Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

chore(deps): bump spring-boot-dependencies from 2.5.3 to 2.5.4 #129

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 20, 2021

Bumps spring-boot-dependencies from 2.5.3 to 2.5.4.

Release notes

Sourced from spring-boot-dependencies's releases.

v2.5.4

🐞 Bug Fixes

  • spring-boot-configuration-metadata leaks enforced dependency constraints into consuming builds #27730
  • Potential NPE in TomcatMetricsBinder.findContext() #27616
  • Cyclic bean definition when a Spring Data repository is a dependency of a MeterBinder #27591
  • spring-boot:build-image hangs when exceptions are thrown during upload #27535
  • WebTestClientContextCustomizerFactory causes an IllegalStateException when WebClient is on the classpath without a supported HTTP client #27527
  • spring.security.dispatcher-types is not applied to Spring Security's filter when running in a separate management context #27505
  • A URI with non-alpha characters in its scheme is not sanitized #27488

📔 Documentation

  • Mention productionRuntimeClasspath in Gradle plugin's documentation #27620
  • Fix typo in javadoc #27618

🔨 Dependency Upgrades

  • Upgrade to ActiveMQ 5.16.3 #27742
  • Upgrade to AppEngine SDK 1.9.91 #27743
  • Upgrade to Cassandra Driver 4.11.3 #27674
  • Upgrade to Couchbase Client 3.1.7 #27675
  • Upgrade to Ehcache3 3.9.5 #27676
  • Upgrade to Glassfish JAXB 2.3.5 #27677
  • Upgrade to Hazelcast 4.1.5 #27744
  • Upgrade to Hazelcast Hibernate5 2.2.1 #27678
  • Upgrade to Janino 3.1.6 #27679
  • Upgrade to Logback 1.2.5 #27680
  • Upgrade to MariaDB 2.7.4 #27681
  • Upgrade to Maven Enforcer Plugin 3.0.0 #27682
  • Upgrade to Micrometer 1.7.3 #27601
  • Upgrade to MIMEPull 1.9.15 #27683
  • Upgrade to Netty 4.1.67.Final #27745
  • Upgrade to Nimbus JOSE JWT 9.10.1 #27701
  • Upgrade to OAuth2 OIDC SDK 9.9.1 #27700
  • Upgrade to Reactor 2020.0.10 #27600
  • Upgrade to SendGrid 4.7.4 #27684
  • Upgrade to Spring Data 2021.0.4 #27633
  • Upgrade to Spring Integration 5.5.3 #27604
  • Upgrade to Spring Kafka 2.7.6 #27602
  • Upgrade to Spring Security 5.5.2 #27603
  • Upgrade to Spring Session 2021.0.2 #27605
  • Upgrade to Tomcat 9.0.52 #27685
  • Upgrade to Undertow 2.2.10.Final #27686

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

... (truncated)

Commits
  • 4c81152 Release v2.5.4
  • a5bd4e9 Merge branch '2.4.x' into 2.5.x
  • 6be27e2 Download artifacts for the publish_gradle_plugin task
  • 29ccbdd Merge branch '2.4.x' into 2.5.x
  • f2b7092 Use token for GitHub authentication consistently
  • e28115e Next development version (v2.4.11-SNAPSHOT)
  • 2c18f26 Merge branch '2.4.x' into 2.5.x
  • ea95c99 Update email address used for release commit
  • 6d8ba3e Merge branch '2.4.x' into 2.5.x
  • ea9f851 Merge pull request #27736 from izeye
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 2.5.3 to 2.5.4.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v2.5.3...v2.5.4)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 20, 2021
@saig0 saig0 merged commit dc792eb into master Aug 20, 2021
@saig0 saig0 deleted the dependabot/maven/org.springframework.boot-spring-boot-dependencies-2.5.4 branch August 20, 2021 11:21
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant