Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump spring-core from 6.0.7 to 6.0.8 #944

Closed
wants to merge 1 commit into from
Closed

chore(deps): Bump spring-core from 6.0.7 to 6.0.8 #944

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 17, 2023
edited

Bumps spring-core from 6.0.7 to 6.0.8.

Release notes

Sourced from spring-core's releases.

v6.0.8

⭐ New Features

  • Disable variable assignment in SimpleEvaluationContext #30326
  • Limit SpEL expression length #30325
  • Limit string concatenation in SpEL expressions #30324
  • Introduce StringUtils.truncate() #30290
  • Introduce ObjectUtils.nullSafeConciseToString() #30286
  • Introduce assertions against Cookie attributes in CookieResultMatchers for MockMvc #30285
  • Polishing #30267
  • Support SameSite cookie attribute in MockMvcHttpConnector #30264
  • Update MockCookie to make use of Servlet 6.0 APIs and semantics for "attributes" #30263
  • Refine initRequestBuilder in DefaultWebClient #30254
  • HttpServerErrorException contains not-serializable field of type DefaultResponseErrorHandler #30224
  • Add class hints for Jackson annotations on fields and methods #30208
  • Add HttpMethod reflection hint to ObjectToObjectConverterRuntimeHints #30201
  • Improve performance of canRead() in HttpMessageReader's #30192
  • Optimize array creation in SpEL ConstructorReference #30189
  • ConstructorResolver error hints about mixing indexed and named args #30169
  • Replace Collections.unmodifiableList(new ArrayList(..)) with List.copyOf() #30166
  • Add assert null validations for DefaultServerResponseBuilder #30157
  • Use InputStream.readAllBytes() in FileCopyUtils.copyToByteArray() #30155
  • Cache ServerHttpRequest::getMethod in AbstractServerHttpRequest #30139
  • Use String.equals() in LiteralPathElement #30138
  • Optimize some iterations in BodyExtractor and BodyInserter #30136
  • Add a couple missing java.time types to StatementCreatorUtils #30123
  • WebClient observations should not record CANCEL signals as aborted if response was received #30070
  • Destroy method not found in native image if concrete bean type is not exposed #29545
  • Contribute init/destroy lifecycle introspection hints for registered beans #29246

🐞 Bug Fixes

  • NPE thrown for nonexistent default-destroy-method in XML config #30301
  • Fix comparison of title in equals() and hashCode() of ProblemDetail #30294
  • SSE breaks with indenting serializer in WebMvc.fn #30277
  • @HttpExchange interface does not resolve return type correctly while using with suspending methods #30266
  • Increase max regex length in SpEL expressions #30265
  • Missing response information from client observation context when filter functions fail #30247
  • NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #30245
  • Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #30220
  • Refine generic type management in AbstractMessageWriterResultHandler #30214
  • MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #30210
  • Encode IPV6 Zone IDs (%) in ReactorServerHttpRequest #30188
  • Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #30161
  • Fix IllegalArgumentException that prevents STOMP DISCONNECT from reaching the client #30120
  • TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #30115

📔 Documentation

  • Add since tags to sameSite() and attribute() in CookieResultMatchersDsl #30308

... (truncated)

Commits
  • 3bea468 Release v6.0.8
  • be17c8d Disable variable assignment in SimpleEvaluationContext
  • b73f5fc Limit SpEL expression length
  • bc1511d Limit string concatenation in SpEL expressions
  • db9b139 Change max regex length in SpEL expressions to 1000
  • bd029b9 Ensure RestClientResponseException is serializable
  • 5f22648 Polishing contribution
  • a8f31f5 Improve ProblemDetail equals and hashCode
  • 90627b4 Upgrade to Micrometer 1.10.6
  • 4acc71b Upgrade to Reactor 2022.0.6 and Netty 4.1.91
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the Type: Dependencies Pull requests that update a dependency file label Apr 17, 2023
@dependabot dependabot bot force-pushed the dependabot/maven/org.springframework-spring-core-6.0.8 branch from 13681a7 to 848a7bb Compare April 21, 2023 06:30
@bbortt
Copy link
Collaborator

bbortt commented Jun 14, 2023

@dependabot rebase

@bbortt bbortt self-assigned this Jun 14, 2023
@dependabot dependabot bot force-pushed the dependabot/maven/org.springframework-spring-core-6.0.8 branch from 848a7bb to eef31ad Compare June 14, 2023 08:00
@bbortt bbortt mentioned this pull request Jun 14, 2023
Merged
@dependabot @bbortt
chore(deps): Bump spring-core from 6.0.7 to 6.0.11
f6b9139 
Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 6.0.7 to 6.0.11.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.7...v6.0.11)

---
updated-dependencies:
- dependency-name: org.springframework:spring-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@bbortt bbortt force-pushed the dependabot/maven/org.springframework-spring-core-6.0.8 branch from eef31ad to f6b9139 Compare July 26, 2023 16:37
@bbortt
Copy link
Collaborator

bbortt commented Jul 27, 2023

@christophd I do not manage to make the build pass.. based on the changes, I do not think that it impacts anything. must be (extremely) flaky.. could you merge it without further ado, please?

@bbortt
Copy link
Collaborator

bbortt commented Jul 27, 2023
edited

@christophd I do not manage to make the build pass.. based on the changes, I do not think that it impacts anything. must be (extremely) flaky.. could you merge it without further ado, please?

never mind that, I think the underlying implementation changed. it uses InputStream#readAllBytes instead of InputStream#.transferTo now. I must fix the test.

@christophd
Copy link
Member

@bbortt I have done an update on all dependency versions in this PR #958. This includes the Spring update and indeed there has been a change in the method calls on the mock that fixes the test.

@bbortt
Copy link
Collaborator

bbortt commented Jul 27, 2023

@christophd ok, that aligns with my fix. I won't push it then.

@bbortt bbortt closed this Jul 27, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 27, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/maven/org.springframework-spring-core-6.0.8 branch July 27, 2023 18:59
@bbortt
Copy link
Collaborator

bbortt commented Jul 27, 2023

as stated in the comments, PR is superseded by #958.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbortt bbortt bbortt approved these changes

Assignees

@bbortt bbortt

Labels
Type: Dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bbortt @christophd