Skip to content

fix(deps): update all dependencies (major) #456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all dependencies (major) #456

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 16, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/cache action major v3 -> v4 age confidence
actions/checkout action major v3 -> v4 age confidence
actions/setup-java action major v3 -> v4 age confidence
net.logstash.logback:logstash-logback-encoder (source) runtime major 7.4 -> 8.1 age confidence
org.webjars.npm:bootstrap (source) compile major 4.6.0 -> 5.0.0 age confidence
org.springframework.boot:spring-boot-starter-parent (source) parent major 2.7.18 -> 3.5.4 age confidence

GitHub Vulnerability Alerts

CVE-2024-6531

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Release Notes

actions/cache (actions/cache)

v4

Compare Source

actions/checkout (actions/checkout)

v4

Compare Source

actions/setup-java (actions/setup-java)

v4

Compare Source

twbs/bootstrap (org.webjars.npm:bootstrap)

v5.0.0

Compare Source

Highlights

#​32155: Updated make-col() mixin to generate equal columns when no size is specified
#​32763: Added new color-scheme() mixin
#​33389: Dropdown menus now have option become clickable
#​33453: Added new docs footer
#​33548: Offcanvas header components are now vertically aligned
#​33549: Added offcanvas-top modifier
#​33634: Added support for .dropdown-items wrapped in <li>s
#​33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #​32763: Add color-scheme mixin
  • #​33389: Dropdown — Add option to make the dropdown menu clickable
  • #​33549: Add offcanvas-top modifier

🎨 CSS

  • #​32155: Add equal column mixin
  • #​32763: Add color-scheme mixin
  • #​33292: Make accordion icon rotation more natural
  • #​33411: Fix validation feedback icon in select multiple
  • #​33478: Make .nav-link color consistent when using buttons
  • #​33482: Dropdown — Apply positioning only when Popper is not used
  • #​33548: Vertically align offcanvas header components
  • #​33549: Add offcanvas-top modifier
  • #​33550: Spinner alignment changes
  • #​33598: Hide validation icons from multiple selects
  • #​33600: Have $form-check-input-border's default derive from $black
  • #​33607: Reduce color-scheme complexity
  • #​33642: use :read-only css selector instead [readonly] for consistency
  • #​33658: fix: use list-group variable instead of alert
  • #​33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #​32439: Decouple BackDrop from modal
  • #​33245: Decouple Modal's scrollbar functionality
  • #​33249: Simplify Modal Config
  • #​33250: Simplify ScrollSpy config
  • #​33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #​33389: Dropdown — Add option to make the dropdown menu clickable
  • #​33429: Remove element event listeners through base component
  • #​33451: Add missing things in hide method of dropdown
  • #​33456: Use our isDisabled util on dropdown
  • #​33466: Refactor dropdown's hide functionality
  • #​33479: Fix dropdown escape propagation
  • #​33496: Use cached noop function
  • #​33497: Use template literals instead of concatenation
  • #​33499: Fix wrong carousel transformation, direction to order
  • #​33545: Use the backdrop util in offcanvas, enforcing consistency
  • #​33586: Tab.js: Fixes on click handling
  • #​33589: refactor: make static selectMenuItem method private
  • #​33612: tests: fix random BrowserStack failures in scrollbar
  • #​33626: Fix v5 regressions in tab dropdown functionality
  • #​33634: Dropdown: support .dropdown-item wrapped in <li> tags
  • #​33638: Fix toggle between modals example
  • #​33643: fix: clicking an item in navbar dropdown should not collapse the dropdown in firefox
  • #​33666: Modal.js: fix test for scrollbar
  • #​33677: Offcanvas.js: If scroll is allowed, should allow focus on other elements
  • #​33684: Don't change the value for altBoundary option
  • #​33706: Scrollbar: respect the initial body overflow value

📖 Docs

  • #​33446: Make offcanvas example fully static
  • #​33453: Add new docs footer
  • #​33521: The spacing margin side identifiers 's' and 'e' may be intuitive for …
  • #​33522: Clarify docs accordion example
  • #​33543: Update parcel.md
  • #​33553: Add example: Panels stay open
  • #​33567: Fixed wrong method name _getInstance
  • #​33571: footer: fix rel=noopener attribute
  • #​33583: docs: update clipboard.js to v2.0.8
  • #​33597: Docs: Fix wrong dark attribute in Table - Vertical Alignment
  • #​33632: Correct the heading for the States section
  • #​33638: Fix toggle between modals example
  • #​33664: Docs: fix W3C validation errors in list-group example
  • #​33668: Update anchor.js to v4.3.1.
  • #​33669: Change from preventOverflow to detectOverflow in boundary option
  • #​33675: Fix typo
  • #​33676: Fix Grid System docs
  • #​33685: docs: fix the default value of Popper's boundary option
  • #​33687: Fixes #​33686 typo in RTL docs
  • #​33690: Add Bootstrap Icons to alerts docs
  • #​33726: Replace modal and scrollspy placeholder content
  • #​33733: Tooltip/Popover — Minor doc updates
  • #​33735: Clarify boundary option description
  • #​33772: Improve overall new examples' accessibility
  • #​33782: Add new team members to the Teams page
  • #​33786: Docs: adding intro about web accessibility
  • #​33797: Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls
  • #​33810: Tweak toast docs
  • #​33829: Update migration guide for some v5 changes
  • #​33832: Fix doc typo and Bootstrap Icons link
  • #​33833: refactor(docs): Added form file input variables
  • #​33834: Rewrite migration guide

Examples

  • #​33097: Update RTL examples
  • #​33759: fix: change margin breakpoints for bootstrap logo on double header
  • #​33681: Fixes signup form in Heroes example
  • #​33569: Improve responsiveness of Features examples

🌎 Accessibility

🏭 Tests

  • #​33578: Remove unnecessary data-bs-backdrop="static" from modal tests
  • #​33612: tests: fix random BrowserStack failures in scrollbar
  • #​33666: Modal.js: fix test for scrollbar
  • #​33734: Add missing test for clicking select option in a dropdown

🧰 Misc

📦 Dependencies

v4.6.2

Compare Source

Highlights

  • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
  • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
  • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
  • Improved accessibility around our dropdowns, color contrast, and role attributes.
  • Fixed some broken links to supporting documentation.
  • Updated dependencies across the board.

What's Changed

New Contributors

Full Changelog: twbs/bootstrap@v4.6.1...v4.6.2

v4.6.1: 4.6.1

Compare Source

What's changed
Full changelog

twbs/bootstrap@v4.6.0...v4.6.1

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.5.4

Compare Source

v3.5.3

Compare Source

v3.5.2

Compare Source

v3.5.1

Compare Source

v3.5.0

Compare Source

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features
  • Make heapdump endpoint restricted by default #​45624
  • Remove SSL status tag from metrics #​45602
  • Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507
🐞 Bug Fixes
  • Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
  • ValidationAutoConfiguration triggers early initialization of properties binding #​45618
  • Micrometer "enable" annotations property does not cover observed aspect #​45617
  • spring.graphql.sse.timeout is no longer exposed #​45613
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
  • IllegalStateException when extracting using layers a module with no code of its own #​45449
  • Removed spring.batch.initialize-schema property is still considered #​45380
  • ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
  • Custom default units declared on a field are ignored when binding properties in a native image #​45347
  • DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
  • Various spring.datasource properties are mistakenly marked as ignored #​45342
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
  • DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
  • Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
  • CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622
📔 Documentation
  • Document the java info contribution #​45634
  • Document the process info contribution #​45632
  • Document the os info contribution #​45630
  • Document typical spring.application.group and name use #​45628
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
  • Document the way that primary Kotlin constructors are used when binding #​45553
  • Improve "profile" reference documentation with additional admonitions #​45551
  • Improve setEnvironmentPrefix(...) reference documentation #​45376
  • Document all the available Testcontainers integrations #​45367
  • Document when a spring.config.import value is relative and when it is fixed #​45363
  • Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.8

Compare Source

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46472
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46401
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46397
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46214
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46202
  • Permissions are applied inconsistently when building uber archives with Gradle #​46193
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46178
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46164
  • Executable JAR application class encounters performance issues #​46063
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46043
  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46039
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​45846

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46228
  • Fix broken Kotlin examples in reference documentation #​46064

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​nosan, and @​quaff

v3.4.7

Compare Source

v3.4.6

Compare Source

🐞 Bug Fixes

  • Micrometer "enable" annotations property does not cover observed aspect #​45616
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45548
  • IllegalStateException when extracting using layers a module with no code of its own #​45448
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45350
  • Custom default units declared on a field are ignored when binding properties in a native image #​45346
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45296

📔 Documentation

  • Document the java info contribution #​45633
  • Document the process info contribution #​45631
  • Document the os info contribution #​45629
  • Document typical spring.application.group and name use #​45627
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45625
  • Document the way that primary Kotlin constructors are used when binding #​45552
  • Improve "profile" reference documentation with additional admonitions #​45550
  • Improve setEnvironmentPrefix(...) reference documentation #​45375
  • Document all the available Testcontainers integrations #​45366
  • Document when a spring.config.import value is relative and when it is fixed #​45362
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45298

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.5

Compare Source

🐞 Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #​45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #​45235
  • Wrong jOOQ exception translator with empty db name #​45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #​45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #​45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #​45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #​45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #​45153
  • TypeUtils does not handle generics with identical names in different positions #​45039
  • HttpClient5 5.4.3 breaks local Docker transport #​45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #​45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #​44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #​44995
  • SSL config does not watch for symlink file changes #​44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #​44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #​44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #​44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #​44535
  • Logging a Path object using structured logging throws StackOverflowError #​44507

📔 Documentation

  • Make @Component a javadoc link #​45258
  • Fix documentation links to buildpacks.io #​45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #​45224
  • Show the use of token properties in authorization server clients configuration example #​45176
  • Add details of the purpose of the metrics endpoint #​45047
  • Escape the asterisk in spring-application.adoc #​45033
  • Add reference to Styra (OPA) Spring Boot SDK #​44976
  • Update CDS documentation to cover AOTCache #​44970
  • WebFlux security documentation incorrectly links to servlet classes #​44966
  • Replace mentions of deprecated MockBean annotation #​44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #​44908
  • Documentation lists coordinates for some dependencies that are not actually managed #​44879
  • Polish javadoc of SpringProfileAction #​44826

🔨 Dependency Upgrades

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Nov 16, 2024
@renovate renovate bot force-pushed the renovate/major-all branch 2 times, most recently from e8ab8ce to f2724f6 Compare November 21, 2024 21:48
@renovate renovate bot changed the title chore(deps): update all dependencies (major) fix(deps): update all dependencies (major) Dec 10, 2024
@renovate renovate bot force-pushed the renovate/major-all branch from f2724f6 to dedf47c Compare December 19, 2024 15:12
@renovate renovate bot force-pushed the renovate/major-all branch from dedf47c to fe31e26 Compare January 23, 2025 22:30
@renovate renovate bot force-pushed the renovate/major-all branch from fe31e26 to 3d4969f Compare February 20, 2025 19:08
@renovate renovate bot force-pushed the renovate/major-all branch from 3d4969f to 2ab3c9f Compare March 21, 2025 06:27
@renovate renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 58dcfdc to aa1d985 Compare April 3, 2025 23:18
@renovate renovate bot force-pushed the renovate/major-all branch 2 times, most recently from cc70d35 to 957195b Compare April 5, 2025 17:47
@renovate renovate bot force-pushed the renovate/major-all branch from 957195b to b76d014 Compare April 24, 2025 20:23
@renovate renovate bot force-pushed the renovate/major-all branch from b76d014 to 64056aa Compare May 5, 2025 23:14
@renovate renovate bot force-pushed the renovate/major-all branch 3 times, most recently from 115806f to 7119079 Compare May 23, 2025 14:57
@renovate renovate bot added the 'security' label May 23, 2025
@stefan-it stefan-it added security Pull requests that address a security vulnerability and removed 'security' labels May 26, 2025
@renovate renovate bot force-pushed the renovate/major-all branch from 7119079 to 7b947e3 Compare May 26, 2025 13:51
@renovate renovate bot force-pushed the renovate/major-all branch 4 times, most recently from 60570be to 5be954d Compare June 20, 2025 10:50
@renovate renovate bot force-pushed the renovate/major-all branch from 5be954d to ac1b1da Compare July 24, 2025 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stefan-it