build(deps): bump spring-boot-starter-parent from 2.5.6 to 2.7.3 #143

Closed

dependabot[bot] wants to merge 1 commits from dependabot/maven/org.springframework.boot-spring-boot-starter-parent-2.7.3 into master

pull from: dependabot/maven/org.springframework.boot-spring-boot-starter-parent-2.7.3

merge into: zheng:master

zheng:main

zheng:dependabot/maven/net.minidev-json-smart-2.4.9

zheng:dependabot/maven/org.springframework.boot-spring-boot-starter-parent-3.0.3

zheng:dependabot/maven/org.projectlombok-lombok-1.18.26

zheng:dependabot/maven/com.alibaba-druid-1.2.16

zheng:dependabot/maven/com.sun.xml.bind-jaxb-impl-4.0.2

zheng:dependabot/maven/org.jetbrains.kotlin-kotlin-stdlib-1.8.10

zheng:dependabot/maven/org.mybatis.spring.boot-mybatis-spring-boot-starter-3.0.1

zheng:dependabot/maven/junit-junit-4.13.2

zheng:dependabot/maven/com.github.pagehelper-pagehelper-spring-boot-starter-1.4.6

zheng:dependabot/maven/com.h2database-h2-2.1.214

zheng:master-old

zheng:dependabot/maven/net.sourceforge.htmlunit-htmlunit-2.53.0

zheng:feat-multlyEnv#13

zheng:dev

Conversation 1 Commits 1 Files Changed 1 +1 -1

dependabot[bot] commented 2022-09-01 17:01:19 +08:00 (Migrated from github.com)

Copy Link

Bumps spring-boot-starter-parent from 2.5.6 to 2.7.3.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.7.3

🐞 Bug Fixes

• Misleading error message when using JarMode Layertools and the source is not an archive #32097
• ClassNotFoundException can be thrown for classes in nested jars when under GC pressure #32085
• Flyway auto-configuration fails with Flyway 9 #32034
• BasicJsonParser does not protect against deeply nested maps #32031
• OptionalLiveReloadServer logs the wrong port number when it is configured to use an ephemeral port #31984
• Servlet WebServerStartStopLifecycle doesn't set running to false on stop #31967
• JUL-based logging performed during close of application context is lost #31963
• The hash of spring-boot-jarmode-layertools.jar that's added to a fat jar doesn't match the hash of the equivalent published artifact #31949
• management.endpoint.health.probes.add-additional-paths has no effect when configuration properties have already created the liveness and/or readiness groups #31926
• UnsupportedDataSourcePropertyException is thrown when attempting to set jdbcUrl for C3P0 #31921
• Dev Tools restart failures caused by a too short quiet period are hard to diagnose #31906
• HealthContributor beans managed by a CompositeHealthContributor are recreated on each call #31879
• Dependency management for REST Assured is incomplete #31877
• Jar Handler never clears PROTOCOL_HANDLER system property #31875
• BasicJsonParser can fail with a timeout or stackoverflow with malformed map JSON #31873
• BasicJsonParser can fail with a stackoverflow exception #31871

📔 Documentation

• Review Git contribution documentation #32099
• Documentation for Maven Plugin classifier has an unresolved external reference #32043
• Update Static Content reference documentation to reflect the DefaultServlet no longer being enabled by default #32026
• Example log output is out-of-date and inconsistent #31987
• Document that Undertow's record-request-start-time server option must be enabled for %D to work in access logging #31976
• Update documentation on using H2C to consider running behind a proxy that's performing TLS termination #31974
• Some properties in the Common Application Properties appendix have no description #31971
• Fix links in documentations #31951
• External configuration documentation uses incorrect placeholder syntax #31943
• server.reactive.session.cookie properties are not listed in the application properties appendix #31914
• Remove documentation and metadata references to ConfigFileApplicationListener #31901
• Metadata for 'spring.beaninfo.ignore' has incorrect SourceType #31899
• Remove reference to nitrite-spring-boot-starter #31893
• Remove reference to Azure Application Insights #31890
• Fix typos in code and documentation #31865

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.13 #32013
• Upgrade to Couchbase Client 3.3.3 #32014
• Upgrade to Dependency Management Plugin 1.0.13.RELEASE #32056
• Upgrade to Dropwizard Metrics 4.2.11 #32015
• Upgrade to Embedded Mongo 3.4.8 #32016
• Upgrade to GraphQL Java 18.3 #31945
• Upgrade to Groovy 3.0.12 #32017
• Upgrade to Gson 2.9.1 #32018
• Upgrade to Hazelcast 5.1.3 #32019
• Upgrade to Hibernate Validator 6.2.4.Final #32020

... (truncated)

