Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update all dependencies #614

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all dependencies #614

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 23, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.apache.maven.plugins:maven-gpg-plugin 3.2.4 -> 3.2.7 age adoption passing confidence
org.apache.maven.plugins:maven-surefire-plugin 3.3.0 -> 3.5.2 age adoption passing confidence
org.apache.maven.plugins:maven-javadoc-plugin 3.7.0 -> 3.11.2 age adoption passing confidence
com.spotify.fmt:fmt-maven-plugin 2.23 -> 2.25 age adoption passing confidence
org.wikidata.wdtk:wdtk-datamodel (source) 0.14.7 -> 0.16.0 age adoption passing confidence
org.projectlombok:lombok (source) 1.18.34 -> 1.18.36 age adoption passing confidence
org.junit.jupiter:junit-jupiter (source) 5.11.0 -> 5.11.4 age adoption passing confidence
org.assertj:assertj-core (source) 3.26.3 -> 3.27.0 age adoption passing confidence
org.slf4j:slf4j-simple (source, changelog) 2.0.13 -> 2.0.16 age adoption passing confidence
org.slf4j:slf4j-api (source, changelog) 2.0.13 -> 2.0.16 age adoption passing confidence
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.17.2 -> 2.18.2 age adoption passing confidence
org.springframework.security:spring-security-core (source) 5.8.11 -> 5.8.16 age adoption passing confidence
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.17.2 -> 2.18.2 age adoption passing confidence
com.fasterxml.jackson.core:jackson-databind (source) 2.17.2 -> 2.18.2 age adoption passing confidence
com.fasterxml.jackson.core:jackson-core 2.17.2 -> 2.18.2 age adoption passing confidence
org.jsoup:jsoup (source) 1.17.2 -> 1.18.3 age adoption passing confidence
com.fasterxml.jackson.core:jackson-annotations (source) 2.17.2 -> 2.18.2 age adoption passing confidence
com.google.guava:guava 33.2.1-jre -> 33.4.0-jre age adoption passing confidence
commons-io:commons-io (source) 2.16.1 -> 2.18.0 age adoption passing confidence

Release Notes

spotify/fmt-maven-plugin (com.spotify.fmt:fmt-maven-plugin)

v2.25

Compare Source

What's Changed

Full Changelog: spotify/fmt-maven-plugin@2.24...2.25

v2.24

Compare Source

What's Changed

Full Changelog: spotify/fmt-maven-plugin@2.23...2.24

Wikidata/Wikidata-Toolkit (org.wikidata.wdtk:wdtk-datamodel)

v0.16.0

Compare Source

New feature:

  • Expose detailed error messages in MediaWiki API errors (#​911)

v0.15.3

Compare Source

Bug fix:

  • Download of online dumps was fixed (#​872)

Incompatible change:

  • Minimum Java version changed from 8 to 11 (#​839)

Versions 0.15.0 to 0.15.2 are skipped because of publishing issues.

projectlombok/lombok (org.projectlombok:lombok)

v1.18.36

spring-projects/spring-security (org.springframework.security:spring-security-core)

v5.8.16

Compare Source

⭐ New Features

  • Support ServerExchangeRejectedHandler @Bean #​15976

🪲 Bug Fixes

  • Catch base64 decode exception #​15914
  • Support ServerWebExchangeFirewall @Bean #​15977

🔨 Dependency Upgrades

  • Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16030
  • Bump org.springframework.ldap:spring-ldap-core from 2.4.2 to 2.4.4 #​16094

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16114
  • Update Antora UI Spring to v0.4.17 #​15933

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.15

Compare Source

⭐ New Features
  • Address unnecessary method invocation in AbstractRequestMatcherRegistry #​15718
  • The SecuredAuthorizationManager can now find @Secured annotations on … #​15014
🪲 Bug Fixes
  • Disabling credentials erasure on custom AuthenticationManager is not working #​15683
  • Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #​15624
  • SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #​15749
  • The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #​15533
🔨 Dependency Upgrades
  • Bump io.projectreactor.tools:blockhound from 1.0.9.RELEASE to 1.0.10.RELEASE #​15928
  • Bump org-eclipse-jetty from 9.4.55.v20240627 to 9.4.56.v20240826 #​15730
  • Bump org.springframework.ldap:spring-ldap-core from 2.4.1 to 2.4.2 #​15941
🔩 Build Updates
  • Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #​15908
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #​15837
  • Migrate slack notifications to GChat #​15503
  • Release 5.8.15 #​15963
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.14

Compare Source

⭐ New Features
  • Document the role of CredentialsContainer #​15319
🪲 Bug Fixes
  • Clarify url Parameter Usage in AD Provider Constructor #​15409
  • Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15363
🔨 Dependency Upgrades
  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15375
  • Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #​15391
  • Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #​15606
  • Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #​15390
  • Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #​15604
  • Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #​15360
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #​15291
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15335
  • Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #​15615
🔩 Build Updates
  • Automate check of expected branch version #​15226
  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15447
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15484
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15558
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15633
  • Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15417
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15523
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15559
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15632
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15416
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15524
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15330
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15481
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15463
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.13

Compare Source

⭐ New Features
  • doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​14779
  • Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14837
  • Improve PasswordEncoder Error Messaging #​14951
  • InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14880
  • Mention all required dependencies in LDAP documentation #​15235
  • Remove useBase64 parameter #​14862
🪲 Bug Fixes
  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​13849
  • Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #​15195
  • Assert WebSession is not null #​14977
  • Conditionally Add Conventions Plugin #​15152
  • DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #​14418
  • Fix Java example in multitenanci.adoc #​15146
  • LDIF file on official documentation breaks the startup process #​15089
  • Link to article with remember-me-persistent-token strategy is broken #​14358
  • ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14931
  • Resolving invalid CSRF token values is not consistent #​15184
  • Restore Build Scan Capability #​15120
  • Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14855
🔨 Dependency Upgrades
  • Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #​15074
  • Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #​15231
  • Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #​14923
  • Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #​15073
  • Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #​15230
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15191
  • Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #​15085
  • Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #​15135
  • Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #​15253
  • Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #​14938
🔩 Build Updates
  • Attach Antora Docs to Pull Requests #​14992
  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15160
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15140
  • Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15001
  • Bump com.gradle.develocity from 3.17.2 to 3.17.4 #​15099
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15240
  • Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14959
  • Consider Adding a Build Updates section to the release changelog #​14485
  • Migrate to com.gradle.develocity plugin #​15021
  • Update Gradle Enterprise plugin to 3.17.2 #​15020
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.12

Compare Source

🪲 Bug Fixes

  • Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

  • Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
  • Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
  • Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

jhy/jsoup (org.jsoup:jsoup)

v1.18.3

Bug Fixes
  • When serializing to XML, attribute names containing -, ., or digits were incorrectly marked as invalid and
    removed. 2235
  • If an element has an ; in an attribute name, it could not be converted to a W3C DOM element, and so subsquent XPath
    queries could miss that element. Now, the attribute name is more completely
    normalized. 2244

v1.18.2

Improvements
  • Optimized the throughput and memory use throughout the input read and parse flows, with heap allocations and GC
    down between -6% and -89%, and throughput improved up to +143% for small inputs. Most inputs sizes will see
    throughput increases of ~ 20%. These performance improvements come through recycling the backing byte[] and char[]
    arrays used to read and parse the input. 2186
  • Speed optimized html() and Entities.escape() when the input contains UTF characters in a supplementary plane, by
    around 49%. 2183
  • The form associated elements returned by FormElement.elements() now reflect changes made to the DOM,
    subsequently to the original parse. 2140
  • In the TreeBuilder, the onNodeInserted() and onNodeClosed() events are now also fired for the outermost /
    root Document node. This enables source position tracking on the Document node (which was previously unset). And
    it also enables the node traversor to see the outer Document node. 2182
  • Selected Elements can now be position swapped inline using
    Elements#set(). 2212
Bug Fixes
  • Element.cssSelector() would fail if the element's class contained a *
    character. 2169
  • When tracking source ranges, a text node following an invalid self-closing element may be left
    untracked. 2175
  • When a document has no doctype, or a doctype not named html, it should be parsed in Quirks
    Mode. 2197
  • With a selector like div:has(span + a), the has() component was not working correctly, as the inner combining
    query caused the evaluator to match those against the outer's siblings, not
    children. 2187
  • A selector query that included multiple :has() components in a nested :has() might incorrectly
    execute. 2131
  • When cookie names in a response are duplicated, the simple view of cookies available via
    Connection.Response#cookies() will provide the last one set. Generally it is better to use
    the Jsoup.newSession method to maintain a cookie jar, as that
    applies appropriate path selection on cookies when making requests. 1831
  • When parsing named HTML entities, base entities should resolve if they are a prefix of the input token (and not in an
    attribute). 2207
  • Fixed incorrect tracking of source ranges for attributes merged from late-occurring elements that were implicitly
    created (html or body). 2204
  • Follow the current HTML specification in the tokenizer to allow < as part of a tag name, instead of emitting it as a
    character node. 2230
  • Similarly, allow a < as the start of an attribute name, vs creating a new element. The previous behavior was
    intended to parse closer to what we anticipated the author's intent to be, but that does not align to the spec or to
    how browsers behave. 1483

v1.18.1

Improvements
  • Stream Parser: A StreamParser provides a progressive parse of its input. As each Element is completed, it is
    emitted via a Stream or Iterator interface. Elements returned will be complete with all their children, and an
    (empty) next sibling, if applicable. Elements (or their children) may be removed from the DOM during the parse,
    for e.g. to conserve memory, providing a mechanism to parse an input document that would otherwise be too large to fit
    into memory, yet still providing a DOM interface to the document and its elements. Additionally, the parser provides
    a selectFirst(String query) / selectNext(String query), which will run the parser until a hit is found, at which
    point the parse is suspended. It can be resumed via another select() call, or via the stream() or iterator()
    methods. 2096
  • Download Progress: added a Response Progress event interface, which reports progress and URLs are downloaded (and
    parsed). Supported on both a session and a single connection
    level. 2164, 656
  • Added Path accepting parse methods: Jsoup.parse(Path), Jsoup.parse(path, charsetName, baseUri, parser),
    etc. 2055
  • Updated the button tag configuration to include a space between multiple button elements in the Element.text()
    method. 2105
  • Added support for the ns|* all elements in namespace Selector. 1811
  • When normalising attribute names during serialization, invalid characters are now replaced with _, vs being
    stripped. This should make the process clearer, and generally prevent an invalid attribute name being coerced
    unexpectedly. 2143
Changes
  • Removed previously deprecated internal classes and methods. 2094
  • Build change: the built jar's OSGi manifest no longer imports itself. 2158
Bug Fixes
  • When tracking source positions, if the first node was a TextNode, its position was incorrectly set
    to -1. 2106
  • When connecting (or redirecting) to URLs with characters such as {, } in the path, a Malformed URL exception would
    be thrown (if in development), or the URL might otherwise not be escaped correctly (if in
    production). The URL encoding process has been improved to handle these characters
    correctly. 2142
  • When using W3CDom with a custom output Document, a Null Pointer Exception would be
    thrown. 2114
  • The :has() selector did not match correctly when using sibling combinators (like
    e.g.: h1:has(+h2)). 2137
  • The :empty selector incorrectly matched elements that started with a blank text node and were followed by
    non-empty nodes, due to an incorrect short-circuit. 2130
  • Element.cssSelector() would fail with "Did not find balanced marker" when building a selector for elements that had
    a ( or [ in their class names. And selectors with those characters escaped would not match as
    expected. 2146
  • Updated Entities.escape(string) to make the escaped text suitable for both text nodes and attributes (previously was
    only for text nodes). This does not impact the output of Element.html() which correctly applies a minimal escape
    depending on if the use will be for text data or in a quoted
    attribute. 1278
  • Fuzz: a Stack Overflow exception could occur when resolving a crafted <base href> URL, in the normalizing regex.
    2165


Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Nov 23, 2024
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from b59efcc to 6a8d66a Compare December 4, 2024 00:01
@renovate renovate bot changed the title chore(deps): update all dependencies fix(deps): update all dependencies Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants