v1.0.164-alpha

Commit message

Bump fasterxml.version from 2.17.0 to 2.17.1 (#148)

Bumps fasterxml.version from 2.17.0 to 2.17.1.
Updates com.fasterxml.jackson.core:jackson-core from 2.17.0 to 2.17.1

Commits

• cba40f1 [maven-release-plugin] prepare release jackson-core-2.17.1
• d33c4b5 Prepare for 2.17.1 release
• 2a4a6dc Fix #1256: revert #1117, default recycler pool again threadLocalPool() (for...
• 7e57e5b Update branch designation for CI
• 4b8d399 Part of #1260: write a manually run concurrency test to tease out problem wit...
• 33c4260 Fixes #1262: Add diagnostic method pooledCount() in RecyclerPool (#1263)
• c73bde2 Fix NumberInput.looksLikeValidNumber() implementation (#1241)
• 1c656ae ...
• 11e3bd7 update(tests): migrate remaining JUnit 4 code in core to JUnit 5 (#1248)
• fff79ea update(tests): migrate JUnit 4 code to JUnit 5 in core.base64 to core.sym (#1...
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.17.0 to
2.17.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.17.0 to
2.17.1

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Info

See code diff
Release workflow run

It was initialized by eps-autoapprove-dependabot[bot]

v1.0.163-alpha

Commit message

get tag when doing a release (#147)

Summary

• Routine Change

Details

• get the tag properly when doing a release

Info

See code diff
Release workflow run

It was initialized by anthony-nhs

v1.0.160-alpha

Commit message

Bump org.springframework.boot:spring-boot-starter-parent from 2.3.1.RELEASE to 3.2.5 (#142)

Bumps
org.springframework.boot:spring-boot-starter-parent
from 2.3.1.RELEASE to 3.2.5.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.2.5

🐞 Bug Fixes

• BindValidationFailureAnalyzer uses wrong target #40364
• Log4j2LoggingSystem pollutes Log4j2's environment with a SpringEnvironmentPropertySource that is never removed #40326
• When using Maven, configuring the spring-boot.excludes or spring-boot-includes user properties causes the build to fail with "Cannot find default setter" #40323
• @ServletComponentScan does not register servlet components in a mock web environment #40321
• Loading of custom deny-all filter can cause a StackOverflowError when deploying to Tomcat with Log4j2 configured to use a single JVM-wide logger context #40312
• Jetty support doesn't set virtual thread name #40152
• Executable JAR application startup is slower after 3.2.0 when Hibernate scanner is not disabled #40125
• NoClassDefFoundError can be thrown from LaunchedClassLoader when threads are interrupted #40096

📔 Documentation

• Producible's javadoc has the wrong link text for @WriteOperation and @DeleteOperation #40386
• Clarify requirements for -parameters and constructor binding #40157

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.4 #40394
• Upgrade to AspectJ 1.9.22 #40293
• Upgrade to Awaitility 4.2.1 #40294
• Upgrade to Byte Buddy 1.14.13 #40295
• Upgrade to Groovy 4.0.21 #40296
• Upgrade to Hazelcast 5.3.7 #40297
• Upgrade to Jakarta Json Bind 3.0.1 #40298
• Upgrade to Jersey 3.1.6 #40299
• Upgrade to Jetty 12.0.8 #40300
• Upgrade to jOOQ 3.18.14 #40301
• Upgrade to Json-smart 2.5.1 #40302
• Upgrade to Kafka 3.6.2 #40303
• Upgrade to Lombok 1.18.32 #40304
• Upgrade to Maven Invoker Plugin 3.6.1 #40305
• Upgrade to Maven Source Plugin 3.3.1 #40306
• Upgrade to Micrometer 1.12.5 #40207
• Upgrade to Micrometer Tracing 1.2.5 #40208
• Upgrade to MongoDB 4.11.2 #40307
• Upgrade to Neo4j Java Driver 5.19.0 #40218
• Upgrade to Netty 4.1.109.Final #40395
• Upgrade to Pulsar Reactive 0.5.4 #40396
• Upgrade to R2DBC Postgresql 1.0.5.RELEASE #40309
• Upgrade to Reactor Bom 2023.0.5 #40209
• Upgrade to SLF4J 2.0.13 #40397
• Upgrade to Spring AMQP 3.1.4 #40210
• Upgrade to Spring Authorization Server 1.2.4 #40211
• Upgrade to Spring Data Bom 2023.1.5 #40212
• Upgrade to Spring Framework 6.1.6 #40213
• Upgrade to Spring GraphQL 1.2.6 #40310
• Upgrade to Spring HATEOAS 2.2.2 #40376
• Upgrade to Spring Integration 6.2.4 #40214

... (truncated)

Commits

• b3a160d Release v3.2.5
• f5b51ab Merge branch '3.1.x' into 3.2.x
• 6b44072 Remove dependency on the git ref when creating releases
• b13d006 Fix action that publishes to SDKman
• f84a263 Merge branch '3.1.x' into 3.2.x
• 56b59cd Fix action that publishes the Gradle plugin
• 9a28ae1 Merge branch '3.1.x' into 3.2.x
• 18ada7c Next development version (v3.1.12-SNAPSHOT)
• 816b9b9 Merge branch '3.1.x' into 3.2.x
• 8a22108 Use the version not the tag when creating the build name
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  o...

v1.0.159-alpha

Commit message

Upgrade java, upgrade spring-boot, add more tests (#143)

Summary

• Routine Change

Details

• upgrade java to eclipse-temurin:21.0.2_13-jdk
• use new tool to check for licenses to allow libraries with no license
  information
• in the docker container use jlink to create a jre rather than a full
  java image
• add Makefile targets and docker-compose file to run docker container
• increase memory size used by java in the container
• Updates spring boot to version 3.2.4
• adds examples for testing validator

---

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Info

See code diff
Release workflow run

It was initialized by anthony-nhs

v1.0.158-alpha

Commit message

Bump io.github.oshai:kotlin-logging-jvm from 6.0.4 to 6.0.9 (#141)

Bumps
io.github.oshai:kotlin-logging-jvm
from 6.0.4 to 6.0.9.

Release notes

Sourced from io.github.oshai:kotlin-logging-jvm's releases.

6.0.9

What's Changed

• Bump gradle/wrapper-validation-action from 1 to 3 by @​dependabot in oshai/kotlin-logging#422

Full Changelog: oshai/kotlin-logging@6.0.8...6.0.9

6.0.8

What's Changed

• Bump com.android.library from 8.2.2 to 8.3.2 by @​dependabot in oshai/kotlin-logging#421
• Bump io.github.gradle-nexus.publish-plugin from 1.3.0 to 2.0.0 by @​dependabot in oshai/kotlin-logging#417

Full Changelog: oshai/kotlin-logging@6.0.7...6.0.8

6.0.7

Full Changelog: oshai/kotlin-logging@6.0.5...6.0.7

6.0.5

What's Changed

• Upgrading Gradle to 8.X by @​severn-everett in oshai/kotlin-logging#412
• Remove Gradle workaround by @​severn-everett in oshai/kotlin-logging#419
• Added Android native targets by @​severn-everett in oshai/kotlin-logging#420
• Bump actions/cache from 4.0.1 to 4.0.2 by @​dependabot in oshai/kotlin-logging#409
• Bump actions/configure-pages from 4 to 5 by @​dependabot in oshai/kotlin-logging#413

Full Changelog: oshai/kotlin-logging@6.0.4...6.0.5

Commits

• c3b55ba bump version to 6.0.10
• e0819c4 Upgrade slf4j to 2.0.13
• 770aa84 Bump gradle/wrapper-validation-action from 1 to 3
• 9c41e0b bump version to 6.0.9
• 545731f Bump io.github.gradle-nexus.publish-plugin from 1.3.0 to 2.0.0
• d287a4a Bump com.android.library from 8.2.2 to 8.3.2
• cc4ef58 bump version to 6.0.8
• a10243c trying to apply a fix
• e1a22e0 bump version to 6.0.7
• 0767017 revert PR #420 for issue #407
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Info

See code diff
Release workflow run

It was initialized by eps-autoapprove-dependabot[bot]

v1.0.157-alpha

Commit message

Bump idna from 3.4 to 3.7 (#140)

Bumps idna from 3.4 to 3.7.

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the
  Security Alerts
  page.

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Info

See code diff
Release workflow run

It was initialized by eps-autoapprove-dependabot[bot]

v1.0.156-alpha

Commit message

Bump io.github.microutils:kotlin-logging from 1.12.0 to 2.0.5 (#139)

Bumps io.github.microutils:kotlin-logging from 1.12.0 to 6.0.4.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

---

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Brown [email protected]

Info

See code diff
Release workflow run

It was initialized by anthony-nhs

v-java-upgrade

testing java upgrade

v1.0.155-alpha

Commit message

Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 (#138)

Bumps org.jacoco:jacoco-maven-plugin
from 0.8.11 to 0.8.12.

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.12

New Features

• JaCoCo now officially supports Java 22 (GitHub #1596).
• Experimental support for Java 23 class files (GitHub #1553).

Fixed bugs

• Branches added by the Kotlin compiler for functions with default arguments and having more than 32 parameters are filtered out during generation of report (GitHub #1556).
• Branch added by the Kotlin compiler version 1.5.0 and above for reading from lateinit property is filtered out during generation of report (GitHub #1568).

Non-functional Changes

• JaCoCo now depends on ASM 9.7 (GitHub #1600).

Commits

• dbfb6f2 Prepare release 0.8.12
• a50585b Upgrade maven-plugin-plugin to 3.6.4 (#1604)
• fd63cc5 Configure labels that Dependabot assigns to PRs (#1603)
• 03a5333 Add configuration for Dependabot to simplify updates of ASM (#1601)
• 40ff9fb Upgrade ASM to 9.7 (#1600)
• 9077178 Happy birthday Java 22! (#1596)
• 7edd1b5 Bump actions/setup-java from 4.1.0 to 4.2.1 (#1594)
• e50b547 Upgrade ECJ to 3.37.0 (#1590)
• a1144d0 Upgrade maven-site-plugin to 3.12.1 (#1586)
• 04b0141 Bump actions/setup-java from 4.0.0 to 4.1.0 (#1587)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] [email protected]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Info

See code diff
Release workflow run

It was initialized by eps-autoapprove-dependabot[bot]

v1.0.154-alpha

Commit message

Bump gitpython from 3.1.42 to 3.1.43 (#137)

Bumps gitpython
from 3.1.42 to 3.1.43.

Release notes

Sourced from gitpython's releases.

3.1.43

Particularly Important Changes

These are likely to affect you, please do take a careful look.

• Issue and test deprecation warnings by @​EliahKagan in gitpython-developers/GitPython#1886
• Fix version_info cache invalidation, typing, parsing, and serialization by @​EliahKagan in gitpython-developers/GitPython#1838
• Document manual refresh path treatment by @​EliahKagan in gitpython-developers/GitPython#1839
• Improve static typing and docstrings related to git object types by @​EliahKagan in gitpython-developers/GitPython#1859

Other Changes

• Test in Docker with Alpine Linux on CI by @​EliahKagan in gitpython-developers/GitPython#1826
• Build online docs (RTD) with -W and dependencies by @​EliahKagan in gitpython-developers/GitPython#1843
• Suggest full-path refresh() in failure message by @​EliahKagan in gitpython-developers/GitPython#1844
• repo.blame and repo.blame_incremental now accept None as the rev parameter. by @​Gaubbe in gitpython-developers/GitPython#1846
• Make sure diff always uses the default diff driver when create_patch=True by @​can-taslicukur in gitpython-developers/GitPython#1832
• Revise docstrings, comments, and a few messages by @​EliahKagan in gitpython-developers/GitPython#1850
• Expand what is included in the API Reference by @​EliahKagan in gitpython-developers/GitPython#1855
• Restore building of documentation downloads by @​EliahKagan in gitpython-developers/GitPython#1856
• Revise type annotations slightly by @​EliahKagan in gitpython-developers/GitPython#1860
• Updating regex pattern to handle unicode whitespaces. by @​jcole-crowdstrike in gitpython-developers/GitPython#1853
• Use upgraded pip in test fixture virtual environment by @​EliahKagan in gitpython-developers/GitPython#1864
• lint: replace flake8 with ruff check by @​Borda in gitpython-developers/GitPython#1862
• lint: switch Black with ruff-format by @​Borda in gitpython-developers/GitPython#1865
• Update readme and tox.ini for recent tooling changes by @​EliahKagan in gitpython-developers/GitPython#1868
• Split tox lint env into three envs, all safe by @​EliahKagan in gitpython-developers/GitPython#1870
• Slightly broaden Ruff, and update and clarify tool configuration by @​EliahKagan in gitpython-developers/GitPython#1871
• Add a "doc" extra for documentation build dependencies by @​EliahKagan in gitpython-developers/GitPython#1872
• Describe Submodule.__init__ parent_commit parameter by @​EliahKagan in gitpython-developers/GitPython#1877
• Include TagObject in git.types.Tree_ish by @​EliahKagan in gitpython-developers/GitPython#1878
• Improve Sphinx role usage, including linking Git manpages by @​EliahKagan in gitpython-developers/GitPython#1879
• Replace all wildcard imports with explicit imports by @​EliahKagan in gitpython-developers/GitPython#1880
• Clarify how tag objects are usually tree-ish and commit-ish by @​EliahKagan in gitpython-developers/GitPython#1881

New Contributors

• @​Gaubbe made their first contribution in gitpython-developers/GitPython#1846
• @​can-taslicukur made their first contribution in gitpython-developers/GitPython#1832
• @​jcole-crowdstrike made their first contribution in gitpython-developers/GitPython#1853
• @​Borda made their first contribution in gitpython-developers/GitPython#1862

Full Changelog: gitpython-developers/GitPython@3.1.42...3.1.43

Commits

• 5364053 bump version to 3.1.43
• 4e626bd Merge pull request #1886 from EliahKagan/deprecation-warnings
• f6060df Add GitMeta alias
• 8327b45 Test GitMeta alias
• f92f4c3 Clarify security risk in USE_SHELL doc and warnings
• c7675d2 update security policy, to use GitHub instead of email
• cf2576e Make/use test.deprecation.lib; abandon idea to filter by module
• 7cd3aa9