Commits

• bff9b39 Release v2.7.3
• 60e1cc5 Merge branch '2.6.x' into 2.7.x
• 13bd61b Revert nested jar fixes
• bd74344 Revert "Don't close jar files early"
• 674022d Revert "Don't close nested jars or wrapper when parent is closed"
• 3fcfcc4 Merge branch '2.6.x' into 2.7.x
• 3b01325 Use asList consistently
• ca63a6e Merge branch '2.6.x' into 2.7.x
• 191593c Review Git contribution documentation
• 1c6624d Merge branch '2.6.x' into 2.7.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 2.5.6 to 2.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">spring-boot-starter-parent's releases</a>.</em></p> <blockquote> <h2>v2.7.3</h2> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>Misleading error message when using JarMode Layertools and the source is not an archive <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32097">#32097</a></li> <li>ClassNotFoundException can be thrown for classes in nested jars when under GC pressure <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32085">#32085</a></li> <li>Flyway auto-configuration fails with Flyway 9 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32034">#32034</a></li> <li>BasicJsonParser does not protect against deeply nested maps <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32031">#32031</a></li> <li>OptionalLiveReloadServer logs the wrong port number when it is configured to use an ephemeral port <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31984">#31984</a></li> <li>Servlet WebServerStartStopLifecycle doesn't set running to false on stop <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31967">#31967</a></li> <li>JUL-based logging performed during close of application context is lost <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31963">#31963</a></li> <li>The hash of spring-boot-jarmode-layertools.jar that's added to a fat jar doesn't match the hash of the equivalent published artifact <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31949">#31949</a></li> <li>management.endpoint.health.probes.add-additional-paths has no effect when configuration properties have already created the liveness and/or readiness groups <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31926">#31926</a></li> <li>UnsupportedDataSourcePropertyException is thrown when attempting to set jdbcUrl for C3P0 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31921">#31921</a></li> <li>Dev Tools restart failures caused by a too short quiet period are hard to diagnose <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31906">#31906</a></li> <li>HealthContributor beans managed by a CompositeHealthContributor are recreated on each call <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31879">#31879</a></li> <li>Dependency management for REST Assured is incomplete <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31877">#31877</a></li> <li>Jar Handler never clears PROTOCOL_HANDLER system property <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31875">#31875</a></li> <li>BasicJsonParser can fail with a timeout or stackoverflow with malformed map JSON <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31873">#31873</a></li> <li>BasicJsonParser can fail with a stackoverflow exception <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31871">#31871</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Review Git contribution documentation <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32099">#32099</a></li> <li>Documentation for Maven Plugin classifier has an unresolved external reference <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32043">#32043</a></li> <li>Update Static Content reference documentation to reflect the DefaultServlet no longer being enabled by default <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32026">#32026</a></li> <li>Example log output is out-of-date and inconsistent <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31987">#31987</a></li> <li>Document that Undertow's record-request-start-time server option must be enabled for %D to work in access logging <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31976">#31976</a></li> <li>Update documentation on using H2C to consider running behind a proxy that's performing TLS termination <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31974">#31974</a></li> <li>Some properties in the Common Application Properties appendix have no description <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31971">#31971</a></li> <li>Fix links in documentations <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31951">#31951</a></li> <li>External configuration documentation uses incorrect placeholder syntax <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31943">#31943</a></li> <li>server.reactive.session.cookie properties are not listed in the application properties appendix <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31914">#31914</a></li> <li>Remove documentation and metadata references to ConfigFileApplicationListener <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31901">#31901</a></li> <li>Metadata for 'spring.beaninfo.ignore' has incorrect SourceType <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31899">#31899</a></li> <li>Remove reference to nitrite-spring-boot-starter <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31893">#31893</a></li> <li>Remove reference to Azure Application Insights <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31890">#31890</a></li> <li>Fix typos in code and documentation <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31865">#31865</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Upgrade to Byte Buddy 1.12.13 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32013">#32013</a></li> <li>Upgrade to Couchbase Client 3.3.3 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32014">#32014</a></li> <li>Upgrade to Dependency Management Plugin 1.0.13.RELEASE <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32056">#32056</a></li> <li>Upgrade to Dropwizard Metrics 4.2.11 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32015">#32015</a></li> <li>Upgrade to Embedded Mongo 3.4.8 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32016">#32016</a></li> <li>Upgrade to GraphQL Java 18.3 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/31945">#31945</a></li> <li>Upgrade to Groovy 3.0.12 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32017">#32017</a></li> <li>Upgrade to Gson 2.9.1 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32018">#32018</a></li> <li>Upgrade to Hazelcast 5.1.3 <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32019">#32019</a></li> <li>Upgrade to Hibernate Validator 6.2.4.Final <a href="https://github-redirect.dependabot.com/spring-projects/spring-boot/issues/32020">#32020</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/bff9b3924ffb042c67612d8617110edd6f680917"><code>bff9b39</code></a> Release v2.7.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/60e1cc510cd2f32013d70c90299df4f903025159"><code>60e1cc5</code></a> Merge branch '2.6.x' into 2.7.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/13bd61b6feeefe58cd082fbef4c170fac7e3b12f"><code>13bd61b</code></a> Revert nested jar fixes</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/bd74344025c1302c6700aa6b20f3e3951aeca32f"><code>bd74344</code></a> Revert &quot;Don't close jar files early&quot;</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/674022d4014a668f9ff3f2f7837b716667ff6e30"><code>674022d</code></a> Revert &quot;Don't close nested jars or wrapper when parent is closed&quot;</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/3fcfcc4a3b8b06d38765ee3576b2d307036672ad"><code>3fcfcc4</code></a> Merge branch '2.6.x' into 2.7.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/3b01325c6b17e4853bdb4efd7c4ae78418ee9509"><code>3b01325</code></a> Use asList consistently</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ca63a6e9ad225966cad1820ec77b3db943b7ba68"><code>ca63a6e</code></a> Merge branch '2.6.x' into 2.7.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/191593cf15eac5d722266bfdfc071826b04a350d"><code>191593c</code></a> Review Git contribution documentation</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/1c6624db4441bab29b9e9c2e195454361debb109"><code>1c6624d</code></a> Merge branch '2.6.x' into 2.7.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v2.5.6...v2.7.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

dependabot[bot] commented 2022-10-01 17:01:04 +08:00 (Migrated from github.com)

Copy Link

Superseded by #147.

Superseded by #147.

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

feature

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

dependencies

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zheng

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: zheng/blog-backEnd#143

No description provided.