Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.boot:spring-boot-starter-test - abandoned #642

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency org.springframework.boot:spring-boot-starter-test - abandoned #642

wants to merge 1 commit into from

Conversation

mend-for-jackfan.us.kg[bot]
Copy link

This PR contains the following updates:

Package Update Change
org.springframework.boot:spring-boot-starter-test (source) minor 2.0.0.RELEASE -> 2.4.0
org.springframework.boot:spring-boot-starter-test (source) major 1.5.17.RELEASE -> 2.0.0.RELEASE

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2022-22965 #504
High 7.8 CVE-2022-27772 #502
High 7.5 CVE-2017-18640 #357
Medium 6.5 CVE-2022-22950 #501

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.1 CVE-2021-27568 #409

Release Notes

spring-projects/spring-boot

v2.4.0

⭐ New Features

  • Provide a property or environment variable to enable DevTools' restarter irrespective of how the application was launched #​21424

🪲 Bug Fixes

  • Using last modified for static resources in reproducible archives and images causes unwanted browser caching #​24099
  • BootJar's afterResolve action causes resolution failures with the Versions plugin due to configurations being copied and made resolvable #​24072
  • Configuration metadata annotation processor may use the wrong accessor for boolean properties #​24059
  • When using Tomcat, key and trust store passwords set via javax.net.ssl system properties are overwritten with null when Spring Boot's equivalent properties have not been set #​24053
  • Config files no longer loaded if they contain a hidden path element #​24043
  • @DataJpaTest using H2 with schema.sql and spring.datasource.schema-username fails #​24024
  • "java.lang.IllegalStateException: zip file closed" when call JarFileWrapper.stream() of spring-boot-loader #​24017
  • JdbcStoreTypeConfiguration picks transaction of primary data source when Quartz data source is not the primary data source #​24015
  • TestTypeExcludeFilter does not implement hashCode and equals as required by its super-class #​24013
  • Our auto-configuration should not use @PostConstruct as it's ignored on Java 11+ without a dependency on jakarta-annotation-api #​24010
  • @MockBean fields are not reset for JUnit 5 @Nested tests using @WebMvcTest #​23984
  • ClasspathLoggingApplicationListener logs the classpath as unknown on Java 11 and later #​23138

📔 Documentation

  • Fix link to Flyway callback docs #​24122
  • Fix deprecation warnings in javadoc comments #​24120
  • Provide more details about overriding SpringPhysicalNamingStrategy's case insensitive flag #​24062
  • Clarify documentation regarding relaxed binding of environment variables #​24033
  • Enhance spring.datasource.initialization-mode property description #​24030
  • Recommend disabling context path redirects when using proxy-terminated SSL with Tomcat #​24026
  • Improve Spring Session back off documentation #​24019
  • Clarify the javadoc of AutoConfigureTestDatabase to make it clearer that it only replaces the main DataSource #​24007
  • Recommend that bean definitions provide as much type information as possible #​24005
  • logging.file.* properties flagged with error level while they are still honoured #​23995
  • Add missing default value for enum-based configuration properties #​23992
  • Configuration property replacement metadata for spring.resources.cache.cachecontrol.stale-while-revalidate is invalid #​23980

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.12.RELEASE

🪲 Bug Fixes

  • MetricsRestTemplateCustomizer and LocalHostUriTemplateHandler cannot be used together when building a RestTemplate with RestTemplateBuilder #​26812
  • CompositeHealth.getDetails() does not serialize if MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS is disabled #​26797
  • LoggingSystem should not return LogbackLoggingSystem if logback-classic is not available #​26711
  • Non-static nested @Configuration in JerseySameManagementContextConfiguration #​26695
  • Possible divide by zero bugs when using RandomValuePropertySource #​26628
  • Auto-configured resource handlers don't get applied to child contexts #​25743
  • Jar startup fails on JDK 11 with a SecurityManager enabled #​25538
  • bootBuildImage runs forever when a custom image name is used and the version contains an illegal character #​23115

