boot" version "3.4.5" id "io.spring.dependency-management" version "1.1.7" id "org.springdoc.openapi-gradle-plugin" version "1.9.0" id "io.swagger.swaggerhub" version "1.3.2" From b7eed4300e0c3adbe92ed7233a17ff0d27ca3f46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:38:55 +0100 Subject: [PATCH 3/7] Bump docker/build-push-action from 6.15.0 to 6.16.0 (#3442) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.15.0 to 6.16.0.
Release notes

Sourced from docker/build-push-action's releases.

v6.16.0

Full Changelog: https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0

Commits
  • 14487ce Merge pull request #1343 from crazy-max/fix-no-default-attest
  • 0ec9126 Merge pull request #1366 from crazy-max/pr-assign-author
  • b749522 pr-assign-author workflow
  • c566248 Merge pull request #1363 from crazy-max/fix-codecov
  • 13275dd ci: fix missing source for codecov
  • 67dc78b Merge pull request #1361 from mschoettle/patch-1
  • 0760504 docs: add validating build configuration example
  • 1c198f4 chore: update generated content
  • 288d9e2 handle no default attestations env var
  • 88844b9 Merge pull request #1353 from crazy-max/summary-secret-keys
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.15.0&new-version=6.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/PR-Demo-Comment-with-react.yml | 2 +- .github/workflows/push-docker.yml | 6 +++--- .github/workflows/testdriver.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/PR-Demo-Comment-with-react.yml b/.github/workflows/PR-Demo-Comment-with-react.yml index 361b8b5df..64cecea71 100644 --- a/.github/workflows/PR-Demo-Comment-with-react.yml +++ b/.github/workflows/PR-Demo-Comment-with-react.yml @@ -180,7 +180,7 @@ jobs: password: ${{ secrets.DOCKER_HUB_API }} - name: Build and push PR-specific image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: context: . file: ./Dockerfile diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index dec93bad9..e4532ff59 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -90,7 +90,7 @@ jobs: - name: Build and push main Dockerfile id: build-push-regular - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -135,7 +135,7 @@ jobs: - name: Build and push Dockerfile-ultra-lite id: build-push-lite - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 if: github.ref != 'refs/heads/main' with: context: . @@ -166,7 +166,7 @@ jobs: - name: Build and push main Dockerfile fat id: build-push-fat - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 if: github.ref != 'refs/heads/main' with: builder: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/testdriver.yml b/.github/workflows/testdriver.yml index 4489dd56a..68c4fabb2 100644 --- a/.github/workflows/testdriver.yml +++ b/.github/workflows/testdriver.yml @@ -46,7 +46,7 @@ jobs: password: ${{ secrets.DOCKER_HUB_API }} - name: Build and push test image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: context: . file: ./Dockerfile From ffb8e98dcdfd2a8c1cce977a922bd810b8c25b27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:39:15 +0100 Subject: [PATCH 4/7] Bump springBootVersion from 3.4.4 to 3.4.5 (#3440) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `springBootVersion` from 3.4.4 to 3.4.5. Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-jetty's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-thymeleaf's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-security` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-security's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-data-jpa` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-data-jpa's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-oauth2-client's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v3.4.5

:lady_beetle: Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
  • Wrong jOOQ exception translator with empty db name #45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
  • TypeUtils does not handle generics with identical names in different positions #45039
  • HttpClient5 5.4.3 breaks local Docker transport #45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
  • SSL config does not watch for symlink file changes #44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
  • Logging a Path object using structured logging throws StackOverflowError #44507

:notebook_with_decorative_cover: Documentation

  • Make @Component a javadoc link #45258
  • Fix documentation links to buildpacks.io #45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
  • Show the use of token properties in authorization server clients configuration example #45176
  • Add details of the purpose of the metrics endpoint #45047
  • Escape the asterisk in spring-application.adoc #45033
  • Add reference to Styra (OPA) Spring Boot SDK #44976
  • Update CDS documentation to cover AOTCache #44970
  • WebFlux security documentation incorrectly links to servlet classes #44966
  • Replace mentions of deprecated MockBean annotation #44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
  • Documentation lists coordinates for some dependencies that are not actually managed #44879
  • Polish javadoc of SpringProfileAction #44826

:hammer: Dependency Upgrades

  • Upgrade to AspectJ 1.9.24 #45184
  • Upgrade to Couchbase Client 3.7.9 #45072
  • Upgrade to Hibernate 6.6.13.Final #45073
  • Upgrade to HttpClient5 5.4.3 #45074
  • Upgrade to HttpCore5 5.3.4 #45075
  • Upgrade to Jaybird 5.0.7.java11 #45076
  • Upgrade to Jetty 12.0.19 #45077
  • Upgrade to jOOQ 3.19.22 #45078
  • Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits
  • b882c29 Release v3.4.5
  • 918066f Merge branch '3.3.x' into 3.4.x
  • ab0c332 Next development version (v3.3.12-SNAPSHOT)
  • 71acf93 Merge branch '3.3.x' into 3.4.x
  • d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
  • d24a38f Merge branch '3.3.x' into 3.4.x
  • 933572a Upgrade to Netty 4.1.120.Final
  • 016b3de Upgrade to Netty 4.1.120.Final
  • 46a709a Merge branch '3.3.x' into 3.4.x
  • 55f67c9 Fix potential null problem in actuator
  • Additional commits viewable in compare view

Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.4.4 to 3.4.5
Release notes

Sourced from org.springframework.boot:spring-boot-starter-actuator's releases.

v3.4.5

:lady_beetle: Bug Fixes