Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump org.springframework.boot:spring-boot-starter-security from 2.5.0 to 3.0.4 #116

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2023

Bumps org.springframework.boot:spring-boot-starter-security from 2.5.0 to 3.0.4.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-security's releases.

v3.0.4

🐞 Bug Fixes

  • Maven plugin uses timezone-local timestamps when outputTimestamp is used #34430
  • org.springframework.boot.web.embedded.jetty.GracefulShutdown uses the wrong class to create its logger #34419
  • @ConfigurationProperties with initialized nested record properties values no longer bind #34407
  • Custom ConfigDataLocationResolver/ConfigDataLoader fails in 3.0.x when combined with spring-boot-devtools #34372
  • defaultTracingObservationHandler is not ordered as documented #34216
  • Spring Boot 3 does not provide a configuration property for configuring red metrics custom tag keys #34194

📔 Documentation

  • Document support for Gradle 8 #34462
  • Update Batch documentation #34437
  • Add link to Failover starter #34422
  • Fix typo in external-config.adoc #34414
  • Fix typo #34398
  • Use plugins DSL consistently in Spring Boot Gradle Plugin docs #34391

🔨 Dependency Upgrades

  • Upgrade to Couchbase Client 3.4.3 #34445
  • Upgrade to Dropwizard Metrics 4.2.17 #34446
  • Upgrade to Jetty 11.0.14 #34447
  • Upgrade to Reactor Bom 2022.0.4 #34444
  • Upgrade to Spring Data Bom 2022.0.3 #34439
  • Upgrade to Spring Framework 6.0.6 #34440
  • Upgrade to Spring Kafka 3.0.4 #34441

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​1993heqiang, @​anandmnair, @​dalbani, @​fmbenhassine, @​izeye, @​jongwooo, and @​ttddyy

v3.0.3

🐞 Bug Fixes

  • ClassNotFoundException during AOT processing of Logback XML that references a variable when defining a component's class #34336
  • Logback configuration errors are not reported when running as a native image #34315
  • Dependency management for Spring LDAP includes spring-ldap-core-tiger which no longer exists #34299
  • Kotlin ConfigurationProperties default values are not picked up when nativeRun is used #34157
  • Maven Plugin's PropertiesMergingResourceTransformer closes InputStream when it should not do so #34072
  • Actuator Health web endpoint broken with Gson and Java 17 #34070
  • Manifests of jars built with Gradle do not have a Implementation entries #34059
  • Spies are not reset after test execution when using @SpyBean #34044
  • Using devtools with Reactive application results in slower restarts #34036
  • spring-boot-dependencies manages mysql:mysql-connector-java which no longer exists #34021
  • Dependency management for Mongo's Java Driver is incomplete #34019
  • jOOQ DefaultConfiguration does not use TransactionProvider #33979

... (truncated)

Commits
  • 16218bc Release v3.0.4
  • 4370757 Use Java 17 in Maven integration tests
  • 5c43e42 Merge branch '2.7.x' into 3.0.x
  • 95cd0f2 Test Boot's Maven Plugin against Maven 3.9.0
  • e998303 Upgrade to Spring Data Bom 2022.0.3
  • 77932d9 Merge branch '2.7.x' into 3.0.x
  • ac27c3c Upgrade to Gradle Enterprise Gradle plugin 3.12.4
  • 6a95f44 Merge branch '2.7.x' into 3.0.x
  • 68a1dd3 Document support for Gradle 8
  • 03dd666 Merge branch '2.7.x' into 3.0.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot) from 2.5.0 to 3.0.4.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v2.5.0...v3.0.4)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-security
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants