chore: [DevOps] bump the production-minor-patch group across 1 directory with 6 updates

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps the production-minor-patch group with 6 updates in the / directory:

Package	From	To
org.springframework:spring-framework-bom	`6.1.6`	`6.1.7`
com.sap.cloud:neo-java-web-api	`4.76.4`	`4.77.7`
org.openapitools:openapi-generator	`7.5.0`	`7.6.0`
com.sap.cloud.security:java-bom	`3.4.3`	`3.5.0`
com.google.code.gson:gson	`2.10.1`	`2.11.0`
io.grpc:grpc-bom	`1.63.0`	`1.64.0`

Updates org.springframework:spring-framework-bom from 6.1.6 to 6.1.7

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v6.1.7

:star: New Features

ResponseEntity is not reliably closed with InputStreamResource #32802

Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #32793

Failure to process a bean definition ahead-of-time with an instance supplier should provide more contextual information #32775

Provide methods to unambiguously send form data with MockMvc #32757

Introduce NoOp implementation for ResponseErrorHandler #32750

Support varargs invocations in SpEL for varargs array subtype #32704

StreamUtils.copyRange overreads source stream in some cases #32695

Modify error message when timeout is less than TIMEOUT_DEFAULT #32635

Jetty HttpConnections not closed with SSE on Jetty 12.0.7+ when clients close the connection #32629

Prevent duplicate subscription ID's in destinationCache of DefaultSubscriptionRegistry #32625

When retrieval of a LoadTimeWeaverAware bean fails the resulting exception message may not indicate why it was being created #32470

:lady_beetle: Bug Fixes

Do not send Cookie header in reactive JdkClientHttpRequest if no cookies added #32799

Inconsistent use of cleaned URLs in PathMatchingResourcePatternResolver #32828

DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #32766

BindingReflectionHintsRegistrar#registerReflectionHints can be invoked with a null type #32753

AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #32747

Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #32742

MergedAnnotations search does not find container for repeatable annotation #32731

"multiple subscribers not supported" when using WebClient exchange #32727

ConfigurationClassEnhancer should consistently trigger FastClass creation at build-time #32682

HttpComponentsClientHttpRequestFactory does not set Content-Length: 0 #32678

Wrong proxy generation order during AOT for classes with ScopedProxyMode.TARGET\_CLASS and advisors #32669

Unhandled JMS listener exceptions are not propagated #32666

beanFactory#getBean with arguments ignore them if an Instance supplier is defined #32657

Incorrect AsyncRequestTimeoutException handling in ResponseEntityExceptionHandler #32644

Include actual cause's message in various parsing exception messages #32636

Configuration class with Bean factory method on an interface generates wrong target with AOT #32609

RestClient observations are stopped before ResponseSpec calls #32575

MvcUriComponentsBuilder.fromMethodName does not pick the annotated method transparently #32553

Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #32445

RSocket setup payload can cause Netty ByteBuf leak #32424

WebFlux temporary file not always deleted with parallel uploads. #31217

:notebook_with_decorative_cover: Documentation

Replace RFC 7807 by RFC 9457 in documentation #32806

Links to Framework and Servlet Javadoc from Framework's Kotlin API documentation are broken #32797

Fix incorrect class reference syntax in Kotlin code sample #32733

Improve documentation advising against use of HandlerInterceptor for security #32729

Inconsistent behaviour on transactional async method #32709

Document that getBean with arguments is not recommended with AOT #32690

Provide an example of custom request URL with RestClient in the reference guide #32685

Correct documentation on streaming with MockMvcWebTestClient #32687

Document limitations of CGLIB proxy class generation in JPMS module setups #32671

... (truncated)

Commits

5d6f2c8 Release v6.1.7
010e8a3 Polishing contribution
78549d4 Fix cookie management in reactive JdkClientHttpRequest
e4e6910 Polishing
2270df5 Enforce cleaned URL for root resource from ClassLoader
70886e3 Upgrade to Reactor 2023.0.6
e509385 Add InputStreamResource(InputStreamSource) constructor for lambda expressions
b7aafda Polishing
a89a88d Upgrade to Micrometer 1.12.6
c6b6ccd Close ResponseBodyEmitter in case of write errors
Additional commits viewable in compare view

Updates com.sap.cloud:neo-java-web-api from 4.76.4 to 4.77.7

Updates org.openapitools:openapi-generator from 7.5.0 to 7.6.0

Release notes

Sourced from org.openapitools:openapi-generator's releases.

v7.6.0 released

General

Skip setting output folder in online service #18652

fix: Upgrade testng to avoid CVE-2022-4065 #18635

[refactor] Use getType in ModelUtils #18577

Fix null type check when simplifying any type #18504

fix: ExampleGenerator for composed child schemas and array schemas #18479

C#

[csharp] Fixed nullability of composed schemas #18408

[C#] made the HttpSigning method public to get the signed header #18496

C++

[[BUG][C][cpp-restsdk] fix missing Set.h #18631

[C++][Pistache] Compile error when nesting component/schema reference objects #18586

Dart

[dart-dio] Incorrect hashCode and == overide for fields withList #18198

[dart] [dart-dio] Support Dart3 #18001

Go

[GO][Client] Generated GO Client Time Query Param Millisecond Resolution Fix #18673

Add an option to skip unmarshall json in Go client generator #18448

[GO] Add assert constraints checks for complex types in the model template #18654

[Go] uses sanitized model name instead of the name #18644

[go-server] Fix: error handling and linting #18550

HTML

[html2] Fix incorrectly sanitizesd response headers #18685

[html2] Add oneOf support #18642

[html2] Support alias types #18579

[html2] Fix rendering of arrays of objects in html2 docs #18561

Java

upgrade microprofile to junit5 #18669

upgrade okhttp-gson and google-api-client to junit5 #18668

[BUG][JAVA] Prevent generating "pattern" and "size" to ENUM #18658

[BUG][JAVA] oneOf/anyOf multiple constructors with same erasure #18645

Add support for Helidon 4 MP client and server generation #18627

upgrade java native to junit5 #18617

upgrade apache-httpclient to junit5 #18616

upgrade resteasy to junit5 #18615

[jaxrs-spec] fix nullable import, migrate tests to 3.0 spec #18606

[BUG] [Java] Invalid code generation for oneof types #18544

Add new option allArgConstructor for java client, spring generators #18538

[Java][Client] Add support for the new Spring RestClient #18522

Fixes incorrect Jackson imports in Java templates used in ApiClient.java when useJakartaEe=true #18507

Kotlin

[KOTLIN] Kotlinx serialization, use first party retrofit converter factory #18656

... (truncated)

Commits

ab7d0cb 7.6.0 release (#18708)
ef0d10d Use time.RFC3339Nano instead of time.RFC3339, do not want to loose the millis...
33617ee Improve generation of selected models with dependent models (#18462)
9b0ca06 [html2] Change to correct variable (#18685)
3d15864 [dart-dio] Incorrect hashCode and == overide for fields withList (#18198)
8924083 Ruby: Fixed CodeQL polynomial regexp (#18699)
e9f961e [rust-axum] Split up api trait per tag (#18621)
57dceae Improve typescript-fetch code generation for oneOf cases without discrimina...
62238c6 [typescript-fetch] Make instanceOf infer type and check for undefineds (#18694)
2fe397c synn beea validation template (jaxrs) (#18697)
Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 3.4.3 to 3.5.0

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

Version 3.5.0

[java-api]

ClientIdentity interface has been extended with 2 new methods getCertificateChain() and getPrivateKey() and ClientCertificate class has been extended with new constructor that takes java.security.cert.Certificate[] and java.security.PrivateKey as an argument and corresponding getters for these fields.

user_token grant type has been re-added to GrantType enum

[token-client] SSLContextFactory class has been extended and supports Keys in PKCS#8 format with ECC algorithm.

[spring-security]

fixed NPE in IdentityServicesPropertySourceFactory on application startup when bound to a list of XSUAA services whose service plans are ALL not supported

provides an autoconfiguration that creates an Identity Service JwtDecoder with enabled proof token check. To enable it, set the sap.spring.security.identity.prooftoken spring property to true.

Fixes an issue with MockMvc when the SecurityContexts are synced. It sets SecurityContextStrategy based on an EnvironmentPostProcessor as in this scenario the servlet initialization is not happening and the code runs too late due to that.

Dependency upgrades

Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6

Bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.39.1

Bump spring.core.version from 6.1.6 to 6.1.7

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.5.0

[java-api]

ClientIdentity interface has been extended with 2 new methods getCertificateChain() and getPrivateKey() and ClientCertificate class has been extended with new constructor that takes java.security.cert.Certificate[] and java.security.PrivateKey as an argument and corresponding getters for these fields.

user_token grant type has been re-added to GrantType enum

[token-client] SSLContextFactory class has been extended and supports Keys in PKCS#8 format with ECC algorithm.

[spring-security]

fixed NPE in IdentityServicesPropertySourceFactory on application startup when bound to a list of XSUAA services whose service plans are ALL not supported

provides an autoconfiguration that creates an Identity Service JwtDecoder with enabled proof token check. To enable it, set the sap.spring.security.identity.prooftoken spring property to true.

Fixes an issue with MockMvc when the SecurityContexts are synced. It sets SecurityContextStrategy based on an EnvironmentPostProcessor as in this scenario the servlet initialization is not happening and the code runs too late due to that.

Dependency upgrades

Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6

Bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.39.1

Bump spring.core.version from 6.1.6 to 6.1.7

Commits

e4215fa Bump version to 3.5.0 (#1545)
5b49ddb provide a JwtDecoder bean with enabled prooftoken check (#1539)
601b29c Bump spring.core.version from 6.1.6 to 6.1.7 (#1544)
cbcb310 Set SecurityContextStrategy based on an EnvironmentPostProcessor (#1536)
22058f9 Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6 (#1540)
805ee37 Bump io.projectreactor:reactor-test from 3.6.5 to 3.6.6 (#1541)
2f4c931 Bump org.owasp:dependency-check-maven from 9.1.0 to 9.2.0 (#1542)
636a03a Bump com.nimbusds:nimbus-jose-jwt from 9.39 to 9.39.1 (#1543)
37c630a Support PKCS#8 standard keys from Zero trust Identity Service (#1528)
ceca47e add user_token again to GrantType enum to allow validation of such tokens (#1...
Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.10.1 to 2.11.0

Commits

828a97b [maven-release-plugin] prepare release gson-parent-2.11.0
93bc0f2 Skip signing graal-native-test module. (#2675)
b153ca1 [maven-release-plugin] rollback the release of gson-parent-2.11.0
0e3d2aa [maven-release-plugin] prepare for next development iteration
545b802 [maven-release-plugin] prepare release gson-parent-2.11.0
8bfdbb4 Guarantee that JsonElement.toString() produces JSON (#2659)
9008b09 Extend Troubleshooting Guide with some ProGuard / R8 information (#2656)
05652c3 Document that other JVM languages are not fully supported (#2666)
454a491 Improved Long-Double Number Policy (#2674)
570d911 Bump the github-actions group with 4 updates (#2671)
Additional commits viewable in compare view

Updates io.grpc:grpc-bom from 1.63.0 to 1.64.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.64.0

API Changes

compiler: the option jakarta_omit was renamed @generated=omit (#11086) (8a21afcc9)

New Features

New API LoadBalancer.getChannelTarget() (4561bb5b8)

opentelemetry: Publish new module grpc-opentelemetry (5ba1a5563). The feature is still missing documentation and an example. It only supports metrics; tracing and logs will be future enhancements. See gRFC A66

bazel: Add support for bzlmod (#11046) (d1890c0ac)

bazel: Replace usages of the old compatibility maven targets with @maven targets (00649913b)

okhttp: Support serverBuilder.maxConcurrentCallsPerConnection (Fixes #11062). (#11063) (805072339)

xds: Experimental metrics recording in WRR LB (06df25b65, 35a171bc1, 2897b3939), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry. See gRFC A78

rls: Experimental metrics recording in RLS LB (a9fb272b7, a1d19327f, 813331837), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry

Improvements

examples: support bazel build for retry policy example (58de563fa)

netty: Allow deframer errors to close stream with a status code, as long as headers have not yet been sent (e036b1b19). This will greatly improve the debuggability of certain server errors in particular cases. Instead of the client seeing “CANCELLED: RST_STREAM closed stream. HTTP/2 error code: CANCEL”, they could see “RESOURCE_EXHAUSTED: gRPC message exceeds maximum size 4194304: 6144592”

netty: Improve handling of unexpected write queue promise failures (#11016)

servlet: Avoid unnecessary FINEST hex string conversion by checking log level. Fixes #11031. (f7ee5f318)

StatusException/StatusRuntimeException hide stack trace in a simpler way (#11064) (e36f099be)

util: Status desc for outlier detection ejection (#11036) (10cb4a3be)

binder: Helper class to allow in process servers to use peer uids in test (#11014) (537dbe826)

Add load() statements for the Bazel builtin top-level java symbols (#11105) (add8c37a4)

Add StatusProto.toStatusException overload to accept Throwable (#11083) (5c9b49231)

Bug fixes

Fix retry race condition that can lead to double decrementing inFlightSubStreams and so miss calling closed (#11026) (bdb623031)

Change defaults to use the older PickFirstLoadBalancer and disable Happy Eyeballs. This disables a performance optimization added in v1.63. (#11120) We have had a report that the new implementation can trigger a NullPointerException

core: Transition to CONNECTING immediately when exiting idle (2c5f0c22c). Previously the visible state change from channel.getState() was delayed until the name resolver returned results. This had no impact to RPC behavior

xds: Specify a locale for upper/lower case conversions (e6305930d)

rls: Synchronization fixes in CachingRlsLbClient (6e97b180b). These races had not been witnessed in practice

rls: Guarantee backoff will update RLS picker (f9b6e5f92). This fixes a regression introduced by 6e97b180b that could hang RPCs instead of using fallback, but fixes a pre-existing bug that could greatly delay RPCs from using fallback.

rls: Fix time handling in CachingRlsLbClient (da619e2bd). This could have caused backoff entries to improperly be considered expired

xds: Properly disable the default endpoint identification algorithm with XdsChannelCredentials (097a46b76). The credential does its own verification and the default needs to be disabled for SPIFFE

netty: Release SendGrpcFrameCommand when stream is missing (#11116) (fb9a10809)

okhttp: Remove finished stream even if a pending stream was started (d21fe32be)

Dependencies

cronet: Update Cronet to latest release + Move to Stable Cronet APIs. (5a8da19f3)

cronet: @javadoc update android permission MODIFY_NETWORK_ACCOUNTING (deprecated) => UPDATE_DEVICE_STATS (c703a1ee0)

cronet: Update to Java-8 API's and tighten the scopes (163efa371)

cronet: Update to StandardCharsets and assertNotNull API's (77e59b29d)

Acknowledgements

@panchenko @Ashok-Varma @benjaminp @AutomatedTester @hypnoce @keith @laglangyue

... (truncated)

Commits

a54c72f Bump version to 1.64.0
2c1b07c Update README etc to reference 1.64.0
9798e4a all: Add opentelemetry
d086f5a opentelemetry: Mark registerGlobal() as experimental
3158f91 rls: Guarantee backoff will update RLS picker
80f872e xds, rls: Experimental metrics are disabled by default (#11196) (#11197)
cc587e6 opentelemetry: Publish grpc opentelemetry (#11187) (#11195)
8133318 rls: Add gauge metric recording (#11175)
f737cbc api: Hide internal metric APIs
1e731be opentelemetry: Rename and stabilize API OpenTelemetryModule
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

May 20 '24 10:05 dependabot[bot]