📔 Documentation

  • Link to Spring Data JPA points to Spring Data JDBC #​26736
  • Clarify when a connection pool is created for Redis #​26733
  • Polish description of server.servlet.session.cookie.domain #​26713
  • Document spring.profiles.default property #​26592
  • Document Kubernetes terminationGracePeriodSeconds #​26469

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.11.RELEASE

🪲 Bug Fixes

  • SmartInitializingSingleton beans are not working with lazy initialization #​26470
  • ConfigurationProperties is retrieved via classpath scanning but does not indicate it should be indexed #​26459
  • @DataRedisTest does not consider RedisReactiveAutoConfiguration #​26319
  • SpringBootConfiguration is retrieved via classpath scanning but does not indicate it should be indexed #​26308
  • bootBuildImage does not pick up targetCompatibility when it's configured after task is customised #​26297
  • When a single bean causes a dependency cycle the failure analysis does not clearly illustrate the cycle #​26292
  • When a single bean causes a dependency cycle the failure analysis does not clearly illustrate the cycle #​26269
  • @EnableAutoConfiguration and @ImportAutoConfiguration use different class loaders to find candidate configurations #​26234
  • Configuration item metadata ordering is not consistent #​26230
  • Maven spring-boot:build-image ignores ZIP layout #​26216
  • Resolvability and consumability of productionRuntimeClasspath are not aligned with runtimeClasspath #​25798
  • MVC and WebFlux metrics filters adversely affect the response when metrics recording fails #​24151
  • An active request delays Jetty's shutdown by 30 seconds #​22689
  • Actuator doesn't use the CORS Configuration with default security configuration and Spring MVC #​11987

📔 Documentation

  • Document that the heap dump endpoint requires a HotSpot JVM #​26467
  • Fix wrong reference to Cassandra in DockerImageNames#couchbase #​26399
  • Move Working with the Code from CONTRIBUTING.adoc to the wiki #​26332
  • Fix typo in NamedContributors Javadoc #​26321
  • Document property names to enable reactive health indicators #​26279
  • Documentation has wrong key for DataSourceHealthIndicator #​26268
  • Align documentation with main default branch name #​26255
  • Improve documentation of TestRestTemplate's fault tolerance #​26227
  • Align Maven version in system requirements with what is actually tested #​26209
  • Use new update site for Spring Java Format's Eclipse plugin #​26167
  • Update Gradle docs to use module replacement rather than dependency substitution #​25944
  • Document that MeterFilters are only applied to the Spring-managed MeterRegistry #​25610
  • Enhance multiple entity manager factories online documentation #​14928

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.10.RELEASE

🪲 Bug Fixes

  • Gradle bootBuildImage does not preserve file permissions for resources #​25915
  • Keystore.load calls do not close InputStream #​25884
  • Unlike Micrometer's PushMeterRegistry, PrometheusPushGatewayManager stops publishing when an UnknownHostException is caught #​25804
  • When running with a context hierarchy, PrimaryDefaultValidatorPostProcessor causes a NoSuchBeanDefinitionException when a Validator is in an ancestor context #​25800
  • java.util.concurrent.RejectedExecutionException is logged when shutting down Spring Boot app with Cassandra #​25796
  • DefaultErrorWebExceptionHandler does not remove MetaType.ALL when a quality values is present #​25778
  • Unpacked jars are not deleted when the JVM exits #​25773
  • TldPatterns are not aligned with Tomcat #​25764
  • URI tag of http.client.requests metric ignores REST template's root URI #​25744
  • Actuator's rest template metrics customization prevents RootUriRequestExpectationManager.forRestTemplate from identifying that the template has had a root URI configured #​25741
  • spring-boot:build-image hangs when classifier is specified in configuration #​25736
  • An EnvironmentAware FailureAnalyzer may be configured with the wrong Environment #​25691
  • AbstractWebMvcEndpointHandlerMapping does not chain InvalidEndpointRequestExceptions #​25642
  • When multiple schema or data script locations are configured and no resources can be found at a location, you can't tell which location is faulty #​25620
  • spring-boot:build-image hangs if finalName is specified in Spring Boot plugin configuration #​25590
  • EmbeddedDatabaseConnection#h2 should not specify a host name #​25560
  • RSocket's EmbeddedServerAutoConfiguration does not back off if spring-web is absent #​25551
  • Incorrect ConfigurationMetadataRepository when loaded from json files containing properties of the same group #​25507
  • Layertools may extract entries outside of the destination path #​25505
  • Default fork value for spring-boot:stop is not consistent #​25472
  • CloudPlatform.isActive can return true when spring.main.cloud-platform is set to NONE #​25455
  • @ConfigurationProperties class's default values are not visible in the Errors instance passed to Validator.validate(Object target, Errors errors) #​25356
  • Application fails to start when using Actuator and Jersey configured as a Filter #​25262
  • javax.persistence.schema-generation.database.action is ignored when checking if default DDL auto setting should be applied #​25129
  • Elasticsearch auto-configuration does not configure default converters #​25087

