◐ Shell
clean mode source ↗

Bump spring-core from 3.0.5.RELEASE to 4.3.19.RELEASE in /broker-workplace by dependabot[bot] · Pull Request #5 · cherkavi/java-code-example

dependabot

Bumps spring-core from 3.0.5.RELEASE to 4.3.19.RELEASE.

Release notes

Sourced from spring-core's releases.

4.1.7 Release

⭐ New Features

  • Avoid reflection for creating StandardServletAsyncWebRequest [SPR-13112] #17703
  • Provide means to opt out of default annotation based transaction management by bean [SPR-13109] #17700
  • Make PropertyMatches public [SPR-13054] #17646
  • mvc:resources does not handles directories well [SPR-12999] #17591
  • Same Origin check in both AbstractSockJSService and OriginHandshakeInterceptor is not working with Tyrus client [SPR-12956] #17548
  • MethodJmsListenerEndpoint does not set the DestinationResolver on the MessagingMessageListenerAdapter [SPR-12927] #17520
  • Use higher log level in InvocableHandlerMethod.getMethodArgumentValues() [SPR-12925] #17518
  • Spring logs FactoryBean type check warning in case of factory method with arguments [SPR-12900] #17499
  • AnnotatedElementUtils should leniently ignore TypeNotPresentExceptions (just like AnnotationUtils) [SPR-12889] #17487
  • Support package private annotations with AnnotationUtils [SPR-12858] #17456
  • @Aspect aspect not correctly applied to Java 8 lambda-defined @Beans [SPR-11807] #16427

🪲 Bug Fixes

  • YAML Processor leaves StreamDecoder open [SPR-13173] #17765
  • GzipResourceResolver has NullPointerException when used with VersionResourceResolver [SPR-13149] #17740
  • AntPathMatcher throws StringIndexOutOfBoundsException [SPR-13139] #17730
  • XML input vulnerability based on DTD declaration [SPR-13136] #17727
  • ObjenesisCglibAopProxy's fallback mode triggers duplicate class definition error [SPR-13131] #17722
  • FileNotFoundException when implementing a nested interface with groovy closure in a @Component [SPR-13115] #17706
  • When use a @args as pointcut, there is case that occur a NPE at calling the unrelated method [SPR-13102] #17693
  • Configuration class parsing may trigger NoClassDefFoundError for nested classes [SPR-13091] #17682
  • H4 SpringSessionSynchronization#beforeCompletion leaves irreparably broken state if exception thrown in session.disconnect() [SPR-13089] #17680
  • Wrong IllegalStateException for @Cacheable without a cache name [SPR-13081] #17672
  • DefaultMockMvcBuilder combined with @ContextHierarchy registers wrong context as ROOT [SPR-13075] #17667
  • ByteBuffer corrupted by ByteBufferConverter when passed through Spring [SPR-13056] #17648
  • Remoting over JMS with receiveTimeout blocks service forever [SPR-13052] #17644
  • NPE in PropertyOrFieldReference due to concurrency issue when caching SpelExpression objects [SPR-13023] #17614
  • Validation of frame content in org.springframework.web.socket.sockjs.frame.SockJsFrame is a NoOp [SPR-13019] #17610
  • StringIndexOutOfBoundsException in ResourceUrlEncodingFilter [SPR-13018] #17609
  • NPE for alias resolved to null in SimpleAliasRegistry [SPR-13016] #17607
  • Commons FileUpload failed after Spring framework upgrade [SPR-13014] #17605
  • CustomBooleanEditor may run into NPE when configured with allowEmpty=false [SPR-13010] #17601
  • ContentCachingResponseWrapper should NOT sendError() before write body [SPR-13004] #17596
  • RequestMapping maps root-controller handler methods with double slashes [SPR-12975] #17566
  • PatternMatchUtils infinite loop bug [SPR-12971] #17563
  • Regression: DLL handled as classpath resource [SPR-12928] #17521
  • ResponseEntity's #equals fails symmetric property. [SPR-12910] #17509
  • Async Execution Aspect compiler error when using ListenableFuture [SPR-12895] #17494
  • CachingResourceResolver + GzipResourceResolver caches different results depending on what is requested first [SPR-12892] #17491
  • Regression in handling of String passed as Types.OTHER to JdbcTemplate [SPR-12890] #17488
  • client-library-url in sockjs config is not working [SPR-12874] #17472
  • CronSequenceGenerator constructor goes into infinite loop with invalid increments [SPR-12871] #17469
  • Incorrect value in InvalidPropertyException message from BeanWrapperImpl.setPropertyValue [SPR-12866] #17464
  • Netty4ClientHttpRequest ignores query parameters [SPR-12779] #17377

📔 Documentation

... (truncated)
Commits
  • f428cbb Release version 4.3.19.RELEASE
  • 6a5d986 Fix SpEL compilation for non trivial elvis operand
  • 8ce9236 Polishing
  • 1a626ab SpelExpression consistently exposes EvaluationContext to compiled AST
  • 56194a1 Transactional timeout documented as seconds in annotation javadoc
  • a496836 Upgrade to Tomcat 8.5.33 and Netty 4.1.29
  • 974e7b8 Polishing
  • 069704f Support Jackson filters in combination with serialization view
  • d38eb9d SimpleAliasRegistry.hasAlias properly resolves multiple chained aliases
  • 5bd4f88 Polishing
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.