📔 Documentation

  • Javadoc link for non-public autoconfiguration classes does not exist #​25948
  • Use main as the branch name in info endpoint example #​25865
  • Document more prominently that DataJpaTest sets spring.jpa.show-sql=true by default #​25843
  • Update deprecation warnings with for removal targets #​25808
  • Description of management.metrics.export.influx.db is wrong #​25723
  • Document how to configure Maven's Failsafe plugin when not using spring-boot-starter-parent #​25621
  • Fix typos in README #​25597
  • Highlight link to Actuator API docs in the reference docs #​25486
  • Correct javadoc for ON_PARAM to accurately describe its behavior #​25480
  • Fix wording error in build-info goal description #​25382
  • Improve documentation of Mockito test execution listeners #​25375
  • Polish HTTP client metrics documentation wording #​25353
  • Document limitations of using deferred JPA bootstrap and early access to JPA #​24027
  • Document how to provide runtime JVM arguments when building an image #​21478

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.9.RELEASE

🪲 Bug Fixes

  • Migrations performed by Flyway or Liquibase may not have completed before the database is accessed via jOOQ #​25279
  • Dependency management for Hibernate's new hibernate-micrometer module is missing #​25277
  • DatabaseDriver does not detect Amazon Redshift correctly #​25265
  • Missing RabbitMQ metrics if bean is defined as a ConnectionFactory #​25138
  • A ContextRefreshedEvent from a child context may result in deadlock when using JPA deferred repositories #​24966
  • Spring Data Solr support is not flagged as deprecated #​24942
  • Failures when recording metrics in MetricsClientHttpRequestInterceptor may interfere with RestTemplate's main behaviour #​24753
  • WebMvcTest and WebFluxTest ignore user-provided Thymeleaf IDialect beans #​24149

📔 Documentation

  • Update the Gradle plugin documentation to recommend the maven-publish plugin over the maven plugin #​25299
  • Document Kafka Streams metrics support #​25272
  • Default values of integer properties in the application properties appendix are rendered as decimals #​25172
  • bootRun project property command line example is incomplete #​25012
  • Document the need to use the launcher to be able to use application.* properties in a custom banner #​24982
  • CONTRIBUTING.adoc contains broken link to spring-javaformat-intellij-idea-plugin #​24864
  • Since 2.3.8 and 2.4.2, the documented index format does not match the implementation #​24856
  • Add version to reference docs index #​24848
  • Document logging.register-shutdown-hook and why you may want to enable it #​24507
  • Add some guidance to the reference documentation about diagnosing unexpected property values #​24336
  • Clarify when retaining . characters in property keys requires bracket notation to be used #​23390
  • Highlight that Duration and Period conversion is provided by the ApplicationConversionService and, by default, is not available for web conversion #​22718

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.8.RELEASE

🪲 Bug Fixes

  • Default servlet location is not registered using a ServletContextResource #​24747
  • DataSourceUnwrapper calls Wrapper.isWrapperFor with a interface rather than an class causing HikariDataSourceMetricsRegistry failure #​24697
  • JSR-305 @Nullable cannot be used to indicate that a parameter to an endpoint operation is optional #​24647
  • FailureAnalyzers' unmet dependency errors add noise to logs #​24630
  • Auto-configured JdbcSessionDataSourceInitializer does not use the @SpringSessionDataSource if available #​24624
  • Error Invalid entry size when build application with a dependency jar larger than 2,147,483,647 bytes with Gradle #​24618
  • WebServer implementations should return -1 if not listening on a port #​24606
  • Avoid duplicate classes in MergedContextConfiguration #​24532
  • Image is built from jar file when when using war packaging with Gradle #​24521
  • bootRun task does not use the project's toolchain by default #​24517
  • BootRun does not consider configured javaLauncher when determining JVM arguments for an optimized launch #​24512
  • Exploded archives launched using the launcher have an incorrectly ordered classpath that also contains non-existent jar files #​24192
  • spring-boot:build-image has a layout parameter that cannot be always be honoured #​24105
  • WebTestClient base path is not set to the application context path #​24168
  • Opening a connection to a jar:war: URL created by Tomcat results in an illegal reflective access warning on Java 13+ #​18631

📔 Documentation

  • Clarify behaviour of WebServerFactory in reference guide #​24705
  • Migrate away from pivotal-legacy/homebrew-tap #​24680
  • Document warning about InMemoryOAuth2AuthorizedClientService #​24596
  • Harmonize ActiveMQ Artemis naming #​24586
  • Update version of git-properties plugin in the docs #​24567
  • Reorder documentation about building images #​24560
  • Clarify when SpEL expressions in application properties are evaluated #​24531
  • Improve error message when attempting to build an image when using war packaging with Maven #​24522
  • Testing Properties missing from Application Properties Appendix #​24486
  • Improve "Git Commit Information" reference documentation #​24205

🔨 Dependency Upgrades

  • Upgrade to AppEngine SDK 1.9.84 #​24754
  • Upgrade to Byte Buddy 1.10.19 #​24755
  • Upgrade to Dependency Management Plugin 1.0.11.RELEASE #​24821
  • Upgrade to Dropwizard Metrics 4.1.17 #​24756
  • Upgrade to Hazelcast 3.12.11 #​24757
  • Upgrade to Hibernate 5.4.27.Final #​24758
  • Upgrade to Hibernate Validator 6.1.7.Final #​24759
  • Upgrade to Jackson Bom 2.11.4 #​24760
  • Upgrade to Jetty Reactive HTTPClient 1.1.5 #​24761
  • Upgrade to Johnzon 1.2.9 #​24762
  • Upgrade to Lettuce 5.3.6.RELEASE #​24801
  • Upgrade to Micrometer 1.5.10 #​24785
  • Upgrade to Neo4j OGM 3.2.19 #​24763
  • Upgrade to Netty 4.1.58.Final #​24822
  • Upgrade to Netty tcNative 2.0.36.Final #​24823
  • Upgrade to Reactor Dysprosium-SR16 #​24765
  • Upgrade to Spring AMQP 2.2.14.RELEASE #​24824
  • Upgrade to Spring Integration 5.3.5.RELEASE #​24825
  • Upgrade to Spring Kafka 2.5.11.RELEASE #​24826
  • Upgrade to Thymeleaf 3.0.12 #​24599

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.7.RELEASE

🪲 Bug Fixes

  • Configuration property binding processes JavaBean methods in a non-deterministic order which may result in variable behavior #​24424
  • Redis health indicator requests more information than it needs resulting in unnecessarily large responses from Redis #​24250
  • JPA repositories mode should not be deferred by default #​24249
  • ErrorAttributeOptions.excluding throws IllegalArgumentException if includes is empty #​24230
  • Actuator web endpoints cannot respond with custom HTTP status codes when running on MVC or WebFlux #​24222
  • Missing Spring Integration metrics due to the MeterRegistry bean being looked for before it has been defined #​24219
  • WebFluxTags performs unnecessary Pattern compilation when ignoring trailing slashes #​24193
  • elasticsearch-rest-client-sniffer is missing from the dependency management for Elasticsearch's REST client modules #​24185
  • DataSourceUnwrapper calls Wrapper.isWrapperFor with a class rather than an interface causing Oracle UCP warnings #​24154

📔 Documentation

  • Document how to use Devtools without an IDE #​24409
  • Add link to appendix from error handling documentation #​24407
  • Invalid ErrorAttributesOptions#getInclude Javadoc #​24257
  • Security properties appendix contains spring.session and spring.ldap properties that belong elsewhere #​24195
  • Rename "sla" to "slo" in reference documentation #​24160

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.6.RELEASE

🪲 Bug Fixes

  • Configuration metadata annotation processor may use the wrong accessor for boolean properties #​24058
  • When using Tomcat, key and trust store passwords set via javax.net.ssl system properties are overwritten with null when Spring Boot's equivalent properties have not been set #​24052
  • @DataJpaTest using H2 with schema.sql and spring.datasource.schema-username fails #​24023
  • JdbcStoreTypeConfiguration picks transaction of primary data source when Quartz data source is not the primary data source #​24014
  • TestTypeExcludeFilter does not implement hashCode and equals as required by its super-class #​24012
  • Our auto-configuration should not use @PostConstruct as it's ignored on Java 11+ without a dependency on jakarta-annotation-api #​24009
  • Config files no longer loaded if they contain a hidden path element #​23983
  • "java.lang.IllegalStateException: zip file closed" when call JarFileWrapper.stream() of spring-boot-loader #​23821

📔 Documentation

  • Fix link to Flyway callback docs #​24121
  • Provide more details about overriding SpringPhysicalNamingStrategy's case insensitive flag #​24060
  • Clarify documentation regarding relaxed binding of environment variables #​24032
  • Enhance spring.datasource.initialization-mode property description #​24029
  • Recommend disabling context path redirects when using proxy-terminated SSL with Tomcat #​24025
  • Improve Spring Session back off documentation #​24018
  • Clarify the javadoc of AutoConfigureTestDatabase to make it clearer that it only replaces the main DataSource #​24006
  • Recommend that bean definitions provide as much type information as possible #​24004
  • Add missing default value for enum-based configuration properties #​23991

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.3.5.RELEASE

🪲 Bug Fixes

  • Configuration property annotation processor does not notice overriding getter methods #​23969
  • Incremental compilation does not keep metadata for inner classes #​23959
  • HttpEncodingAutoConfiguration is not added to the WebMvcTest slice #​23813
  • Jar entries are duplicated in BOOT-INF/lib with layered jars and Maven #​23801
  • server.servlet.session.timeout not in effect when using Jetty starter without jakarta.annotation and javax.annotation #​23750
  • If the JVM is killed while refresh is in progress, the shutdown hook does not close the context #​23743
  • Setting server.undertow.eager-filter-init has no effect #​23676
  • @ConfigurationPropertiesBinding does not apply Formatter beans #​23614
  • H2 Console error with AbstractRoutingDataSource #​23569
  • When using embedded Jetty, an error response to a HEAD request has a body #​23555
  • Custom layer definition does not pick up snapshots #​23533
  • BootJar.getConfigurations() should not be public API #​23527
  • Dependency management for Netty tcNative does not include its netty-tcnative module #​23508
  • P

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot added the security fix Security fix generated by WhiteSource label May 15, 2022
@mend-for-jackfan.us.kg
Copy link
Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot changed the title Update dependency org.springframework.boot:spring-boot-starter-test Update dependency org.springframework.boot:spring-boot-starter-test - abandoned Jun 20, 2023
@mend-for-jackfan.us.kg
Copy link
Author

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants